Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting Knowledge Assets – Case & Method for New CISO Portfolio

Published byἛσπερος Κοτζιάς Modified over 4 years ago

Similar presentations

Presentation on theme: "Protecting Knowledge Assets – Case & Method for New CISO Portfolio"— Presentation transcript:

1 Protecting Knowledge Assets – Case & Method for New CISO Portfolio
GRC-R10 Protecting Knowledge Assets – Case & Method for New CISO Portfolio Jon Neiditz Kilpatrick Townsend & Stockton LLP @jonneiditz Dr. Larry Ponemon Darin Anderson Jeffrey Carr Ponemon Institute @ponemon CyberTECH @darinandersen Taia Global, Inc.; Suits and Spooks @jeffreycarr

2 Understanding the risk to knowledge assets

3 The Study The Cybersecurity Risk to Knowledge Assets was conducted to determine whether the publicity accorded data breaches subject to notification laws has skewed the focus of organizations away from the theft or loss of their most critical information, and to provide helpful practices to reduce the risk. Knowledge assets are confidential information critical to a company’s core business ̶ other than personal information that would trigger notice requirements under law. More than 600 individuals familiar with a company's approach to managing knowledge assets and involved in the management process were surveyed.

4 * Theft Is Rampant 74% of respondents say that their company likely failed to detect a data breach involving the loss or theft of knowledge assets 60% state one or more pieces of their company’s knowledge assets are likely now in the hands of a competitor

5 Companies Don’t Know “What” or “How”
* Companies Don’t Know “What” or “How” 31% of respondents say their company has a classification system that segments information assets based on value to the organization 28% rate their companies’ ability to mitigate the loss or theft of knowledge assets by insiders and external attackers as effective

6 Bigger Risks Invisible to C-Suites & Boards
* Bigger Risks Invisible to C-Suites & Boards 59% say a data breach involving knowledge assets impacts their company's ability to operate as a going concern 53% replied that senior management is more concerned about a data breach involving credit card information or SSNs than the leakage of knowledge assets

7 Only 32 percent of respondents say their companies’ senior management understands the risk caused by unprotected knowledge assets, and 69 percent believe that senior management does not make the protection of knowledge assets a priority. The board of directors is often even more in the dark. Merely 23 percent of respondents say the board is made aware of all breaches involving the loss or theft of knowledge assets, and only 37 percent state that the board requires assurances that knowledge assets are managed and safeguarded appropriately. Heads in the Sand 69% believe that senior management does not make the protection of knowledge assets a priority 37% state that the board requires assurances that knowledge assets are managed and safeguarded appropriately

8 Do you believe your company’s knowledge assets are targeted by nation state attacks?

9 The main motivations of attackers who steal a company’s knowledge assets
1 = most likely to 4 = least likely

10 The most likely root causes of data breaches
1 = most likely to 4 = least likely

11 Employee and third-party negligence puts knowledge assets at risk
Strongly agree and Agree responses combined

12 Why is your company effective in protecting knowledge assets?
More than one choice permitted

13 Why is your company not effective in protecting knowledge assets?
More than one choice permitted

14 How to protect knowledge assets

15 6 Key Components of Action Planning
1. Governance 2. Data Classification 3. Security Infrastructure 4. Employees 5. Vendor Management 6. Coverage Senior Management/ Board Involvement Establishment of Responsibility Identify and Prioritize Knowledge Assets Safeguards Detection Response Awareness and Education Identity & Access Management Departing Employees Cloud Security Contractor Access Risk Allocation Cyber-Risk Other Coverage

16 AD 2. Data Classification: Examples of Restricted Knowledge Assets/Trade Secrets Test Records Alliances Sales Forecasts Techniques Customer Purchasing History Future Store Locations Models Customer Profiles Strategic Business Plans Supplier Lists Blueprints Formulas Recipes Designs Methods Of Manufacture Procedures Quality Control Data Source Code *

17 2. Data Classification: The “Golden Record”
Golden Record = compilation of customer data gathered across numerous sources, stored in one place (e.g. website, store loyalty cards, contests, events) The “Golden Record” may constitute the jewel in the crown of many of our customers knowledge assets. Develop compliant big data arrangements that enhance and protect such critical customer records, and give companies broad rights to use such data Conduct initial survey to determine key data streams and current rights in such data, document data inventory. Develop proposed data rights based customer’s data strategy, regulatory requirements, industry standards, and business goals.

18 2. Global R&D Spending Shows Emerging Valuation of Networks
Source: Jeffrey Carr

19 3. Security Infrastructure: Administrative, Technical & Physical
Data classification based on risk Build data classification into levels of security safeguards Encryption and/or tokenization “Least Privilege” principle and role-based access Assure detection systems are focused on most important knowledge assets Intrusion Data loss prevention, preventing exfiltrations Copy protection and embedded codes to trace copies Restrict downloading of sensitive company information Assure incident response programs fully incorporate knowledge assets

20 The most important security technologies for protecting knowledge assets
Eight choices permitted

21 Questions?

Download ppt "Protecting Knowledge Assets – Case & Method for New CISO Portfolio"

Similar presentations

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.

90% of EU exports consist of product and services of IPR-intensive industries. Among 269 senior risk managers, 53% said IP loss or theft had inflicted.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Joseph Kummer Terri Berry Brad White.  1. Specific instances of employee hacking and the consequences which resulted therefrom.  2. How employees utilize.

Joseph Kummer Terri Berry Brad White.  1. Specific instances of employee hacking and the consequences which resulted therefrom.  2. How employees utilize.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the Preface to the Standards on Internal.

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Friday, October 23, 2015. Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.

Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.

A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.
Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Similar presentations

Ads by Google