Presentation is loading. Please wait.

Presentation is loading. Please wait.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk."— Presentation transcript:

1 Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk Management Aspects of the Business May 26 & 27

2 2 The Truth about Network Security “The only way to make a computer completely secure is to turn it off, disconnect it from the network, put it in a safe and throw away the combination!” Anonymous

3 3 Legal and Risk Management Issues Why is IT Security critical from a Legal Perspective? Why is IT Security critical from a Risk Management perspective?

4 4 Why is IT Security so Important? Prevent losses and damage to the business and customers – Time to react is getting shorter – Costs are increasing A regulatory compliance issue Critical for business trust

5 5 What are the key security risks? Viruses and worms Identity theft Targeted attacks Spam Supply chain and partners added to the network Mobile Workers

6 6 Legal Drivers for IT Security Legislation – Data Protection Act – US Trends Corporate Governance – Basel II – FSA – SOX Negligence – Concept of “reasonable care” – Compliance with standards Contract

7 7 Building Security into Contracts Importance of not losing control Major Contracts Issues – confidential information – audit rights – service levels – liability issues – tackling the unexpected Importance of managing the operational risk

8 8 Summary Be proactive about security Ensure contract is flexible Keep suppliers to a high standard and “security conscious”. Customer to have control over the relationship

9 Marsh Technology Conference 2005 Zurich, Switzerland. Risk Management

10 10 Risk Management and Best Practices Networking Issues Formal security program Encryption/Firewalls Monitor security threats Vulnerability scanning Investigate all security threats Formal DRP Crisis management plan Access authorization procedures Background checks Employee training

11 11 Security and Your Customers Do your products or services include security components? Do you generate revenue from providing to others mission critical (products or) services involving the handling, processing, transferring, storing or securing of non public, personal information used in the banking, financial service or medical or retail industries?

12 12 Risk Management and Best Practices Quality and support of products and services Contracts and agreements Operational controls Network reliability, redundancy and availability

13 13 Risk Management and Best Practices Quality and Support Alpha and Beta testing Formal customer acceptance procedures Vendor certification process Outsourced services

14 14 Risk Management and Best Practices Contracts and Agreements Standard contracts Limitation of liability to avoid consequential loss Disclaimers

15 15 Risk Management and Best Practices Operational Controls Contractual agreements with subcontractors and vendors Obtain proof of insurance

16 16 Risk Management and Best Practices Network Reliability, Redundancy and Availability Data back up Mirror sites Security updates (patches) on a timely basis

17 17 Examples of scenarios leading to claims Healthcare facility buys and installs a patient information management package Retailer uses software package for accepting and validating credit card information

18 18 Thank You

Download ppt "Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk."

Similar presentations

Raising Entrepreneurial Capital

Raising Entrepreneurial Capital
Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
Security and Control Soetam Rizky. Why Systems Are Vulnerable ?

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Section 34.2 Handling Business Risks

Section 34.2 Handling Business Risks
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Security Controls – What Works

Security Controls – What Works
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Consultancy.

Consultancy.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

Similar presentations

Ads by Google