Information Security and Corporate Risk

512 views
276 views

Published on

Published in: Marketing
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
512
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Information Security and Corporate Risk

  1. 1. Industry Perspective Information Security and Corporate Risk Michael Lyons & Sean Curran Protiviti michael.lyons@protiviti.com sean.curran@protiviti.com
  2. 2. Information Security and Corporate Risk February 2014
  3. 3. 3 © 2012 Protiviti Inc. An Equal Opportunity Employer. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
  4. 4. AP Twitter Feed Hacked April 23, 2013 1:07 PM April 23, 2013 1:08 PM 150 point drop 1:10 PM – AP tweets they have been hacked and it is erroneous 1:13 PM – News states bogus tweet, DOW recovers 1:16 PM – Jay Carney confirms POTUS is fine 1:17 PM – The Syrian Electronic Army takes responsibility Previous attacks include Reuters, CBS, and FIFA 1:30 PM – Mike Baker (AP) says attack occurred one hour after phishing email 2:28 PM – AP posts story and blames phishing attack 4 © 2012 Protiviti Inc. An Equal Opportunity Employer. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
  5. 5. Data Centric Security Security Program and Policy •  •  •  •  •  •  •  •  •  •  •  •  Data Governance Data Classification Data Leakage Encryption & Storage Strategy Privacy Management & Implementation PCI, HITRUST and Security Compliance Planning, Readiness & Assessment •  Vendor Due Diligence Security Policy & Program Security Strategy & Architecture Security Metrics Incident Response Program Awareness & Training Other Security Identity and Access Management •  Access Mgmt Policy & Standards •  IDAM Design & Implementation •  Identity Credential Selection •  Identity Federation Strategy & Implementation Incident Response and Forensics Security Operations & Implementation •  Incident Response Strategy and Planning •  Emergency Response •  Computer Forensics •  Proactive eDiscovery Planning •  Reactive eDiscovery Support •  Security Monitoring & Intelligence •  SIEM Technology •  SOC Training & Staffing Solutions Vulnerability/Pen Testing •  •  •  •  •  5 © 2012 Protiviti Inc. An Equal Opportunity Employer. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party. Infrastructure Vulnerability Application Vulnerability Network Vulnerability Database Vulnerability Secure Code Reviews •  Security Product Implementation
  6. 6. The Lifecycle of a Breach 6 © 2012 Protiviti Inc. An Equal Opportunity Employer. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.
  7. 7. Managing the Communication •  What is your sensitive data you are protecting and has there been a security breach –  IE…has the sensitive information left the building •  Have you had cybercrime experts confirm the breach •  How and when to release info –  Sony had significant failures due to reporting breach information too quickly without all the facts –  Hannaford sent notice to 4.2MM customers although only 1800 affected •  Have you tested the process –  Incident response is a significant portion in a proper data security program. Role playing and scenario modeling are important training tools •  Regulatory requirements –  Immediately work with your legal teams before sending anything out to understand what you are required by law to state •  What is your response…how are you correcting the problem? 7 © 2012 Protiviti Inc. An Equal Opportunity Employer. CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to another third party.

×