Why Your Company Should Have a Risk Management Program

  • 114 views
Uploaded on

http://tinyurl.com/gkriskmgt …

http://tinyurl.com/gkriskmgt

Does your company have a risk management program? In this hour-long webinar, cybersecurity expert and Global Knowledge instructor David Willson will explain why you should.

In light of recent breaches at Target, Nieman Marcus, Michaels, Yahoo, and a growing list of others, we're learning that FBI Director Mueller was right when he said getting breached is not a matter of if, but when. While having a risk management program may not prevent a breach, it can certainly lower the risk of one, ensure compliance, and reduce or even eliminate your liability if a breach does occur, enabling you to recover quickly and to protect your reputation.

Beyond explaining the importance of a risk management program, David will tell you how to implement one, including conducting a basic risk assessment, policies you'll need, and training your workforce.

ABOUT THE PRESENTER: David Willson, JD, LLM, CISSP, Security+, is the owner and president of Titan Info Security Group, LLC, and a retired Army JAG. While in the Army, he advised the DoD and NSA on computer network ops law, and he was the legal advisor to what is now CYBERCOM. A published author and active speaker, David is a licensed attorney in CO, NY, and CT. He is a VP of his local ISSA chapter and a member of InfraGard.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
114
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
3
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Why Your Company Should Have a Risk Management Program David Willson david@azoriancybersecurity.com
  • 2. © 2014 Global Knowledge Training LLC. All rights reserved. INSERT PHOTO HERE David Willson david@azoriancybersecurity.com  Retired Army JAG  Former legal advisor at NSA and CYBERCOM  Risk management and cybersecurity consultant  Licensed to practice law in NY, CT, and CO  Master’s degree in intellectual property and IT law  Speaker at security conferences worldwide
  • 3. © 2014 Global Knowledge Training LLC. All rights reserved. Our Agenda  State of security – Recent breaches – The problem – Common security implementations – Cost of breach  How to lower risk, reduce or eliminate liability, and protect reputation – Leadership – Risk assessment – Policy – Training
  • 4. © 2014 Global Knowledge Training LLC. All rights reserved. State of Security The Global State of Information Security® Survey 2014 shows that: “While many organisations have raised the bar on security, their adversaries are continuing to outpace them. Detected security incidents have increased—and so has the cost of breaches.” (PWC)www.secureworldexpo.com
  • 5. © 2014 Global Knowledge Training LLC. All rights reserved. The Problem According to “Cyber Security Risk: Perception vs. Reality in Corporate America” (Wired, March 2014):  73% of North American execs are confident in their company’s security  Majority of survey respondents believe their orgs will perform better or the same compared to last 12 months  Most C-levels feel very optimistic about readiness  72% of survey respondents feel safe from IT threats  Nearly 60% of respondents were CIOs, CISOs, VPs, or directors
  • 6. © 2014 Global Knowledge Training LLC. All rights reserved. The Problem According to “Cyber Security Risk: Perception vs. Reality in Corporate America” (Wired, March 2014):  Optimism bias leads to false confidence in security  Business leaders simply do not understand cybersecurity risk
  • 7. © 2014 Global Knowledge Training LLC. All rights reserved. Recent Breaches
  • 8. © 2014 Global Knowledge Training LLC. All rights reserved. Common Security Implementations www.eppgroup.eu
  • 9. © 2014 Global Knowledge Training LLC. All rights reserved. Common Security Implementations en.wikipedia.org webpage.pace.edu
  • 10. © 2014 Global Knowledge Training LLC. All rights reserved. Common Security Implementations Mark Popolano, CIO of ProSight Specialty Insurance, regarding risks vs. costs: “If you want to spend an infinite amount of money on security, you can … but the government does, and they’re not 100% foolproof.” (Bree Fowler, AP)
  • 11. © 2014 Global Knowledge Training LLC. All rights reserved. Common Security Implementations  Is there a single standard, piece of hardware, software, or technique that will keep your organization from being breached?  Is there a combination of the above that will keep you secure?
  • 12. © 2014 Global Knowledge Training LLC. All rights reserved. Common Security Implementations  Questions rephrased: www.chronicle.su
  • 13. © 2014 Global Knowledge Training LLC. All rights reserved. Cost of a Breach  Loss of: – Time – Money – Reputation – Revenue
  • 14. © 2014 Global Knowledge Training LLC. All rights reserved. Cost of a Breach
  • 15. © 2014 Global Knowledge Training LLC. All rights reserved. Cost of a Breach “In 2013, an annual investigative report on data security by Verizon found 88% of the attacks initiated against financial services companies were successful in less than a day.” (2013 Verizon Data Breach Report – DBIR)
  • 16. © 2014 Global Knowledge Training LLC. All rights reserved. Cost of a Breach “For publicly traded companies like Target and Neiman Marcus, there is an additional obligation to disclose material information to shareholders in a timely manner. For any retailer, a cyberattack may drive customers away and affect income through increased expenses for stronger computer security, providing identity theft protection to affected customers, and refunding of any fraudulent charges.” (“Adding Up the Costs of Data Breaches,” By Peter J. Henning )
  • 17. © 2014 Global Knowledge Training LLC. All rights reserved. Lower Risk, Reduce or Eliminate Liability, and Protect Reputation  What can you do?  As a business leader what is your responsibility?  What constitutes due diligence when it comes to cybersecurity?
  • 18. © 2014 Global Knowledge Training LLC. All rights reserved. informationsecurity.saiglobal.com
  • 19. © 2014 Global Knowledge Training LLC. All rights reserved.
  • 20. © 2014 Global Knowledge Training LLC. All rights reserved. Leadership  Remember the statistic? 73% of executives believe their security is good and nothing will happen!  This attitude trickles down to the workforce and suddenly all become lackadaisical. voodoogamer.wordpress.com
  • 21. © 2014 Global Knowledge Training LLC. All rights reserved. Risk Assessment  What is it?  What does it do?  How do you do it?  What is the goal?
  • 22. © 2014 Global Knowledge Training LLC. All rights reserved. Risk Assessment innovis.cpsc.ucalgary.ca
  • 23. © 2014 Global Knowledge Training LLC. All rights reserved. Policy  Why?  What?  How? www.satking.com.au
  • 24. © 2014 Global Knowledge Training LLC. All rights reserved. Training  Why?  How?  How often?  Who? web.securityinnovation.com
  • 25. © 2014 Global Knowledge Training LLC. All rights reserved. Call to Action  Perform a risk assessment or hire someone to do it  Write and implement policies or hire someone to do it  Train the workforce and implement a program or hire someone to do it
  • 26. © 2014 Global Knowledge Training LLC. All rights reserved. David Willson, Esq. CISSP, Security + Titan Info Security Group, OnlineIntell, LLC, and Azorian Cyber Security 719-648-4176 david@azoriancybersecurity.com www.azoriancybersecurity.com Questions?
  • 27. © 2014 Global Knowledge Training LLC. All rights reserved. Learn More Recommended Global Knowledge Courses  Cyber Security Compliance & Mobility Course (CSCMC) Request an On-Site Delivery  We can tailor our courses to meet your needs  We can deliver them in a private setting Visit Our Knowledge Center  Assessments  Blog  Case Studies  Demos  Lab Topologies  Special Reports  Twitter  Videos  Webinars  White Papers
  • 28. Thank You for Attending For more information contact us at: www.globalknowledge.com | 1-800-COURSES | am_info@globalknowledge.com