SlideShare a Scribd company logo

Engaging the C-Suite on Security Strategy

James Deiotte
James Deiotte

Board and C Suite focus on complex issues related to data, privacy and cyber risks, including response to the use of data improperly

Law
1 of 26
Security as a Strategy Engaging with the C-Suite and the Board Center for Cybersecurity and Privacy Protection at Cleveland- Marshall College of Law and CyberOhio Business Summit Cleveland, Ohio March 22, 2018
Our Panel James Deiotte Executive in Residence Monte Ahuja College of Business Moderator Helen Patton Chief Information Security Officer Ohio State University Eric Hibbard Chief Technology Officer Security & Privacy Hitachi Vantara Dick Kerr Vice President and Chief Information Security Officer Eaton Jamil N. Jaffer Adjunct Professor of Law and Director of the National Security Law & Policy Program at the Antonin Scalia Law School at George Mason University
ABC Company Cleveland, Ohio BOARD AGENDA January 1, 2018 Time: 9:00 am Location: Cleveland, Ohio Company Corporate Office I. Call to Order II. Opening Executive Session III. Call to Order (by the Board Chair) a. Approval of minutes of the most recent past board of directors meeting IV. Report on Company Strategy Current Year and Next Two Years (by the CEO) a. Review of strategy approved by board i. RPA Project Update ii. Acquisition of sensor enterprise b. Suggested adjustment based on current developments c. Special issue – data and privacy in Europe V. Report on Company Performance and Operations Current Quarter and Year to Date a. Reserves and insurance cyber profile VI. Report of the Nominating and Governance Committee (by the Committee Chair) a. Approval of minutes of the most recent past governance committee meeting b. Motion to elect new board member c. New risk committee charter approval VII. Report of the Audit Committee (by the Committee Chair) a. Approval of minutes of the most recent past audit committee meeting b. Review of auditor management letter and controls testing concerns c. Review financial statements VIII. Report of the Finance & Investment Committee (by the Committee Chair) a. Review budget adjustments i. Claims on breach 1. Employees 2. Customer b. Review current-year financial projections IX. Closing Executive Session Next meeting date March 1, 2018 Introduction Navigating the boardroom agenda
A wake up call Wake up call video link
Introduction Hazards of not having a CIO in the room ABC Company Cleveland, Ohio BOARD AGENDA January 1, 2018 Time: 9:00 am Location: Cleveland, Ohio Company Corporate Office I. Call to Order II. Opening Executive Session III. Call to Order (by the Board Chair) a. Approval of minutes of the most recent past board of directors meeting IV. Report on Company Strategy Current Year and Next Two Years (by the CEO) a. Review of strategy approved by board i. RPA Project Update ii. Acquisition of sensor enterprise b. Suggested adjustment based on current developments c. Special issue – data and privacy in Europe V. Report on Company Performance and Operations Current Quarter and Year to Date a. Reserves and insurance cyber profile VI. Report of the Nominating and Governance Committee (by the Committee Chair) a. Approval of minutes of the most recent past governance committee meeting b. Motion to elect new board member c. New risk committee charter approval VII. Report of the Audit Committee (by the Committee Chair) a. Approval of minutes of the most recent past audit committee meeting b. Review of auditor management letter and controls testing concerns c. Review financial statements VIII. Report of the Finance & Investment Committee (by the Committee Chair) a. Review budget adjustments i. Claims on breach 1. Employees 2. Customer b. Review current-year financial projections IX. Closing Executive Session Next meeting date March 1, 2018 CONTROLS TESTING – when are they going to visit with me? Risk Charter – who is on it? Anyone from tech teams? Engineers? Are the claims from EU, US or elsewhere? Employees? Customers??? SENSORS? For which products or solutions? Is this for internal or external use? Insurance – how are we evaluating cloud suppliers and third party risks? What about socio- engineered attacks? RPA – which activities and areas of company under focus? US or India?
Introduction Reality of addressing challenges – the starting point  89% say their cybersecurity function does not fully meet their organizations needs  88% feel it is very unlikely that they would detect a sophisticated cyber attack  77% respondents consider a careless member of staff is the most likely source of attack  63% of organizations still keep cybersecurity reporting within IT function  32% of boards have sufficient knowledge for effective oversight  87% believe that they need at least a 50% increase in budget Source: http://www.ey.com/gl/en/services/advisory/ey-global- information-security-survey-2017-18
Technology permeates all facets of business. Newly created stakeholder groups exist both within and beyond the enterprise itself. How are investments needed or changes required facilitated? Security must be embedded in each and every strategy
Technology is embedded in facets of an enterprises six forms of capital All are assets of an enterprise requiring nurturing and protection to support growth A success in protecting one asset, and failure in another, can still lead to overall failure of the enterprise
Tech’s journey… is firmly embedder in operations and strategy  Shareholders  Board of directors  Audit committee  Chief Executive Officer  Legal  Chief Financial Officer  Chief Risk Officer  Chief Information (CIO/CTO)  Operations (R&D, Engineering and Production)  Human Resources  Communications/PR  Third party suppliers  Customers/End Users  Regulators  Policymakers Stakeholders Cost control Create value • Increase productivity of employees through connectivity and collaboration • Connect complex supply chains across the world • Agility • Aligned and enabler of the business modes • Control costs (server and communication maintenance) • Deliver actionable information • Protection of personal information Enhance, protect and increase enterprise value • Protection strategic information • Improve insights through analytics • Manage stakeholder relationships with greater transparency • Delivery self-provided information with new tools for savvy users • Manage disruptions • Help people better use their technology based tools more safely • Manage cloud solutions
Exploring strategies that drive growth in enterprise value and the impact technology may have Strategies
Strategy 1 Achieving productivity with robotics and AI
Where do humans fit? Introducing Tay – the racist chatbot Google Home - who is Jesus Christ?
Strategy 2 Achieving greater productivity through data IoT and IIoT in production  Smart manufacturing — for continuous monitoring of critical assets, equipment, process, and product parameters using sensors to pass along data with wired networks or WiFi.  Connected products — for products giving continuous feedback about their location and performance after they are put into service.  Connected supply chain — for keeping track of inbound and outbound shipments for location related information and critical in-transit parameters such as temperature
Exploring the impact of the misuse of data. As a deterrent, does it matter how the data was acquired, but used improperly? Misuse of data
So what exactly was the business model of Ashley Madison?  How do you determine what is your assets of value? • Gain competitive advantage (e.g. IP, strategy) • Gain position of power for exploitation (e.g. ransomware) • Cause harm (e.g. automotive, industrial, grid, military) • Theft (e.g. counterfeit, embezzlement) • Gain disruptive power (e.g. political, community)
Attack, flee or hide • Processes and controls that limit adverse consequences • Limit access to data • Limit data collected and held to what is necessary • However, the impact is increased cost of maintenance and efficiencies lost within systems
Cyber risk management and the creating of an ecosystem for cyber defense Cyber risk management
Building your team Constructing a cybersecurity ecosystem
Restructuring when the solution is not effective
Oversight, accountability or tone setting? The cybersecurity policy shall be reviewed by the Covered Entity’s board of directors or equivalent governing body, and approved by a Senior Officer of the Covered Entity NY State Banking (Regulatory response) • The cybersecurity policy shall address, at a minimum, the following areas: • Information security; data governance and classification; access controls and identity management; business continuity and disaster recovery planning and resources; • Capacity and performance planning; systems operations and availability concerns; systems and network security; systems and network monitoring; • Systems and application development and quality assurance; physical security and environmental controls; customer data privacy; • Vendor and third-party service provider management; risk assessment; and Incident response IT governance under King IV emphasizes that governance should focus on technology and information as separate issues, not one. South Africa (adopted Governance) • Companies will be required to conduct an Intellectual Property Audit to protect your intellectual property assets. • The board will be required to conduct an IT governance assessment that assesses the gaps, and makes recommendations as well. This will include briefing staff, assessing the technologies in use, and possibly changing processes as well.
How will enterprises that have global platforms manage the changes taking place and those that will likely take place in the future? Remaining globally compliant
Drivers that impact privacy risk Globalization of business platforms Global structures enabled by Cloud solutions Technologies are shifting Move towards digitization of products and services Legislative and regulatory changes Continuous change that reacts (compare US versus South African changes) Changes in enforcement and litigation Access to global information and sharing information
Privacy statement – guess where and type of business involved The website is currently hosted on our computer server in ______. We may send personal information that we collect through the website to any other country in which the United States or Company has an affiliate. By providing Company with your personal information on the Site, you consent to and allow the storage of your personal information within and outside ______. If you participate in any blog or other online forum on the site, any personal information you post on the site will be shared with other participants of the forum. In these circumstances, the party that obtained your personal information may be located in ______ or may be located in another jurisdiction. The data and privacy protection laws of these other jurisdictions may differ from those of _______.
Is the talent out there in enough numbers and how do we develop and prepare our children for what is coming up next Human and social capital
What do we tell our children today about tomorrow? Celestine Johnson and and daughter, Tatiana at the Frederick Douglas Detroit Public Library branch This program, officially titled Automation Workz 4 U, is leading Detroit residents into CCNA Security or CCNA Cyberops certification. See www.autoworkz.org Source: Bloomfbert By Lulu Yilun Chen November 17, 2015: https://www.bloomberg.com/news/features/2015-11- 17/latest-craze-for-chinese-parents-preschool-coding- classes
Final comments and wrap up

Recommended

Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...IT Governance Ltd
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get startedIT Governance Ltd
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Trends in Information Security
Trends in Information SecurityTrends in Information Security
Trends in Information SecurityCompTIA
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceIT Governance Ltd
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeIT Governance Ltd
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurityIT Governance Ltd
 

Recommended

Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...IT Governance Ltd
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get startedIT Governance Ltd
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Trends in Information Security
Trends in Information SecurityTrends in Information Security
Trends in Information SecurityCompTIA
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceIT Governance Ltd
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeIT Governance Ltd
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurityIT Governance Ltd
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security cultureIT Governance Ltd
 
International Technology Adoption & Workforce Issues Study - Brazilian Summary
International Technology Adoption & Workforce Issues Study - Brazilian SummaryInternational Technology Adoption & Workforce Issues Study - Brazilian Summary
International Technology Adoption & Workforce Issues Study - Brazilian SummaryCompTIA
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardIT Governance Ltd
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?VISTA InfoSec
 
Cyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceCyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceSrinidhi Aithal
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
IT Risk Management & Compliance
IT Risk Management & ComplianceIT Risk Management & Compliance
IT Risk Management & Compliancerhanna11
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0Maganathin Veeraragaloo
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3Anne Starr
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk ManagementShaun Sloan
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & StrategyTony Hauxwell
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 

More Related Content

What's hot

Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security cultureIT Governance Ltd
 
International Technology Adoption & Workforce Issues Study - Brazilian Summary
International Technology Adoption & Workforce Issues Study - Brazilian SummaryInternational Technology Adoption & Workforce Issues Study - Brazilian Summary
International Technology Adoption & Workforce Issues Study - Brazilian SummaryCompTIA
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardIT Governance Ltd
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?VISTA InfoSec
 
Cyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceCyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceSrinidhi Aithal
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...festival ICT 2016
 
IT Risk Management & Compliance
IT Risk Management & ComplianceIT Risk Management & Compliance
IT Risk Management & Compliancerhanna11
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3Anne Starr
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk ManagementShaun Sloan
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & StrategyTony Hauxwell
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 

What's hot (20)

Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security culture
 
International Technology Adoption & Workforce Issues Study - Brazilian Summary
International Technology Adoption & Workforce Issues Study - Brazilian SummaryInternational Technology Adoption & Workforce Issues Study - Brazilian Summary
International Technology Adoption & Workforce Issues Study - Brazilian Summary
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
 
Cyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceCyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and Governance
 
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
Security Risk Management: ovvero come mitigare e gestire i rischi dei dati at...
 
IT Risk Management & Compliance
IT Risk Management & ComplianceIT Risk Management & Compliance
IT Risk Management & Compliance
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk Management
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
Information Systems Security & Strategy
Information Systems Security & StrategyInformation Systems Security & Strategy
Information Systems Security & Strategy
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 

Similar to Engaging the C-Suite on Security Strategy

Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...Taiye Lambo
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
Written-Blog_Ethic_AI_08Aug23_pub_jce.pdf
Written-Blog_Ethic_AI_08Aug23_pub_jce.pdfWritten-Blog_Ethic_AI_08Aug23_pub_jce.pdf
Written-Blog_Ethic_AI_08Aug23_pub_jce.pdfjiricejka
 
Item46763
Item46763Item46763
Item46763madunix
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientAccenture Operations
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceChristian F. Nissen
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011subramanian K
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...IT Governance Ltd
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsSkoda Minotti
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 

Similar to Engaging the C-Suite on Security Strategy (20)

Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
{d1a164b5-f3a5-4840-96b1-16dd83ccdda9}_Wells_Fargo_GIB_Cyber_security_100615_...
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
Written-Blog_Ethic_AI_08Aug23_pub_jce.pdf
Written-Blog_Ethic_AI_08Aug23_pub_jce.pdfWritten-Blog_Ethic_AI_08Aug23_pub_jce.pdf
Written-Blog_Ethic_AI_08Aug23_pub_jce.pdf
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 
Item46763
Item46763Item46763
Item46763
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber Resilient
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
 
S Rod Simpson Resume
S Rod Simpson ResumeS Rod Simpson Resume
S Rod Simpson Resume
 

More from James Deiotte

Ucsd rady mpac flier 2020 10.20.2020
Ucsd rady mpac flier 2020 10.20.2020Ucsd rady mpac flier 2020 10.20.2020
Ucsd rady mpac flier 2020 10.20.2020James Deiotte
 
Impact of data science in financial reporting
Impact of data science in financial reporting Impact of data science in financial reporting
Impact of data science in financial reporting James Deiotte
 
IMA meeting accounting for big data
IMA meeting accounting for big dataIMA meeting accounting for big data
IMA meeting accounting for big dataJames Deiotte
 
Board Governance, Stakeholder Focus and Integrated Reporting
Board Governance, Stakeholder Focus and Integrated Reporting Board Governance, Stakeholder Focus and Integrated Reporting
Board Governance, Stakeholder Focus and Integrated Reporting James Deiotte
 
Cyber risk reporting aicpa framework
Cyber risk reporting aicpa frameworkCyber risk reporting aicpa framework
Cyber risk reporting aicpa frameworkJames Deiotte
 
Challenges faced by transformational leaders in Africa
Challenges faced by transformational leaders in Africa Challenges faced by transformational leaders in Africa
Challenges faced by transformational leaders in Africa James Deiotte
 
Cleveland state university honors presentation
Cleveland state university honors presentationCleveland state university honors presentation
Cleveland state university honors presentationJames Deiotte
 
Video creating a harmonised african tax system cnbc africa
Video creating a harmonised african tax system cnbc africaVideo creating a harmonised african tax system cnbc africa
Video creating a harmonised african tax system cnbc africaJames Deiotte
 
Investment in Poland and support programs
Investment in Poland and support programsInvestment in Poland and support programs
Investment in Poland and support programsJames Deiotte
 
Taxes in South Africa
Taxes in South AfricaTaxes in South Africa
Taxes in South AfricaJames Deiotte
 
AICPA Conference - Doing Business in the EU
AICPA Conference - Doing Business in the EU AICPA Conference - Doing Business in the EU
AICPA Conference - Doing Business in the EU James Deiotte
 
EY Africa REIT workshop
EY Africa REIT workshop EY Africa REIT workshop
EY Africa REIT workshop James Deiotte
 
Why there’s underinvestment in Africa
Why there’s underinvestment in AfricaWhy there’s underinvestment in Africa
Why there’s underinvestment in AfricaJames Deiotte
 
E2 Detroit Conference - Starting your business and managing your capital
E2 Detroit Conference - Starting your business and managing your capitalE2 Detroit Conference - Starting your business and managing your capital
E2 Detroit Conference - Starting your business and managing your capitalJames Deiotte
 
Student conference presentation at Sun City, South Africa
Student conference presentation at Sun City, South Africa Student conference presentation at Sun City, South Africa
Student conference presentation at Sun City, South Africa James Deiotte
 
Creating transformation and value through restructuring EY Africa Tax Confere...
Creating transformation and value through restructuring EY Africa Tax Confere...Creating transformation and value through restructuring EY Africa Tax Confere...
Creating transformation and value through restructuring EY Africa Tax Confere...James Deiotte
 
Building a better working world in africa through entrepreneurship africa tax...
Building a better working world in africa through entrepreneurship africa tax...Building a better working world in africa through entrepreneurship africa tax...
Building a better working world in africa through entrepreneurship africa tax...James Deiotte
 
Wharton School - Overview of Sub Saharan Tax
Wharton School - Overview of Sub Saharan TaxWharton School - Overview of Sub Saharan Tax
Wharton School - Overview of Sub Saharan TaxJames Deiotte
 
Doing business in new EU countries
Doing business in new EU countriesDoing business in new EU countries
Doing business in new EU countriesJames Deiotte
 

More from James Deiotte (20)

Ucsd rady mpac flier 2020 10.20.2020
Ucsd rady mpac flier 2020 10.20.2020Ucsd rady mpac flier 2020 10.20.2020
Ucsd rady mpac flier 2020 10.20.2020
 
Impact of data science in financial reporting
Impact of data science in financial reporting Impact of data science in financial reporting
Impact of data science in financial reporting
 
IMA meeting accounting for big data
IMA meeting accounting for big dataIMA meeting accounting for big data
IMA meeting accounting for big data
 
Board Governance, Stakeholder Focus and Integrated Reporting
Board Governance, Stakeholder Focus and Integrated Reporting Board Governance, Stakeholder Focus and Integrated Reporting
Board Governance, Stakeholder Focus and Integrated Reporting
 
Cyber risk reporting aicpa framework
Cyber risk reporting aicpa frameworkCyber risk reporting aicpa framework
Cyber risk reporting aicpa framework
 
Challenges faced by transformational leaders in Africa
Challenges faced by transformational leaders in Africa Challenges faced by transformational leaders in Africa
Challenges faced by transformational leaders in Africa
 
Cleveland state university honors presentation
Cleveland state university honors presentationCleveland state university honors presentation
Cleveland state university honors presentation
 
Video creating a harmonised african tax system cnbc africa
Video creating a harmonised african tax system cnbc africaVideo creating a harmonised african tax system cnbc africa
Video creating a harmonised african tax system cnbc africa
 
Investment in Poland and support programs
Investment in Poland and support programsInvestment in Poland and support programs
Investment in Poland and support programs
 
Taxes in South Africa
Taxes in South AfricaTaxes in South Africa
Taxes in South Africa
 
AICPA Conference - Doing Business in the EU
AICPA Conference - Doing Business in the EU AICPA Conference - Doing Business in the EU
AICPA Conference - Doing Business in the EU
 
EY Africa REIT workshop
EY Africa REIT workshop EY Africa REIT workshop
EY Africa REIT workshop
 
Why there’s underinvestment in Africa
Why there’s underinvestment in AfricaWhy there’s underinvestment in Africa
Why there’s underinvestment in Africa
 
Tax Talk Magazine
Tax Talk MagazineTax Talk Magazine
Tax Talk Magazine
 
E2 Detroit Conference - Starting your business and managing your capital
E2 Detroit Conference - Starting your business and managing your capitalE2 Detroit Conference - Starting your business and managing your capital
E2 Detroit Conference - Starting your business and managing your capital
 
Student conference presentation at Sun City, South Africa
Student conference presentation at Sun City, South Africa Student conference presentation at Sun City, South Africa
Student conference presentation at Sun City, South Africa
 
Creating transformation and value through restructuring EY Africa Tax Confere...
Creating transformation and value through restructuring EY Africa Tax Confere...Creating transformation and value through restructuring EY Africa Tax Confere...
Creating transformation and value through restructuring EY Africa Tax Confere...
 
Building a better working world in africa through entrepreneurship africa tax...
Building a better working world in africa through entrepreneurship africa tax...Building a better working world in africa through entrepreneurship africa tax...
Building a better working world in africa through entrepreneurship africa tax...
 
Wharton School - Overview of Sub Saharan Tax
Wharton School - Overview of Sub Saharan TaxWharton School - Overview of Sub Saharan Tax
Wharton School - Overview of Sub Saharan Tax
 
Doing business in new EU countries
Doing business in new EU countriesDoing business in new EU countries
Doing business in new EU countries
 

Recently uploaded

昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书1k98h0e1
 
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书SD DS
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceMichael Cicero
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书FS LS
 
如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书Fir L
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书Fs Las
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书Fir sss
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书Fir L
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书Fir L
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...shubhuc963
 
Why Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdfWhy Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdfMilind Agarwal
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Dr. Oliver Massmann
 
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝soniya singh
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书Fir sss
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书SD DS
 
Test Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxTest Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxsrikarna235
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书Fs Las
 

Recently uploaded (20)

昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
昆士兰科技大学毕业证学位证成绩单-补办步骤澳洲毕业证书
 
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
如何办理(Curtin毕业证书)科廷科技大学毕业证学位证书
 
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics GuidanceLaw360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
Law360 - How Duty Of Candor Figures In USPTO AI Ethics Guidance
 
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
如何办理密德萨斯大学毕业证(本硕)Middlesex学位证书
 
如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书如何办理提赛德大学毕业证(本硕)Teesside学位证书
如何办理提赛德大学毕业证(本硕)Teesside学位证书
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书
 
如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书如何办理美国波士顿大学(BU)毕业证学位证书
如何办理美国波士顿大学(BU)毕业证学位证书
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书
 
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
Russian Call Girls Service Gomti Nagar \ 9548273370 Indian Call Girls Service...
 
John Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A HistoryJohn Hustaix - The Legal Profession: A History
John Hustaix - The Legal Profession: A History
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...
 
Why Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdfWhy Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdf
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
 
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Haqiqat Nagar Delhi reach out to us at 🔝8264348440🔝
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书
 
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Serviceyoung Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
 
Test Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxTest Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptx
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
 

Engaging the C-Suite on Security Strategy

  • 1. Security as a Strategy Engaging with the C-Suite and the Board Center for Cybersecurity and Privacy Protection at Cleveland- Marshall College of Law and CyberOhio Business Summit Cleveland, Ohio March 22, 2018
  • 2. Our Panel James Deiotte Executive in Residence Monte Ahuja College of Business Moderator Helen Patton Chief Information Security Officer Ohio State University Eric Hibbard Chief Technology Officer Security & Privacy Hitachi Vantara Dick Kerr Vice President and Chief Information Security Officer Eaton Jamil N. Jaffer Adjunct Professor of Law and Director of the National Security Law & Policy Program at the Antonin Scalia Law School at George Mason University
  • 3. ABC Company Cleveland, Ohio BOARD AGENDA January 1, 2018 Time: 9:00 am Location: Cleveland, Ohio Company Corporate Office I. Call to Order II. Opening Executive Session III. Call to Order (by the Board Chair) a. Approval of minutes of the most recent past board of directors meeting IV. Report on Company Strategy Current Year and Next Two Years (by the CEO) a. Review of strategy approved by board i. RPA Project Update ii. Acquisition of sensor enterprise b. Suggested adjustment based on current developments c. Special issue – data and privacy in Europe V. Report on Company Performance and Operations Current Quarter and Year to Date a. Reserves and insurance cyber profile VI. Report of the Nominating and Governance Committee (by the Committee Chair) a. Approval of minutes of the most recent past governance committee meeting b. Motion to elect new board member c. New risk committee charter approval VII. Report of the Audit Committee (by the Committee Chair) a. Approval of minutes of the most recent past audit committee meeting b. Review of auditor management letter and controls testing concerns c. Review financial statements VIII. Report of the Finance & Investment Committee (by the Committee Chair) a. Review budget adjustments i. Claims on breach 1. Employees 2. Customer b. Review current-year financial projections IX. Closing Executive Session Next meeting date March 1, 2018 Introduction Navigating the boardroom agenda
  • 4. A wake up call Wake up call video link
  • 5. Introduction Hazards of not having a CIO in the room ABC Company Cleveland, Ohio BOARD AGENDA January 1, 2018 Time: 9:00 am Location: Cleveland, Ohio Company Corporate Office I. Call to Order II. Opening Executive Session III. Call to Order (by the Board Chair) a. Approval of minutes of the most recent past board of directors meeting IV. Report on Company Strategy Current Year and Next Two Years (by the CEO) a. Review of strategy approved by board i. RPA Project Update ii. Acquisition of sensor enterprise b. Suggested adjustment based on current developments c. Special issue – data and privacy in Europe V. Report on Company Performance and Operations Current Quarter and Year to Date a. Reserves and insurance cyber profile VI. Report of the Nominating and Governance Committee (by the Committee Chair) a. Approval of minutes of the most recent past governance committee meeting b. Motion to elect new board member c. New risk committee charter approval VII. Report of the Audit Committee (by the Committee Chair) a. Approval of minutes of the most recent past audit committee meeting b. Review of auditor management letter and controls testing concerns c. Review financial statements VIII. Report of the Finance & Investment Committee (by the Committee Chair) a. Review budget adjustments i. Claims on breach 1. Employees 2. Customer b. Review current-year financial projections IX. Closing Executive Session Next meeting date March 1, 2018 CONTROLS TESTING – when are they going to visit with me? Risk Charter – who is on it? Anyone from tech teams? Engineers? Are the claims from EU, US or elsewhere? Employees? Customers??? SENSORS? For which products or solutions? Is this for internal or external use? Insurance – how are we evaluating cloud suppliers and third party risks? What about socio- engineered attacks? RPA – which activities and areas of company under focus? US or India?
  • 6. Introduction Reality of addressing challenges – the starting point  89% say their cybersecurity function does not fully meet their organizations needs  88% feel it is very unlikely that they would detect a sophisticated cyber attack  77% respondents consider a careless member of staff is the most likely source of attack  63% of organizations still keep cybersecurity reporting within IT function  32% of boards have sufficient knowledge for effective oversight  87% believe that they need at least a 50% increase in budget Source: http://www.ey.com/gl/en/services/advisory/ey-global- information-security-survey-2017-18
  • 7. Technology permeates all facets of business. Newly created stakeholder groups exist both within and beyond the enterprise itself. How are investments needed or changes required facilitated? Security must be embedded in each and every strategy
  • 8. Technology is embedded in facets of an enterprises six forms of capital All are assets of an enterprise requiring nurturing and protection to support growth A success in protecting one asset, and failure in another, can still lead to overall failure of the enterprise
  • 9. Tech’s journey… is firmly embedder in operations and strategy  Shareholders  Board of directors  Audit committee  Chief Executive Officer  Legal  Chief Financial Officer  Chief Risk Officer  Chief Information (CIO/CTO)  Operations (R&D, Engineering and Production)  Human Resources  Communications/PR  Third party suppliers  Customers/End Users  Regulators  Policymakers Stakeholders Cost control Create value • Increase productivity of employees through connectivity and collaboration • Connect complex supply chains across the world • Agility • Aligned and enabler of the business modes • Control costs (server and communication maintenance) • Deliver actionable information • Protection of personal information Enhance, protect and increase enterprise value • Protection strategic information • Improve insights through analytics • Manage stakeholder relationships with greater transparency • Delivery self-provided information with new tools for savvy users • Manage disruptions • Help people better use their technology based tools more safely • Manage cloud solutions
  • 10. Exploring strategies that drive growth in enterprise value and the impact technology may have Strategies
  • 11. Strategy 1 Achieving productivity with robotics and AI
  • 12. Where do humans fit? Introducing Tay – the racist chatbot Google Home - who is Jesus Christ?
  • 13. Strategy 2 Achieving greater productivity through data IoT and IIoT in production  Smart manufacturing — for continuous monitoring of critical assets, equipment, process, and product parameters using sensors to pass along data with wired networks or WiFi.  Connected products — for products giving continuous feedback about their location and performance after they are put into service.  Connected supply chain — for keeping track of inbound and outbound shipments for location related information and critical in-transit parameters such as temperature
  • 14. Exploring the impact of the misuse of data. As a deterrent, does it matter how the data was acquired, but used improperly? Misuse of data
  • 15. So what exactly was the business model of Ashley Madison?  How do you determine what is your assets of value? • Gain competitive advantage (e.g. IP, strategy) • Gain position of power for exploitation (e.g. ransomware) • Cause harm (e.g. automotive, industrial, grid, military) • Theft (e.g. counterfeit, embezzlement) • Gain disruptive power (e.g. political, community)
  • 16. Attack, flee or hide • Processes and controls that limit adverse consequences • Limit access to data • Limit data collected and held to what is necessary • However, the impact is increased cost of maintenance and efficiencies lost within systems
  • 17. Cyber risk management and the creating of an ecosystem for cyber defense Cyber risk management
  • 18. Building your team Constructing a cybersecurity ecosystem
  • 19. Restructuring when the solution is not effective
  • 20. Oversight, accountability or tone setting? The cybersecurity policy shall be reviewed by the Covered Entity’s board of directors or equivalent governing body, and approved by a Senior Officer of the Covered Entity NY State Banking (Regulatory response) • The cybersecurity policy shall address, at a minimum, the following areas: • Information security; data governance and classification; access controls and identity management; business continuity and disaster recovery planning and resources; • Capacity and performance planning; systems operations and availability concerns; systems and network security; systems and network monitoring; • Systems and application development and quality assurance; physical security and environmental controls; customer data privacy; • Vendor and third-party service provider management; risk assessment; and Incident response IT governance under King IV emphasizes that governance should focus on technology and information as separate issues, not one. South Africa (adopted Governance) • Companies will be required to conduct an Intellectual Property Audit to protect your intellectual property assets. • The board will be required to conduct an IT governance assessment that assesses the gaps, and makes recommendations as well. This will include briefing staff, assessing the technologies in use, and possibly changing processes as well.
  • 21. How will enterprises that have global platforms manage the changes taking place and those that will likely take place in the future? Remaining globally compliant
  • 22. Drivers that impact privacy risk Globalization of business platforms Global structures enabled by Cloud solutions Technologies are shifting Move towards digitization of products and services Legislative and regulatory changes Continuous change that reacts (compare US versus South African changes) Changes in enforcement and litigation Access to global information and sharing information
  • 23. Privacy statement – guess where and type of business involved The website is currently hosted on our computer server in ______. We may send personal information that we collect through the website to any other country in which the United States or Company has an affiliate. By providing Company with your personal information on the Site, you consent to and allow the storage of your personal information within and outside ______. If you participate in any blog or other online forum on the site, any personal information you post on the site will be shared with other participants of the forum. In these circumstances, the party that obtained your personal information may be located in ______ or may be located in another jurisdiction. The data and privacy protection laws of these other jurisdictions may differ from those of _______.
  • 24. Is the talent out there in enough numbers and how do we develop and prepare our children for what is coming up next Human and social capital
  • 25. What do we tell our children today about tomorrow? Celestine Johnson and and daughter, Tatiana at the Frederick Douglas Detroit Public Library branch This program, officially titled Automation Workz 4 U, is leading Detroit residents into CCNA Security or CCNA Cyberops certification. See www.autoworkz.org Source: Bloomfbert By Lulu Yilun Chen November 17, 2015: https://www.bloomberg.com/news/features/2015-11- 17/latest-craze-for-chinese-parents-preschool-coding- classes