Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
A Silver Bullet Solution or a Risk
CYBER
INSURANCE
Kollam, Aug 19, 2016
We Are
A Reality Check On The Past Present & Future of National Security & Cybersecurity
.in
Kollam, Aug 19, 2016
Can Cyber Insurance
enforce change in the
cybersecurity DNA of
organizations?
Kollam, Aug 19, 2016
In India – IT Act asks for
“reasonable security”
PSUs, Enterprises seek
- ISO27001,
- PCI-DSS,
- ISO2...
Kollam, Aug 19, 2016
The Risks are many too…
Ransomware
Business Email Compromise
Insider Threat
Espionage
APT etc
Kollam, Aug 19, 2016
Some Cyber Insurance “Issues”
SONY – claim by movie producer
after 2 years
TARGET – ongoing litigation
Kollam, Aug 19, 2016
• What will a policy cover
• ISMS, BCP, IAM, Devices, Insider threat, IP, Server,
Endpoints, Mistakes...
Kollam, Aug 19, 2016
Cyber Insurance
Brings Promise of
lowering the risk
Kollam, Aug 19, 2016
How can Insurance
enforce Security ?
Kollam, Aug 19, 2016
- Organization HAS to have effective
controls
- Security has to be “in the spirit and DNA”
- Manageme...
Kollam, Aug 19, 2016
- While Insurance will de-risk an
individual or an organization
- INSURANCE IS A RISK TOO
Kollam, Aug 19, 2016
Decide wisely
• You are ISO27001 certified – does this make you a good
candidate for insurance
• Will...
Kollam, Aug 19, 2016
Kollam, Aug 19, 2016
ABriefIntroduction
Dinesh O Bareja
CISA, CISM, ITIL, ISMS, Cert ERM, Cert IPR
• Principal Advisor – P...
Kollam, Aug 19, 2016
Who professional infosec expertise and passion to demolish
the hype and enable real-life balance in c...
Kollam, Aug 19, 2016
You’ve finished this document.
Download and read it offline.
Upcoming SlideShare
Cyber Insurance Temp
Next
Upcoming SlideShare
Cyber Insurance Temp
Next
Download to read offline and view in fullscreen.

0

Share

Can Cyber Insurance Enforce Change in Enterprise GRC

Download to read offline

Like all things cyber, insurance holds a lot of hope for risk mitigation. However, again, like all things cyber, there is a lot of unknown in the risk mitigation solution itself.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Can Cyber Insurance Enforce Change in Enterprise GRC

  1. 1. A Silver Bullet Solution or a Risk CYBER INSURANCE
  2. 2. Kollam, Aug 19, 2016 We Are A Reality Check On The Past Present & Future of National Security & Cybersecurity .in
  3. 3. Kollam, Aug 19, 2016 Can Cyber Insurance enforce change in the cybersecurity DNA of organizations?
  4. 4. Kollam, Aug 19, 2016 In India – IT Act asks for “reasonable security” PSUs, Enterprises seek - ISO27001, - PCI-DSS, - ISO22301, - Guidelines from RBI, SEBI, IDRBT
  5. 5. Kollam, Aug 19, 2016 The Risks are many too… Ransomware Business Email Compromise Insider Threat Espionage APT etc
  6. 6. Kollam, Aug 19, 2016 Some Cyber Insurance “Issues” SONY – claim by movie producer after 2 years TARGET – ongoing litigation
  7. 7. Kollam, Aug 19, 2016 • What will a policy cover • ISMS, BCP, IAM, Devices, Insider threat, IP, Server, Endpoints, Mistakes, Accidents, Disasters, Ransomware, Spam, Malware, Change Management, Database, Phishing, Whaling, Spear Phishing … • If the organization has an ISMS is it SECURE • Does ISMS include ransomware, or, Phishing include whaling etc • Who will assess the incident – is assessor qualified • Organization has to make public announcement and lodge a formal complaint
  8. 8. Kollam, Aug 19, 2016 Cyber Insurance Brings Promise of lowering the risk
  9. 9. Kollam, Aug 19, 2016 How can Insurance enforce Security ?
  10. 10. Kollam, Aug 19, 2016 - Organization HAS to have effective controls - Security has to be “in the spirit and DNA” - Management has to assume full responsibility - Governance and traceability - Common and automated platforms that are prescribed by Insurer
  11. 11. Kollam, Aug 19, 2016 - While Insurance will de-risk an individual or an organization - INSURANCE IS A RISK TOO
  12. 12. Kollam, Aug 19, 2016 Decide wisely • You are ISO27001 certified – does this make you a good candidate for insurance • Will the assessor be willing to accept your security status / control design and effectiveness and settle your claim • Think far and wide when you buy • Discuss common ground for assessment with your insurer • Assess your insurers maturity while the insurer assesses yours • Optimize your controls system to align with insurance needs
  13. 13. Kollam, Aug 19, 2016
  14. 14. Kollam, Aug 19, 2016 ABriefIntroduction Dinesh O Bareja CISA, CISM, ITIL, ISMS, Cert ERM, Cert IPR • Principal Advisor – Pyramid Cyber Security & Forensic Pvt Ltd • Co-Founder – Open Security Alliance , IndiaWatch, Indian Honeynet Project, • Ex Cyber Surveillance Advisor – CDRC (Jharkhand Police – Special Branch) Enterprise & Government Policy Development; Cyber Security Strategy, Design, Architecture; Current State Security Assessment, Audit & Optimization; Governance, Risk Management;.. etc ABOUT ME
  15. 15. Kollam, Aug 19, 2016 Who professional infosec expertise and passion to demolish the hype and enable real-life balance in cybersecurity policy, strategy, training and operations at the national, enterprise or individual level – we bring the A Reality Check On The Past Present & Future of National Security & Cybersecurity ABOUTUS What Where E dinesh@opensecurityalliance.org @bizsprite L: linkedin.com/in/dineshbareja +91.9769890505 dineshobareja dineshobareja infosecgallery.blgspot.com securambling.blogspot.com .in
  16. 16. Kollam, Aug 19, 2016

Like all things cyber, insurance holds a lot of hope for risk mitigation. However, again, like all things cyber, there is a lot of unknown in the risk mitigation solution itself.

Views

Total views

543

On Slideshare

0

From embeds

0

Number of embeds

9

Actions

Downloads

7

Shares

0

Comments

0

Likes

0

×