Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Can Cyber Insurance Enforce Change in Enterprise GRC

400 views

Published on

Like all things cyber, insurance holds a lot of hope for risk mitigation. However, again, like all things cyber, there is a lot of unknown in the risk mitigation solution itself.

Published in: Business
  • Be the first to comment

  • Be the first to like this

Can Cyber Insurance Enforce Change in Enterprise GRC

  1. 1. A Silver Bullet Solution or a Risk CYBER INSURANCE
  2. 2. Kollam, Aug 19, 2016 We Are A Reality Check On The Past Present & Future of National Security & Cybersecurity .in
  3. 3. Kollam, Aug 19, 2016 Can Cyber Insurance enforce change in the cybersecurity DNA of organizations?
  4. 4. Kollam, Aug 19, 2016 In India – IT Act asks for “reasonable security” PSUs, Enterprises seek - ISO27001, - PCI-DSS, - ISO22301, - Guidelines from RBI, SEBI, IDRBT
  5. 5. Kollam, Aug 19, 2016 The Risks are many too… Ransomware Business Email Compromise Insider Threat Espionage APT etc
  6. 6. Kollam, Aug 19, 2016 Some Cyber Insurance “Issues” SONY – claim by movie producer after 2 years TARGET – ongoing litigation
  7. 7. Kollam, Aug 19, 2016 • What will a policy cover • ISMS, BCP, IAM, Devices, Insider threat, IP, Server, Endpoints, Mistakes, Accidents, Disasters, Ransomware, Spam, Malware, Change Management, Database, Phishing, Whaling, Spear Phishing … • If the organization has an ISMS is it SECURE • Does ISMS include ransomware, or, Phishing include whaling etc • Who will assess the incident – is assessor qualified • Organization has to make public announcement and lodge a formal complaint
  8. 8. Kollam, Aug 19, 2016 Cyber Insurance Brings Promise of lowering the risk
  9. 9. Kollam, Aug 19, 2016 How can Insurance enforce Security ?
  10. 10. Kollam, Aug 19, 2016 - Organization HAS to have effective controls - Security has to be “in the spirit and DNA” - Management has to assume full responsibility - Governance and traceability - Common and automated platforms that are prescribed by Insurer
  11. 11. Kollam, Aug 19, 2016 - While Insurance will de-risk an individual or an organization - INSURANCE IS A RISK TOO
  12. 12. Kollam, Aug 19, 2016 Decide wisely • You are ISO27001 certified – does this make you a good candidate for insurance • Will the assessor be willing to accept your security status / control design and effectiveness and settle your claim • Think far and wide when you buy • Discuss common ground for assessment with your insurer • Assess your insurers maturity while the insurer assesses yours • Optimize your controls system to align with insurance needs
  13. 13. Kollam, Aug 19, 2016
  14. 14. Kollam, Aug 19, 2016 ABriefIntroduction Dinesh O Bareja CISA, CISM, ITIL, ISMS, Cert ERM, Cert IPR • Principal Advisor – Pyramid Cyber Security & Forensic Pvt Ltd • Co-Founder – Open Security Alliance , IndiaWatch, Indian Honeynet Project, • Ex Cyber Surveillance Advisor – CDRC (Jharkhand Police – Special Branch) Enterprise & Government Policy Development; Cyber Security Strategy, Design, Architecture; Current State Security Assessment, Audit & Optimization; Governance, Risk Management;.. etc ABOUT ME
  15. 15. Kollam, Aug 19, 2016 Who professional infosec expertise and passion to demolish the hype and enable real-life balance in cybersecurity policy, strategy, training and operations at the national, enterprise or individual level – we bring the A Reality Check On The Past Present & Future of National Security & Cybersecurity ABOUTUS What Where E dinesh@opensecurityalliance.org @bizsprite L: linkedin.com/in/dineshbareja +91.9769890505 dineshobareja dineshobareja infosecgallery.blgspot.com securambling.blogspot.com .in
  16. 16. Kollam, Aug 19, 2016

×