Like all things cyber, insurance holds a lot of hope for risk mitigation. However, again, like all things cyber, there is a lot of unknown in the risk mitigation solution itself.
2. Kollam, Aug 19, 2016
We Are
A Reality Check On The Past Present & Future of National Security & Cybersecurity
.in
3. Kollam, Aug 19, 2016
Can Cyber Insurance
enforce change in the
cybersecurity DNA of
organizations?
4. Kollam, Aug 19, 2016
In India – IT Act asks for
“reasonable security”
PSUs, Enterprises seek
- ISO27001,
- PCI-DSS,
- ISO22301,
- Guidelines from RBI, SEBI, IDRBT
5. Kollam, Aug 19, 2016
The Risks are many too…
Ransomware
Business Email Compromise
Insider Threat
Espionage
APT etc
6. Kollam, Aug 19, 2016
Some Cyber Insurance “Issues”
SONY – claim by movie producer
after 2 years
TARGET – ongoing litigation
7. Kollam, Aug 19, 2016
• What will a policy cover
• ISMS, BCP, IAM, Devices, Insider threat, IP, Server,
Endpoints, Mistakes, Accidents, Disasters, Ransomware,
Spam, Malware, Change Management, Database,
Phishing, Whaling, Spear Phishing …
• If the organization has an ISMS is it SECURE
• Does ISMS include ransomware, or, Phishing include
whaling etc
• Who will assess the incident – is assessor qualified
• Organization has to make public announcement and
lodge a formal complaint
8. Kollam, Aug 19, 2016
Cyber Insurance
Brings Promise of
lowering the risk
10. Kollam, Aug 19, 2016
- Organization HAS to have effective
controls
- Security has to be “in the spirit and DNA”
- Management has to assume full
responsibility
- Governance and traceability
- Common and automated platforms that
are prescribed by Insurer
11. Kollam, Aug 19, 2016
- While Insurance will de-risk an
individual or an organization
- INSURANCE IS A RISK TOO
12. Kollam, Aug 19, 2016
Decide wisely
• You are ISO27001 certified – does this make you a good
candidate for insurance
• Will the assessor be willing to accept your security status /
control design and effectiveness and settle your claim
• Think far and wide when you buy
• Discuss common ground for assessment with your insurer
• Assess your insurers maturity while the insurer assesses
yours
• Optimize your controls system to align with insurance needs
14. Kollam, Aug 19, 2016
ABriefIntroduction
Dinesh O Bareja
CISA, CISM, ITIL, ISMS, Cert ERM, Cert IPR
• Principal Advisor – Pyramid Cyber Security & Forensic Pvt Ltd
• Co-Founder – Open Security Alliance , IndiaWatch, Indian Honeynet Project,
• Ex Cyber Surveillance Advisor – CDRC (Jharkhand Police – Special Branch)
Enterprise & Government Policy Development;
Cyber Security Strategy, Design, Architecture;
Current State Security Assessment, Audit &
Optimization; Governance, Risk Management;..
etc
ABOUT ME
15. Kollam, Aug 19, 2016
Who professional infosec expertise and passion to demolish
the hype and enable real-life balance in cybersecurity
policy, strategy, training and operations at the
national, enterprise or individual level – we bring the
A Reality Check On The Past Present & Future of National Security & Cybersecurity
ABOUTUS
What
Where
E dinesh@opensecurityalliance.org
@bizsprite
L: linkedin.com/in/dineshbareja
+91.9769890505
dineshobareja
dineshobareja
infosecgallery.blgspot.com
securambling.blogspot.com
.in