Craig Richardson, CEO of crime fighting software company Wynyard Group shares his recommendations for boards and executives on addressing cyber risks for their organisations.
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
This document discusses I.T. strategy, risk management, and governance. It begins with an introduction of Steve Howse, the president of Millington & Associates, and his background. The document then discusses what I.T. strategy and governance entail and why they are important. It introduces the "20 questions" framework as a tool to assess I.T. strategy, risk, and governance. The questions are categorized into strategic issues, internal control issues, and risk issues. The document dives deeper into examples of risks and what organizations can do to address risks such as dedicating board members to I.T. committees and ensuring business continuity plans are tested.
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
Paul C Dwyer gave a presentation on cybersecurity risks. He discussed the growing threat of cybercrime and how criminal groups are increasingly professionalizing. He outlined common cyberattack techniques like advanced persistent threats. Dwyer recommended that organizations prepare for these strategic challenges by improving cyber resilience, governance, and incident response capabilities. Organizations also need to understand their legal responsibilities and that boards will be held accountable for cybersecurity failures.
WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW
BEFORE, DURING AND AFTER AN ATTACK
View the webinar:
https://www2.fireeye.com/The_Board_and_CyberSecurity_webinar_EMEA.html?utm_source=SS
Download the full report:
https://www2.fireeye.com/WEB-2015-The-Cyber-Security-Playbook.html?utm_source=SS
Here are my slides on "Board and Cyber Security" that I presented at the Just People Information Security breakfast this morning. Thanks Adam for arranging the session and those who attended.
Cyber-risk Oversight Handbook for Corporate BoardsCheffley White
Cyber-risk oversight handbook for corporate boards that includes good practices and lessons learned to improve #cybersecurity in companies
Download here
ESP https://www.oas.org/ManualRiesgoCiberESP …
ENG https://www.oas.org/CyberRiskManualENG …
POR https://www.oas.org/ManualRiscoCiberPOR …
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
Recognize the business impact, own the risk, educate stakeholders, and prepare the organization for the breach. The document discusses the average costs of data breaches, quantifiable and difficult to measure impacts of incidents, and intangible impacts on consumer confidence and public perception. It emphasizes directly engaging stakeholders, understanding business needs, communicating risk effectively, having incident response plans, security controls, and ongoing monitoring to prepare for an inevitable breach.
The cyber security job is everyone's business including the Board of Directors, even without a cyber security degree. Recent cyber security news proves that. According to several studies, Boards are getting it wrong and are leaving cyber awareness and risk management in the hands of the CEO, CISO, CTOs and cyber security companies. In a sense they are abdicating their responsibility to the shareholders. This slideshare proposes 7 questions every board should be asking their company executives abour IT security. They're not necessarily all encompassing and don't take the place of real cybersecurity training, but will drive the discussion to better and more complete understanding of strategic risk. Questions cover the basics of cyber security training, cyber policies, who briefs and when at board meetings. Thanks.
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
This document discusses I.T. strategy, risk management, and governance. It begins with an introduction of Steve Howse, the president of Millington & Associates, and his background. The document then discusses what I.T. strategy and governance entail and why they are important. It introduces the "20 questions" framework as a tool to assess I.T. strategy, risk, and governance. The questions are categorized into strategic issues, internal control issues, and risk issues. The document dives deeper into examples of risks and what organizations can do to address risks such as dedicating board members to I.T. committees and ensuring business continuity plans are tested.
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
Paul C Dwyer gave a presentation on cybersecurity risks. He discussed the growing threat of cybercrime and how criminal groups are increasingly professionalizing. He outlined common cyberattack techniques like advanced persistent threats. Dwyer recommended that organizations prepare for these strategic challenges by improving cyber resilience, governance, and incident response capabilities. Organizations also need to understand their legal responsibilities and that boards will be held accountable for cybersecurity failures.
WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW
BEFORE, DURING AND AFTER AN ATTACK
View the webinar:
https://www2.fireeye.com/The_Board_and_CyberSecurity_webinar_EMEA.html?utm_source=SS
Download the full report:
https://www2.fireeye.com/WEB-2015-The-Cyber-Security-Playbook.html?utm_source=SS
Here are my slides on "Board and Cyber Security" that I presented at the Just People Information Security breakfast this morning. Thanks Adam for arranging the session and those who attended.
Cyber-risk Oversight Handbook for Corporate BoardsCheffley White
Cyber-risk oversight handbook for corporate boards that includes good practices and lessons learned to improve #cybersecurity in companies
Download here
ESP https://www.oas.org/ManualRiesgoCiberESP …
ENG https://www.oas.org/CyberRiskManualENG …
POR https://www.oas.org/ManualRiscoCiberPOR …
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
Recognize the business impact, own the risk, educate stakeholders, and prepare the organization for the breach. The document discusses the average costs of data breaches, quantifiable and difficult to measure impacts of incidents, and intangible impacts on consumer confidence and public perception. It emphasizes directly engaging stakeholders, understanding business needs, communicating risk effectively, having incident response plans, security controls, and ongoing monitoring to prepare for an inevitable breach.
The cyber security job is everyone's business including the Board of Directors, even without a cyber security degree. Recent cyber security news proves that. According to several studies, Boards are getting it wrong and are leaving cyber awareness and risk management in the hands of the CEO, CISO, CTOs and cyber security companies. In a sense they are abdicating their responsibility to the shareholders. This slideshare proposes 7 questions every board should be asking their company executives abour IT security. They're not necessarily all encompassing and don't take the place of real cybersecurity training, but will drive the discussion to better and more complete understanding of strategic risk. Questions cover the basics of cyber security training, cyber policies, who briefs and when at board meetings. Thanks.
The Security Director's Practical Guide to Cyber SecurityKevin Duffey
This document outlines an agenda for a cyber security director's workshop hosted by Cyber Rescue from November 30th to December 1st 2016. The workshop will cover what CEOs need from security directors to protect against cyber threats, how directors can identify vulnerabilities missed by IT, cyber insurance, responding to attacks, and leading recovery efforts. It introduces the facilitators, Barrie Millett and Kevin Duffey, and their experience in security, crisis response, and digital transformation risks. The typical roles and responsibilities of a security director are defined. The workshop aims to help directors support CEOs in leading through a cyber attack and managing relationships during response and recovery.
Do you know what brings cyber security risks to your organization? Are you ready to deal with cyber threats and the consequences of a cyber attack?
Find out what you should watch out for, no matter the size of your company!
The Benefits of Security From a Managed Services ProviderCSI Solutions
Today’s technology users—both consumers and bankers—who don’t stay informed on the latest in security can open themselves and others to attack.
View this SlideShare to learn what to look for in a solid managed security provider and how it can benefit your financial institution.
The July 2017 Cybersecurity Risk LandscapeCraig McGill
John Hinchcliffe, one of the talented cybersecurity experts at PwC in Scotland, recently spoke at an ISACA event, talking about the current security risk landscape, highlighting some of the forgotten security risks, and challenging attendees to think about the true value of their data.
Business Continuity, Data Privacy, and Information Security: How do they link?PECB
Considering the increased number of cyberattacks and the significant damage caused to the IT infrastructure, organizations should ensure that their efforts to secure IT operations are linked with efforts to maintain resiliency within organizations.
The webinar covers
• Cybersecurity during pandemic through statistics
• Attack trends during pandemic
• Mitigating steps to take
• Relevance of IT Disaster Recovery in the time of Cloud computing
• Achieving optimal alignment and efficiency regarding your ISMS, BCP, BIA and Risk Management efforts
• Post-pandemic cyber and privacy considerations
• BCP and pandemic scenario planning 'beyond COVID'
• How to keep your privacy policy and incident response plan actionable
• How to keep your BCP short, sharp, up-to-date and user-friendly during an actual invocation
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/0AbrywA5oic
The State Of Information and Cyber Security in 2016Shannon G., MBA
Shannon Glass, Practice Director from AfidenceIT talks about the State of Information and Cyber Security in 2016. She covers the importance of creating a culture of security awareness within an organization, threats to look out for on the landscape, and why you should care about protecting your data assets.
The document discusses security incident response readiness over time as technologies and threats have evolved. It analyzes survey results from 106 organizations across industries on their security incident preparation. Key findings include: over 70% have a cybersecurity strategy but lack business alignment; budget increases are expected but skills need improving; phishing is a top attack method; and collaboration on incidents needs strengthening through information sharing. The document advocates a strategic, framework-based approach to security incident response focusing on protection, detection, response, and recovery capabilities.
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Phil Agcaoili
Board of Directors are increasingly facing lawsuits related to data privacy and security breaches. To mitigate these risks, boards should regularly discuss data privacy and security issues, ensuring adequate resources are devoted to these areas. Recent reports show that breaches can occur at companies of all sizes, and that many companies have insufficient security budgets or expertise. Proper board oversight of cybersecurity is needed to establish responsible risk management practices and response plans for potential security incidents.
Cyber Security Threats Facing Small Businesses--June 2019Dawn Yankeelov
This presentation was made by Cloudnexus Founder Jay Rollins at the Technology Association of Louisville Kentucky's Cybersecurity Summit on June 14, 2019.
The document summarizes findings from ISACA's 2017 State of Cyber Security study regarding cyber security workforce trends and challenges. It reports that the cyber security skills gap persists, with many organizations receiving fewer than 5 applicants for open positions and the average time to fill positions being 3 months or more. Over half of organizations say practical hands-on experience is the most important candidate qualification, and only 70% require security certifications. The persistent skills shortage means about 1 in 5 organizations are unable to fill open cyber security roles.
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
Jim Aldridge from FireEye discusses what executives should ask their security teams. This is available on the FireEye Blog www.fireeye.com/blog/executive-perspective/2015/11/proactively_engaged.html
Presented by Dr Sam De Silva, partner at Nabarro to over 100 CEOs and Executives in London.
Explains what leaders should do immediately after becoming aware of a cyber attack, from a legal perspective.
The document discusses how excellent IT security can deter cyber adversaries. It finds that excellent security can deter attacks for over 4 days past the point when attackers would normally change targets. This doubles the time attackers need to plan and execute a successful attack. The document also notes that sharing threat intelligence with peers is one of the most effective ways to prevent attacks, and can help thwart 39% of attacks. However, on average attackers only make one quarter of what IT security professionals earn each year, calling into question whether crime truly pays for cyber attackers.
CEOs leading Recovery from Cyber AttackKevin Duffey
This presentation was given to senior representatives from the Cabinet Office (UK Government), Capita, E.ON, Institute of Directors, Microsoft, Saga plc, Zurich Insurance, etc, at an event organised by Cyber Rescue on 29th June 2016.
The digital age provides all organisations with opportunities to grow and innovate. But it also brings a new world of risk, especially to our most precious information. The information that’s critical to our future success. All organisations are at risk and cyber resilience is no longer a ‘nice to have’. But many organizations continue to struggle to define what good cyber resilience looks like.
Good starts with a strategy. A strategy built around your business objectives and knowing what the cyber risks are to those objectives. It’s about having the right people, skills, awareness and culture to deliver the strategy. It’s also about understanding that you will never be bullet-proof – to support your prevention and detection activities it’s now as important to know how you will effectively respond and recover to a cyber-attack.
In June 2015 AXELOS Global Best Practice are launching a new Cyber Resilience Best Practice portfolio. This webinar with Nick Wilding, Head of Cyber Resilience at AXELOS, outlines:
- what cyber resilience is and why it is so important to any organisation;
- why all of us are on the cyber front line and how we all have a role to play;
- why cyber resilience best practice is so vital to help define and manage what good looks like in your organisation;
- how you can get involved in the development and launch of this exciting new initiative from AXELOS.
Case Study: The Role of Human Error in Information SecurityPECB
The document discusses how human error is a major cause of security incidents, accounting for 95% according to IBM. Examples are given of incidents caused by expired certificates, unencrypted emails to the wrong recipient, and phishing emails. Two case studies are described in more detail: a lottery rigging scheme by an IT director that lasted 10 years due to a lack of oversight, and a company security breach enabled by an unconfigured firewall and employee clicking a phishing link. The document advocates for education, separation of duties, documented procedures and infrastructure protection to help address the problem of human error in security.
This presentation, Ransomware Rising, details the results of a survey of security professionals taken at RSA 2017, the world’s largest security conference, exploring their experiences with ransomware.
Conducted Feb. 13-17, at RSA 2017, the in-person survey is based on responses from 170 attendees including IT professionals, managers and executives from the U.S. (77 percent), EMEA (13 percent) and other regions (11 percent).
To learn more about preventing ransomware visit, http://bit.ly/2nwKICL
The webinar discusses cybersecurity trends for small and medium enterprises (SMEs) and professional accountants in light of the COVID-19 pandemic. It will provide an overview of pre-pandemic cybersecurity trends and risks, examine how the pandemic has influenced these trends and risks, and offer practical insights for SMEs to respond proactively. A panel of cybersecurity experts from Deloitte, KPMG and Cherry Bekaert will discuss topics like the global state of cybersecurity in SMEs before the pandemic, the impact of widespread remote working during the pandemic, and key considerations for cybersecurity in a post-pandemic environment.
Bringing together world leading data scientists, software developers, and industry experts Wynyard creates powerful software that helps organisations prevent and solve serious crime.
Working at Wynyard means being part of a team that is at the forefront of research and development into risk and threat assessment, crime analytics and investigations. The work is fast paced, and we are rapidly growing in all our locations.
Apparently, bank directors are a very worried bunch. Nearly 20 members of Bank Director’s membership program responded to the question posed in last month’s newsletter: “What worries you most about the future?”
The Security Director's Practical Guide to Cyber SecurityKevin Duffey
This document outlines an agenda for a cyber security director's workshop hosted by Cyber Rescue from November 30th to December 1st 2016. The workshop will cover what CEOs need from security directors to protect against cyber threats, how directors can identify vulnerabilities missed by IT, cyber insurance, responding to attacks, and leading recovery efforts. It introduces the facilitators, Barrie Millett and Kevin Duffey, and their experience in security, crisis response, and digital transformation risks. The typical roles and responsibilities of a security director are defined. The workshop aims to help directors support CEOs in leading through a cyber attack and managing relationships during response and recovery.
Do you know what brings cyber security risks to your organization? Are you ready to deal with cyber threats and the consequences of a cyber attack?
Find out what you should watch out for, no matter the size of your company!
The Benefits of Security From a Managed Services ProviderCSI Solutions
Today’s technology users—both consumers and bankers—who don’t stay informed on the latest in security can open themselves and others to attack.
View this SlideShare to learn what to look for in a solid managed security provider and how it can benefit your financial institution.
The July 2017 Cybersecurity Risk LandscapeCraig McGill
John Hinchcliffe, one of the talented cybersecurity experts at PwC in Scotland, recently spoke at an ISACA event, talking about the current security risk landscape, highlighting some of the forgotten security risks, and challenging attendees to think about the true value of their data.
Business Continuity, Data Privacy, and Information Security: How do they link?PECB
Considering the increased number of cyberattacks and the significant damage caused to the IT infrastructure, organizations should ensure that their efforts to secure IT operations are linked with efforts to maintain resiliency within organizations.
The webinar covers
• Cybersecurity during pandemic through statistics
• Attack trends during pandemic
• Mitigating steps to take
• Relevance of IT Disaster Recovery in the time of Cloud computing
• Achieving optimal alignment and efficiency regarding your ISMS, BCP, BIA and Risk Management efforts
• Post-pandemic cyber and privacy considerations
• BCP and pandemic scenario planning 'beyond COVID'
• How to keep your privacy policy and incident response plan actionable
• How to keep your BCP short, sharp, up-to-date and user-friendly during an actual invocation
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/0AbrywA5oic
The State Of Information and Cyber Security in 2016Shannon G., MBA
Shannon Glass, Practice Director from AfidenceIT talks about the State of Information and Cyber Security in 2016. She covers the importance of creating a culture of security awareness within an organization, threats to look out for on the landscape, and why you should care about protecting your data assets.
The document discusses security incident response readiness over time as technologies and threats have evolved. It analyzes survey results from 106 organizations across industries on their security incident preparation. Key findings include: over 70% have a cybersecurity strategy but lack business alignment; budget increases are expected but skills need improving; phishing is a top attack method; and collaboration on incidents needs strengthening through information sharing. The document advocates a strategic, framework-based approach to security incident response focusing on protection, detection, response, and recovery capabilities.
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Phil Agcaoili
Board of Directors are increasingly facing lawsuits related to data privacy and security breaches. To mitigate these risks, boards should regularly discuss data privacy and security issues, ensuring adequate resources are devoted to these areas. Recent reports show that breaches can occur at companies of all sizes, and that many companies have insufficient security budgets or expertise. Proper board oversight of cybersecurity is needed to establish responsible risk management practices and response plans for potential security incidents.
Cyber Security Threats Facing Small Businesses--June 2019Dawn Yankeelov
This presentation was made by Cloudnexus Founder Jay Rollins at the Technology Association of Louisville Kentucky's Cybersecurity Summit on June 14, 2019.
The document summarizes findings from ISACA's 2017 State of Cyber Security study regarding cyber security workforce trends and challenges. It reports that the cyber security skills gap persists, with many organizations receiving fewer than 5 applicants for open positions and the average time to fill positions being 3 months or more. Over half of organizations say practical hands-on experience is the most important candidate qualification, and only 70% require security certifications. The persistent skills shortage means about 1 in 5 organizations are unable to fill open cyber security roles.
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
Jim Aldridge from FireEye discusses what executives should ask their security teams. This is available on the FireEye Blog www.fireeye.com/blog/executive-perspective/2015/11/proactively_engaged.html
Presented by Dr Sam De Silva, partner at Nabarro to over 100 CEOs and Executives in London.
Explains what leaders should do immediately after becoming aware of a cyber attack, from a legal perspective.
The document discusses how excellent IT security can deter cyber adversaries. It finds that excellent security can deter attacks for over 4 days past the point when attackers would normally change targets. This doubles the time attackers need to plan and execute a successful attack. The document also notes that sharing threat intelligence with peers is one of the most effective ways to prevent attacks, and can help thwart 39% of attacks. However, on average attackers only make one quarter of what IT security professionals earn each year, calling into question whether crime truly pays for cyber attackers.
CEOs leading Recovery from Cyber AttackKevin Duffey
This presentation was given to senior representatives from the Cabinet Office (UK Government), Capita, E.ON, Institute of Directors, Microsoft, Saga plc, Zurich Insurance, etc, at an event organised by Cyber Rescue on 29th June 2016.
The digital age provides all organisations with opportunities to grow and innovate. But it also brings a new world of risk, especially to our most precious information. The information that’s critical to our future success. All organisations are at risk and cyber resilience is no longer a ‘nice to have’. But many organizations continue to struggle to define what good cyber resilience looks like.
Good starts with a strategy. A strategy built around your business objectives and knowing what the cyber risks are to those objectives. It’s about having the right people, skills, awareness and culture to deliver the strategy. It’s also about understanding that you will never be bullet-proof – to support your prevention and detection activities it’s now as important to know how you will effectively respond and recover to a cyber-attack.
In June 2015 AXELOS Global Best Practice are launching a new Cyber Resilience Best Practice portfolio. This webinar with Nick Wilding, Head of Cyber Resilience at AXELOS, outlines:
- what cyber resilience is and why it is so important to any organisation;
- why all of us are on the cyber front line and how we all have a role to play;
- why cyber resilience best practice is so vital to help define and manage what good looks like in your organisation;
- how you can get involved in the development and launch of this exciting new initiative from AXELOS.
Case Study: The Role of Human Error in Information SecurityPECB
The document discusses how human error is a major cause of security incidents, accounting for 95% according to IBM. Examples are given of incidents caused by expired certificates, unencrypted emails to the wrong recipient, and phishing emails. Two case studies are described in more detail: a lottery rigging scheme by an IT director that lasted 10 years due to a lack of oversight, and a company security breach enabled by an unconfigured firewall and employee clicking a phishing link. The document advocates for education, separation of duties, documented procedures and infrastructure protection to help address the problem of human error in security.
This presentation, Ransomware Rising, details the results of a survey of security professionals taken at RSA 2017, the world’s largest security conference, exploring their experiences with ransomware.
Conducted Feb. 13-17, at RSA 2017, the in-person survey is based on responses from 170 attendees including IT professionals, managers and executives from the U.S. (77 percent), EMEA (13 percent) and other regions (11 percent).
To learn more about preventing ransomware visit, http://bit.ly/2nwKICL
The webinar discusses cybersecurity trends for small and medium enterprises (SMEs) and professional accountants in light of the COVID-19 pandemic. It will provide an overview of pre-pandemic cybersecurity trends and risks, examine how the pandemic has influenced these trends and risks, and offer practical insights for SMEs to respond proactively. A panel of cybersecurity experts from Deloitte, KPMG and Cherry Bekaert will discuss topics like the global state of cybersecurity in SMEs before the pandemic, the impact of widespread remote working during the pandemic, and key considerations for cybersecurity in a post-pandemic environment.
Bringing together world leading data scientists, software developers, and industry experts Wynyard creates powerful software that helps organisations prevent and solve serious crime.
Working at Wynyard means being part of a team that is at the forefront of research and development into risk and threat assessment, crime analytics and investigations. The work is fast paced, and we are rapidly growing in all our locations.
Apparently, bank directors are a very worried bunch. Nearly 20 members of Bank Director’s membership program responded to the question posed in last month’s newsletter: “What worries you most about the future?”
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
This document profiles Shawn Tuma, a cybersecurity lawyer and partner at Scheef & Stone, LLP. It lists his extensive experience in cybersecurity law, data privacy law, and information governance. The document also provides an overview of key issues at the intersection of law and cybersecurity, including unauthorized access laws, data breach notification laws, cybersecurity best practices, breach response processes, officer and director liability, cyber insurance, and developing a cybersecurity risk management program.
Estudio de Russell Reynolds Associates sobre ciberseguridad que explora la importancia de la relación entre el Chief Information Security Officer y el Consejo de Administración.
The document provides guidance for boards of directors on cybersecurity oversight. It outlines 5 key tenets:
1) Cybersecurity is a risk management issue, not technological. Boards must regularly assess security posture.
2) Metrics should demonstrate impact of attacks to make cybersecurity tangible. Chief Information Security/Risk Officers should brief boards.
3) Boards must understand legal aspects of data regulations given breach consequences.
4) Boards must identify acceptable cyber risk levels as with other business risks.
5) Boards should adopt a framework like NIST to structure defenses and benchmark performance.
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
Shawn Tuma is a cybersecurity lawyer with expertise in data privacy law. He is a partner at Scheef & Stone LLP, a commercial law firm in Texas. Tuma has extensive experience advising businesses on cybersecurity issues and data breaches. He serves on several boards and committees related to cybersecurity law and policy. The document provides an overview of Tuma's background and experience in cybersecurity law.
Discussion that was held at RSA on the five steps CISO's can use to assess their enterprise security program and architect one that meets the organizations objectives and reduces its exposure to risk.
Most boards of directors don't have someone that understands cyber security issues. As a consequence, they can't provide the proper oversight over the companies they are responsible for. This presentation will cover the issues boards of directors need to understand, what questions board members need to ask and how to communicate with them.
(Consulting) Couch to CISO: A Security Leader's First 100 Days and BeyondPhilip Beyer
:: History ::
Security BSides DFW 2011 - November 5, 2011 (Philip J Beyer) - http://lanyrd.com/skymy
:: Summary ::
I will present details of how I transitioned from security consultant to program leader from vision to practice and planning for the future.
:: Abstract ::
If you want to go from a sedentary life to running a marathon, you have to have a plan. If you want to go from a consulting life to owning a security program, you also have to have a plan. Much like a 'Couch to 5K' running program, that plan will require vision, persistent effort, and a clear set of goals. I'll share my plan, what has worked so far and what didn't, and how you can design your own.
Mitigating Security Risks in Vendor Agreements
Providers of software, software-as-a-service, managed services, and professional services have varying degrees of sophistication in addressing security in their form contracts. Learn from an experienced technology attorney how to understand key clauses, or discover when they are missing, to ensure that the company's vendors are compliant with the appropriate security measures before signing the deal.
Brian Kirkpatrick is the founding shareholder of Kirkpatrick Law PC and a business attorney with a technology focus. He also serves as Of Counsel to Mullin Law PC for matters involving technology and information security.
His practice revolves around clients needing assistance in technology transactions, data privacy, cyber security, software compliance and audits, and general counsel related to business matters. Brian was voted 2015 Top Technology Attorney in Tarrant County by his peers as published in Fort Worth Texas Magazine.
Brian has published numerous articles and lectured nationally on legal topics such as software as a service, software licensing, contract negotiation, cyber security and legal considerations when starting a business. He is also featured in radio news interviews, as a conference panelist, a featured speaker, and is featured in an instructional video series about conducting negotiations. Before entering the legal profession, Brian was a Vice President commercial banker.
Brian is a graduate of Texas A&M University School of Law where he was inducted into the National Order of Barristers. He also has a Masters of Arts in Applied Economics from Southern Methodist University and a Bachelors of Science in Economics from Texas A&M University - Commerce where he was inducted into the Omicron Delta Epsilon International Economics Honor Society.
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
This document summarizes a presentation on building a cybersecurity risk management program. Some key points:
- The presenter discusses the importance of understanding business impacts of cybersecurity failures and balancing compliance obligations with operational risks.
- Cybersecurity controls must be embedded in business processes to be effective.
- As an executive, one must understand the organization's risk posture relative to peers and how the organization responds to incidents.
- The presenter emphasizes communicating cybersecurity risks using common language executives can understand and prioritizing risks based on limited resources.
A Day in the Life of a CISO
The intent of this presentation is to present the diverse nature of being a CISO today within the context of a public, regulated and targeted organization. The content is to both inspire and warn those whose career choices may include the CISO destination.
Mark Nagiel SVP/CISO, PrimeLending (4th. largest mortgage company in the US)
Director, Information Security (MetroPCS/T-Mobile)
VP, Technology/VP Information Security (InCharge Institute - Financial Services)
Co-Founder, Network Audit Systems, Inc. (Acquired by Armor Holdings (NYSE company)
InfoSec Chief (Niagara Mohawk Power Corp.)
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
This paper discusses the emerging issue of Board of Directors Governance and Cybersecurity. Originally presented to the Boards of Directors of the IRC http://www.isorto.org/Pages/Home in May 2014. The paper is in a continuous improvement mode ultimately targeting being a resource for Boards of Directors in the energy (electricity and natural gas) industry. Suggested updates and improvements are welcome at PaulFeldman@Gmail.com The current copy is always at http://www.EnergyCollection.us/456.pdf
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Tripwire
Boards of Directors have an inescapable legal responsibility to protect their organisation’s assets and shareholder value against risks. Where does cybersecurity fit in the agenda? Many boards lack the knowledge, awareness and confidence to connect security to the business.
In this webcast, moderator Paul Edon, Director of Customer Services at Tripwire, will provide a variety of perspectives from experienced professionals in the industry — including Amar Singh UK CISO for Elsevier, Ray Stanton EVP Professional Services at BT and Advisory Board Member of ISF, and Gary Cheetham, CISO at NFU Mutual.
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
In response to the rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect their business. However, most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams.
It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy.
Acknowledging this responsibility on the part of information security personnel, Tripwire has asked a number of prominent experts in the field how security teams can improve their executives’ cyber security literacy.
A review of the current and future trends in cyber-security, how the law may treat a breach of cyber-security and what you can do to minimise your exposure.
The document discusses how cybersecurity risks have become a major topic of discussion at high levels of organizations due to a combination of forces over the past decade. Sophisticated attackers now outpace security controls, and data breach disclosure laws have led to extensive media coverage of cyber attacks. This has increased pressure on boards of directors to oversee cybersecurity risks. Several case studies of large companies that suffered data breaches like Sony, Target, and TJX are presented to show how cyber attacks can significantly impact businesses but typically do not cause their downfall.
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, at the January 27, 2017 meeting of (ISC)² Dallas Fort Worth Chapter.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
The document discusses an interview with James Christiansen, VP of Information Risk Management for Optiv Security, which was formed from the merger of Accuvant and Fishnet Security. Christiansen discusses how the role of CISO is changing to focus more broadly on information risk management (CIRO). He emphasizes the importance of aligning cybersecurity spending with business objectives and risk exposure. In an ideal security program, there would be clear governance, reporting to the executive team, and balance between protective measures, visibility, and incident response capabilities. The document ends by discussing questions boards should ask executives about cybersecurity risks and oversight of the security program.
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
Are you effectively securing your organization’s IT systems that store, process, or transmit organizational information?
Is your IT risk management plan tailored to the specific risk profile of your business and being coordinated across all functional and business units?
With the release of IT Governance frameworks, requirements for risk management and new international standards entering the market, the pressure is mounting to ensure that all your IT risks are identified and the necessary action is taken – be this to mitigate them, accept or ignore them. So, how safe is your IT system? What are the risks that your organization is being exposed to?
The solution to this challenge is to establish an effective risk management process that protects the organization, not just its IT assets, and provides it with the ability to perform its mission.
Risk management is the process of identifying and assessing risk and taking preventive measures to reduce it to an acceptable level. It is critical that you develop an effective risk management program that assesses and mitigates risks within your IT systems and better manages these IT-related mission risks.
BENEFITS OF ATTENDING THIS WORKSHOP
Identify common IT project risks
Learn how to assess threats and vulnerabilities to create a risk response strategy
Understand what qualifies as risk with IT projects
Understand the most common IT risk sources
Qualify and quantify IT risks
Learn the difference between negative and positive IT risks
Develop an IT risk management plan
Plan risk response methods for IT risks
Create risk mitigation and contingency plans
Monitor and control project risks
Overcome resistance from stakeholders and team members
WHO SHOULD ATTEND THIS WORKSHOP
IT risk managers
IT security managers
Compliance officers
Program and project managers
IT project managers
IT operation manager
Contact Kris at kris@360bsi.com to register.
Cyber Risk International is a cybersecurity firm led by Paul C Dwyer, an internationally recognized cybersecurity expert with over 20 years of experience. The company has developed the CRI CISO framework to help organizations holistically identify, mitigate, and manage cyber risks through collaboration between security, risk management, legal, compliance, and other functions. Cyber Risk International provides cyber risk assessment, program design, implementation, and sustained management services to help clients protect against increasing cyber threats.
The document discusses cybersecurity risks that boards of directors must address. It provides advice from seven cybersecurity experts on how boards should implement an effective risk management framework to detect threats, ensure early detection and monitoring, and develop robust recovery plans. The experts emphasize the importance of understanding a company's critical digital assets, supply chain risks, and continuously educating all levels of the organization on cybersecurity issues.
Stop occupational fraud - Three simple steps to help stop fraudWynyard Group
Three simple steps can help companies counter internal fraud: 1) be proactive in identifying fraud risks through education and enforcing policies; 2) strengthen employment policies such as background checks and monitoring employee behavior; 3) employ data analytics tools to quickly analyze large amounts of data to identify suspicious patterns and mitigate risks early before significant damage occurs. Wynyard provides powerful software and analytics to help identify fraud and protect organizations.
How to Build a Successful Cybersecurity Program?PECB
How to Build a Successful Cybersecurity Program?
Is your cybersecurity program delivering on its promise? How do you know it works? Cybersecurity programs involve a significant investment in people, technology and time, so you need to ensure they help mitigate cyber risk effectively.
The webinar covers:
• Explain why assurance is so important for managing cyber risk
• Describe the key features of a successful cybersecurity program
• Highlight the role of a cyber assurance program in overall risk management
• Present essential steps required to deliver effective cybersecurity.
Date: November 06, 2019
Recorded webinar:
Grant Thornton provides cyber security and privacy services to help organizations protect their information assets and govern cyber security risks. They have expertise in areas like cyber security governance, cyber crime prevention, digital security, business resilience, and third party assurance. Their services help organizations assess cyber security maturity, identify vulnerabilities, improve controls, and develop strategies to prevent and respond to cyber attacks and security incidents.
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
PART II – Cyber Security: the mitigation strategies – how to identify, assess and mitigate cyber risks
The Risk Manager must be responsible, as for others risks, for the quantification aspect of cyber security. It is a necessary step towards understanding and managing the exposure of the company. He/she should act as a facilitator between the Board and the operational department (IT, Finance, Legal and other functions).
A key subject to unlock the cyber insurance development and to support the economic growth the Digital world is bringing to Europe.
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
The COVID-19 pandemic challenged organizations' security operations in significant ways by shifting workforces largely to remote environments. This changed the typical infrastructure topology protections and required a new focus on individual endpoints. Experts recommend organizations identify gaps by evaluating how the changes have impacted connectivity, communications, and collaboration capabilities. They also advise reassessing threat models, attack surfaces, security tools, and operations to ensure no new blind spots were introduced by the shift to remote work. Being able to proactively identify gaps is critical for organizations to build resilience against evolving threats.
Securing Organisations Against Cyber ThreatsDale Butler
This document advertises a masterclass on securing organizations against cyber threats. The masterclass will educate executives on cybersecurity risks and strategies to prevent attacks, as cybercrime costs the UK economy hundreds of millions each year. The masterclass will examine real cyber attack case studies, help attendees understand the impacts of attacks, and teach methods for managing risks and controlling threats through prevention rather than reaction. The event is aimed at corporate managers, directors, and other executives to illustrate that cybersecurity is a board-level governance issue rather than solely an IT concern.
Securing Organisations Against Cyber ThreatsPeteAndersen
This document advertises a masterclass on securing organizations against cyber threats. The masterclass will educate executives on cybersecurity risks and strategies to prevent attacks, as cybercrime costs the UK economy hundreds of millions each year. The masterclass will examine real cyber attack case studies, help attendees understand the impacts of attacks, and teach methods for managing risks and controlling threats through prevention rather than reaction. The event is aimed at corporate managers, directors, and other executives to illustrate that cybersecurity is a board-level governance issue rather than solely an IT concern.
Information Security vs IT - Key Roles & ResponsibilitiesKroll
Marc Brawner is a Principal with Kroll's Cyber Security & Investigations team. In this presentation to the Tennessee Bankers Association, Marc explains the key roles & responsibilities of the information security and information technology teams for increased cyber security
This document summarizes an executive cyber threat briefing from Cyber Risk International. The briefing is intended to help C-level executives and board members understand cyber security risks and how to manage them. It will provide an overview of the top cyber threats across different industries, offer real-world case studies and insights from cyber security experts, and discuss how to assess an organization's threat profile, build a cyber security strategy, and stay ahead of cyber attackers. The goal is to help executives recognize that cyber attacks are inevitable and that cyber risk management must be integrated into normal risk management operations.
This document discusses a holistic approach to cyber risk management. It recommends conducting regular vulnerability assessments to understand risks and identify security gaps. Once vulnerabilities are found, assets should be protected according to the organization's risk tolerance by implementing security measures like access control and user training. Continuous monitoring is also important since threats change over time. The holistic approach involves people, processes, and technology, not just technology alone.
Chinatu Uzuegbu presents a practical and proactive approach to combating cyber crimes. They discuss key concepts like the CIA triad of confidentiality, integrity and availability. Cyber crimes are defined as unruly or malicious acts that lead to disclosure, modification or destruction of information assets. Some prevalent cyber crimes include social engineering, ransomware, and denial of service attacks. An effective approach involves identifying and classifying assets, determining appropriate protections, and ongoing monitoring. International frameworks and carrying stakeholders along are also emphasized.
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
How to assess your Cybersecurity Vulnerability_.pdfMetaorange
The new age of cyber threats is not limited to data breaches and ransomware attacks. They have become much more advanced with AI-based security analysis, crypto-jacking, facial recognition, and voice cloning via deep fake, IoT compromise, and cloud-based DDoS attacks.
How to assess your Cybersecurity Vulnerability_.pptxMetaorange
Surprisingly, Deepfake Technology, which was once used for fun, has now enabled phishing attacks. Rick McRoy detected a deep fake-based voice call that caused a CEO to transfer a sum amount of $35 Million.
Further, AI-powered cyberattacks also pose a serious security risk. Existing cybersecurity tools are not enough to counter this cyber weaponry.
In the wake of such incidents, the need for advanced cybersecurity tools is growing important.
NCC Group C Suite Cyber Security Advisory ServicesOllie Whitehouse
This document discusses the importance of proactive cyber risk management for companies. It notes that executives must take a holistic approach to understanding cyber threats, implications for the business, and how to respond to incidents. It then provides an overview of the cybersecurity consulting services offered by NCC Group, including risk assessments, strategy development, incident response planning, and audits. The goal is to help organizations enhance their cyber resilience and ability to effectively manage risks and respond to threats.
Managing Online Reputation. How to Protect Your Company on Social MediaCharlie Pownall
Managing Online Reputation (Palgrave Macmillan, 2015) is a practical, common-sense guide to protecting and defending your company's name and image online.
Similar to Cyber risk tips for boards and executive teams (20)
In 3 sentences:
Wynyard reported record revenue of $15.9 million in the second half of 2014, driven by a 62% increase in software license revenue for their advanced crime analytics solutions. New contracts were signed with European law enforcement agencies and others to fight terrorism and manage child sex offenders. However, net loss increased to $22.2 million as the company accelerated global expansion and development of a next-generation big data platform.
Wynyard’s Crime Science Research Centre brings together the world’s leading data scientists, software engineers and industry experts. Single-minded about building powerful tools that enable our clients to know the threats, connect the dots and uncover the truth, our research focuses the application of advanced analytics, data integration and context aware visualisation. Our technology modules are described in this presentation.
Wynyard Group Annual General Meeting 2014Wynyard Group
This document provides a summary of key information for investors, including:
- 2013 financial performance which showed increased revenue, operating expenses, losses, and cash holdings compared to 2012. Recurring revenue decreased as a percentage of total revenue.
- Short and medium term focuses on continued revenue growth, expanding capabilities and capacity, pursuing strategic government deals and US expansion, developing partner channels, and managing risks like cash and talent.
- The board's focus is on building a large, profitable recurring business with lifelong government customers.
Case Studies: An overview of Wynyard's solutions and how they are used worldwideWynyard Group
Wynyard Group is a market leader in risk management and crime fighting software used in investigations and intelligence operations by government agencies and financial organisations. Wynyard solutions help solve and prevent crime, defend against advanced persistent cyber threats and counter terrorism. Wynyard’s powerful software platform combines big data, advanced crime analytics and tradecraft to identify persons of interest, stop offenders and protect victims.
The Marion County Sheriff’s Office, Wynyard Group and CI Technologies today announced that the Felony Lane Gang Working Group, comprising 92 law enforcement agencies and other organizations, will use Wynyard Advanced Crime Analytics and CrimeNtel from CI Technologies to help fight the notorious Felony Lane Gang – a group that steals victims’ purses, checkbooks and identity cards by smashing car windows and then forges checks on the victims’ accounts.
1. 1
UNITED KINGDOM UNITED STATES CANADA DUBAI AUSTRALIA NEW ZEALAND
How companies should approach today’s cyber reality
Published by Wynyard UK
Cyber Tips
2. 2
ABOUT WYNYARD
Wynyard Group is a market leader in risk management and
crime-fighting software used in investigations
and intelligence operations by government agencies and
financial organisations.
Wynyard solutions help solve and prevent crime,
defend against advanced persistent cyber-threats and
counter terrorism. Wynyard’s powerful software platform
combines big data, advanced crime analytics and tradecraft
to identify persons of interest, stop offenders and protect
victims.
Wynyard has more than 120,000 users and offices in the
United States, United Kingdom, Canada, United Arab
Emirates, Australia and New Zealand. For more
information, visit wynyardgroup.com
3. 3
DON’T DELEGATE CYBER-RESPONSIBILITY
Responsibility for managing cyber-risk
in any organisation must sit at the
executive level.
Every organisation must have a
dedicated leader overseeing:
• Strategic planning
• Execution
• Assessment of security strategies,
policies, procedures and guiding
practices
4. 4
THE INCREASING ROLE OF THE CISO
Organisations must prioritise the need for a Chief Information
Security Officer (CISO) role.
The CISO should be independent of IT and have a direct
reporting channel into the board.
This position and where it sits should show that the organisation
is taking a formal approach to monitoring cyber-threat risk, with
regular updates and monitoring by the board.
5. 5
EVALUATE, ASSESS AND MANAGE CYBER-RISK
Cyber-attacks cause severe disruption to a company.
From kids hacking video game downloads, to terrorists
targeting critical infrastructure, no organisation is
immune.
Each organisation has a distinct cyber-threat risk profile,
depending on the nature of the business, what
information it deals with and how valuable that asset is to
criminals.
The risk executive must understand:
• Assets need to be identified and risk-assessed against
cyber-threats
• Information is their most important and valuable asset
6. 6
CRITICAL ASSETS AND RISK STRATEGY
Adopt a governance-led, information-driven approach to
managing cyber-risk.
Generally, the company needs to:
• Watch how threats are evolving
• Understand the degree of risk at any one time
• Set strategies for countering attacks
Information-driven cyber-intelligence allows companies to
assess, manage and minimise risks.
7. 7
EARLY DETECTION IS KEY
For most modern businesses being online is essential, but the
key differentiator is the ability to recognise a cyber-attack
quickly.
You need a deep understanding of your network and business:
• How it works
• What and where are the key business assets
• How users interact with the business and the outside world
A strategic approach to cyber-security spending will also help
to build a more effective cyber-security practice.
8. 8
PUT CYBER-RISK ON THE BOARD AGENDA
Cyber-threat is one of the many areas of risk that should
be overseen by the board of directors.
Directors are not expected to be experts in this area and
require information and advice. But this is not an excuse for
not taking action.
The board needs a high-level understanding of:
• The company’s cyber-risks
• The management of these risks
• The company’s cyber-incident response plan
9. 9
EVALUATE RISKS AGAINST THE THREAT VECTOR
The threat vector is the path a threat actor could take to
attack your network. It includes any access points to your
information ,from unsecured WIFI to USB media and many
others. Organisations need to pre-empt an inevitable
breach investigation.
Management should be able to explain to the board how it
selects, manages and monitors third parties and their
access to data.
Boards should be provided with meaningful, data-driven
metrics that demonstrate both the performance and
effectiveness of a cyber-response plan.
10. 10
SUMMARY
Include cyber-risk in normal operational risk management.
The issue is here to stay.
Everyone, from executives to the board, should get
involved in cyber-risk management discussions.
To properly manage cyber-risk, the CEO and board must
fully understand the company’s exposure, how the risks
are being managed, and the response plan when the
inevitable breach occurs.
11. 11
CRAIG RICHARDSON
Craig Richardson is Wynyard Group’s
founding Chief Executive Officer. He
was previously the Chief Financial
Officer of Coca-Cola Amatil’s
(ASX:CCL) Pacific operations and VP
Finance for BlueScope Steel
(ASX:BSL) for the region. Craig has
also held senior executive roles in
finance, strategy and planning with
Vodafone in Sweden and Australia.
Craig is a certified practising
accountant and fellow of CPA
Australia. He is currently a board
member of Crown entity Callaghan
Innovation.
https://www.wynyardgroup.com/en/ab
out/management-team/
12. 12
RELATED BLOGS
Social media companies must do more to help fight extremism and terrorism
Former GCHQ deputy director cyber defence joins Wynyard Group
Cyber attacks - The importance of managing the risk
Cyber risk is here to stay
Cyber risk trends for 2015
CLICK HERE TO RECEIVE MORE INFORMATION ON MANAGING CYBER RISK