SlideShare a Scribd company logo

FDseminar IT Risk - Yuri Bobbert - Antwerp Management School

FDMagazine
FDMagazine

FDseminar IT Risk - 10 oktober 2017

Business
1 of 21
Download to read offline
Maturing Business Information Security (MBIS) Yuri Bobbert 10 October 2017 IT Risks & Cyberrisks: An academic practitioners view
Contents  Introductie  Context  Wat is informatiebeveiliging versus Cyber Security?  Ontwikkelingen en veiligheidsbeeld van Nederland  Research examples: Governance, Management and Operations  The role of the CISO  Value Enablement  Einde
Introduction: Yuri Bobbert  Visiting researcher and lecturer at Antwerp University & Radboud University  Chief Information Security Officer (CISO) at NN Group (+DeltaLloyd) (Financial Services)  Former interim CISO at UWV (Government)  Professor (lector) at NOVI University of Applied Sciences in Utrecht  Founder of Maturing Business Information Security Methodology & Community (www.mbis.eu)
Action Research as part of the “Relevance Cycle”
Context
Context  Internet of Things  Cloud  CaaS  Corporate Espionage  Value of Data  Regulations  Cyber resilience due diligence  Integrated reporting  Innovations Source: Ponemon 2016 World Economic Forum 2017
Ontwikkeling van Cybercrime; van netwerk naar software/applicaties Bron:trendMicro CRIMEWARE DamagecausedbyCybercrime 2001 2003 2004 2005 2007 2010 Vulnerabilities Worm Outbreaks Spam Mass Mailers Spyware Intelligent Botnets Web Threats 2012+ Targeted Attacks Mobile Attacks
Context
Our biggest cyber challenges Source: CSBN 2016  Professional criminals carry out long-lasting and high-quality operations  Digital economic espionage by foreign intelligence services puts a strain on the competitiveness of European companies  Ransomware is commonplace and has become even more advanced  Advertising networks have not yet shown the ability to cope with malvertising
What’s the problem?  Low Business Information Security “maturity”  Leads to unknown risks and incidents  Has effect on the –perceived- success of firms (WEF)  Quest for practical methods to implement Information Security Governance and management processes, structures and relational mechanisms Source: Bobbert, Mulder 2015 ICCICN
From IT Security to Business Information Security Source: Bobbert, Hubbard Enterprise Risk Management is the overarching domain for Information Risk Management ensuring proper controls is the discipline of Information Security Information Security Controls exist of IT Controls, Process Controls and People Controls Business Continuity is part of Enterprise Risk Management and consists of physical and digital controls Enterprise Risk management Business Continuity Information Security Information Technology (IT) Cyber SecurityIT Security
Governance Practices
Source: ISACA Plan (APO) Build (BAI) Run (DSS) Monitor (MEA) Management: The making of operation decisions Direct Monitor Evaluate Governance: The creation of a Setting wich others can manage effectively Operations: The operational effectuation of management decisions
From Governance to operations  Presence of Information Security Management practices  Absence of Information Security Governance practices Source: Bobbert
15 The role of the CISO
Structures Source; Forrester 2015 CISO
The role of the CISO; Enable Value  The CISO is generally the “heart and soul” of an information security program in most organizations. There is no better way to obtain a pulse regarding cyber risk” according to the IIA [327].  The CISO “defines the information security strategy and organises and manages the organisation’s information security in line with the organisation’s needs and risk appetite”, according to the European Competence Framework [328]  In 2015 Accenture [330] did research into so-called “leapfrog companies” that outperform in the field of Information Security compared to others. For example, due to the positioning of the CISO as a strategic role “These relatively new aspects of the role require CISOs to be successful change agents. To do this they need to be able to reflect on, and understand, the impact of their role on organisational culture”  IT Policy Compliance Group reports that firms that standardise procedures and controls for IS and manage IS via a dedicated IS staff which is led by a CISO achieve 8.5% higher revenue than industry averages (n= 3000 organisations) [329]  Hooper et al. states “organisations need to embrace their concern about cybersecurity and build it into their selection criteria for board members” [333]. Source: IIA, Accenture, Bobbert, Hooper et al
The role of the CISO; Enable Value by measuring Source: ISACA, Bobbert Plan (APO) Build (BAI) Run (DSS) Monitor (MEA) Management: The making of operation decisions Direct Monitor Evaluate Governance: The creation of a Setting wich others can manage effectively Operations: The operational effectuation of management decisions METRICS Risk appetite treshholds # of Business Risks and EUR impact # of relevant Stakeholders Compliance percentage Maturity level METRICS Number en percent of information security incidents related to changes made in assets Number en percent of information security incidents related to changes made in accounts Percent of (un)authorized assets Percent of (un)authorized accounts Average time for update/change of asset Average time for update/change of account .. METRICS Number of breaches Number of threats identified Number of vulnerabilities discovered Number of information security incidents and their risk rankings Number of information security violations Average time to resolve information security incidents Number en Percent of information security incidents causing disruption to business-critical processes …. METRICS Identity number of information leakage events Identity number mean time to resolve information security incidents Identity number and percent of information security- related incidents causing disruption to business-critical processes Identity number of information security incidents open/closed and their risk rankings Identity number of recurring information security problems that remain unresolved Identity number of vulnerabilities discovered Identity number of incidents involving endpoint devices Identity number of unauthorised devices detected on the network or in the end-user environment Identity average time between change and update of accounts Identity number of incidents relating to unauthorised access to information Identity number of threats identified Identity number of information security violations Identity percent of availability, performance and capacity incidents per year caused by information security controls Identity number of information security incidents caused by operational problems Identity number of firewall breaches ….
Value Creation: Value contributors  Increase stakeholders trust (World Economic Forum, OECD)  Corporate Social Responsibility ladder on IT Risk & Cyber Security (S&P, DJI, MVO)  Responsible disclosure on Information Security has a positive effect on the perceived value of the firm  Providing greater confidence and trust with customers via In control statements (ISAE, ISO, SOC1/2)  Reducing operational costs by providing predictable outcomes – mitigating risk factors that may interrupt the process  Increase the number of new customers (Hunter & Westerman, 2007)  Increase the number of passed audits (Cobit5)  Increase in resilience (Amazon)  Marketing differentiation (Pharmaceuticals, Carriers, Telco’s)  Decrease the number of Compliance penalties (Cobit5)  Decrease the number of Privacy Violations (ITGI, 2005) (ENISA)  Strengthening reputation (Peters, 2012)
Further Reading  http://www.b-able.nl/nl/news/video/  Panel discussion Dick Schoof & Prof S. de Haes  Gordon, L.A., M.P. Loeb and T. Sohail, “A Framework for Using Insurance for Cyber Risk Management,” Communications of the ACM, March 2003. This paper examines the unique aspects associated with cyber risk and presents a framework for using insurance as a tool for helping to manage information security risk.  Campbell, K., L.A. Gordon, M.P. Loeb and L. Zhou, “The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market,” Journal of Computer Security, Vol. 11, No. 3, 2003. This study examines the economic effect of information security breaches on the stock market value of corporations.  Gordon, L.A., M.P. Loeb, and L. Zhou, “The Impact of Information Security Breaches: Has there been a Downward Shift?,” Journal of Computer Security, Vol. 19, No. 1, 2011. This paper shows that information security breaches have had a significant impact on the stock market returns of some firms, but there has been a significant downward shift in the impact of such breaches in the sub-period following 9/11/2001.  Gordon, L.A., M.P. Loeb and T. Sohail, “Market Value of Voluntary Disclosures Concerning Information Security,” MIS Quarterly, Vol. 34, No.3, 2010. This paper provides strong evidence that voluntary disclosures concerning information security, in annual reports filed with the SEC, are positively associated with the stock market value of firms.
Q&A

Recommended

OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based securityArun Gopinath
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprisesTaranggg11
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the newsunnyjoshi88
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksConstantin Cocioaba
 
Gebm os presentation final
Gebm os presentation finalGebm os presentation final
Gebm os presentation finalsunnyjoshi88
 

Recommended

OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Secure by design building id based security
Secure by design building id based securitySecure by design building id based security
Secure by design building id based securityArun Gopinath
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for InsuranceAccenture Insurance
 
Top 3 security concerns for enterprises
Top 3 security concerns for enterprisesTop 3 security concerns for enterprises
Top 3 security concerns for enterprisesTaranggg11
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the newsunnyjoshi88
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksConstantin Cocioaba
 
Gebm os presentation final
Gebm os presentation finalGebm os presentation final
Gebm os presentation finalsunnyjoshi88
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the EnterpriseADGP, Public Grivences, Bangalore
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityRedspin, Inc.
 
Ics white paper report 2017
Ics white paper report 2017Ics white paper report 2017
Ics white paper report 2017Ir. Indin Hasan ST, MT, IPM, ASEAN Eng
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectIOSR Journals
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Booz Allen Hamilton
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover StoryPatrick Spencer
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...TISA
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityMatthew Rosenquist
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data BreachesMatthew Rosenquist
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligencethinkASG
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Microsoft
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet accenture
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
How Cyber Resilient are we?
How Cyber Resilient are we?How Cyber Resilient are we?
How Cyber Resilient are we?CIO Academy Asia Community
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st centuryThe Economist Media Businesses
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewEnow Eyong
 
Atos wp-cyberrisks
Atos wp-cyberrisksAtos wp-cyberrisks
Atos wp-cyberrisksHenk van der Tweel
 
Secure by design
Secure by designSecure by design
Secure by designArun Gopinath
 

More Related Content

What's hot

Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityRedspin, Inc.
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectIOSR Journals
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Booz Allen Hamilton
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...TISA
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityMatthew Rosenquist
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligencethinkASG
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Microsoft
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet accenture
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software developmentMuhammadArif823
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 

What's hot (19)

Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information Security
 
Ics white paper report 2017
Ics white paper report 2017Ics white paper report 2017
Ics white paper report 2017
 
Information Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and ProspectInformation Security Management System: Emerging Issues and Prospect
Information Security Management System: Emerging Issues and Prospect
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
 
Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover Story
 
Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...Prinya acis slide for swpark - it & information security human resource deve...
Prinya acis slide for swpark - it & information security human resource deve...
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
Pivotal Role of HR in Cybersecurity
Pivotal Role of HR in CybersecurityPivotal Role of HR in Cybersecurity
Pivotal Role of HR in Cybersecurity
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data Breaches
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security Intelligence
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
 
Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet Securing the Digital Economy: Reinventing the Internet
Securing the Digital Economy: Reinventing the Internet
 
Maintain data privacy during software development
Maintain data privacy during software developmentMaintain data privacy during software development
Maintain data privacy during software development
 
How Cyber Resilient are we?
How Cyber Resilient are we?How Cyber Resilient are we?
How Cyber Resilient are we?
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st century
 
Information security governance
Information security governanceInformation security governance
Information security governance
 

Similar to FDseminar IT Risk - Yuri Bobbert - Antwerp Management School

Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewEnow Eyong
 
Implementing IT Security Controls
Implementing IT Security ControlsImplementing IT Security Controls
Implementing IT Security ControlsThomas Jones
 
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docxRunning Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docxcharisellington63520
 
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...IJNSA Journal
 
Automation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerAutomation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerJoe Hessmiller
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011subramanian K
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxelinoraudley582231
 
A SYSTEMATIC LITERATURE REVIEW ON SECURITY INDICATORS FOR OPEN-SOURCE ENTERPR...
A SYSTEMATIC LITERATURE REVIEW ON SECURITY INDICATORS FOR OPEN-SOURCE ENTERPR...A SYSTEMATIC LITERATURE REVIEW ON SECURITY INDICATORS FOR OPEN-SOURCE ENTERPR...
A SYSTEMATIC LITERATURE REVIEW ON SECURITY INDICATORS FOR OPEN-SOURCE ENTERPR...ijseajournal
 
An information security governance framework
An information security governance frameworkAn information security governance framework
An information security governance frameworkAnne ndolo
 
Whitepaper Pro-active Security Management 2006.pdf
Whitepaper Pro-active Security Management 2006.pdfWhitepaper Pro-active Security Management 2006.pdf
Whitepaper Pro-active Security Management 2006.pdfserve&solve
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...Dejan Jeremic
 
LD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxLD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxstirlingvwriters
 
Our Previous Edition Post event synopsis
Our Previous Edition Post event synopsisOur Previous Edition Post event synopsis
Our Previous Edition Post event synopsisVasuki Kashyap
 

Similar to FDseminar IT Risk - Yuri Bobbert - Antwerp Management School (20)

Cybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature ReviewCybersecurity Business Risk, Literature Review
Cybersecurity Business Risk, Literature Review
 
Atos wp-cyberrisks
Atos wp-cyberrisksAtos wp-cyberrisks
Atos wp-cyberrisks
 
Secure by design
Secure by designSecure by design
Secure by design
 
Implementing IT Security Controls
Implementing IT Security ControlsImplementing IT Security Controls
Implementing IT Security Controls
 
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docxRunning Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
 
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...
 
Automation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe HessmillerAutomation of Information (Cyber) Security by Joe Hessmiller
Automation of Information (Cyber) Security by Joe Hessmiller
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011Security architecture rajagiri talk march 2011
Security architecture rajagiri talk march 2011
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanian
 
Discussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docxDiscussion 1Recommend three countermeasures that could enhance.docx
Discussion 1Recommend three countermeasures that could enhance.docx
 
WPCCS 16 Presentation
WPCCS 16 PresentationWPCCS 16 Presentation
WPCCS 16 Presentation
 
A SYSTEMATIC LITERATURE REVIEW ON SECURITY INDICATORS FOR OPEN-SOURCE ENTERPR...
A SYSTEMATIC LITERATURE REVIEW ON SECURITY INDICATORS FOR OPEN-SOURCE ENTERPR...A SYSTEMATIC LITERATURE REVIEW ON SECURITY INDICATORS FOR OPEN-SOURCE ENTERPR...
A SYSTEMATIC LITERATURE REVIEW ON SECURITY INDICATORS FOR OPEN-SOURCE ENTERPR...
 
An information security governance framework
An information security governance frameworkAn information security governance framework
An information security governance framework
 
Whitepaper Pro-active Security Management 2006.pdf
Whitepaper Pro-active Security Management 2006.pdfWhitepaper Pro-active Security Management 2006.pdf
Whitepaper Pro-active Security Management 2006.pdf
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...Zlatibor risk based balancing of organizational and technical controls for ...
Zlatibor risk based balancing of organizational and technical controls for ...
 
LD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docxLD7009 Information Assurance And Risk Management.docx
LD7009 Information Assurance And Risk Management.docx
 
Our Previous Edition Post event synopsis
Our Previous Edition Post event synopsisOur Previous Edition Post event synopsis
Our Previous Edition Post event synopsis
 

More from FDMagazine

FDevent Robotics & Finance
FDevent Robotics & FinanceFDevent Robotics & Finance
FDevent Robotics & FinanceFDMagazine
 
Agfa case - CCH Tagetik as efficient CPM platform at Agfa
Agfa case - CCH Tagetik as efficient CPM platform at AgfaAgfa case - CCH Tagetik as efficient CPM platform at Agfa
Agfa case - CCH Tagetik as efficient CPM platform at AgfaFDMagazine
 
Casper Van Leeuwen - Why cash flow should be a focal point
Casper Van Leeuwen - Why cash flow should be a focal pointCasper Van Leeuwen - Why cash flow should be a focal point
Casper Van Leeuwen - Why cash flow should be a focal pointFDMagazine
 
Dag1 02 geert_letens_cfo_conferenz
Dag1 02 geert_letens_cfo_conferenzDag1 02 geert_letens_cfo_conferenz
Dag1 02 geert_letens_cfo_conferenzFDMagazine
 
Dag1 01 veronique_goossens_cfo_conferenz
Dag1 01 veronique_goossens_cfo_conferenzDag1 01 veronique_goossens_cfo_conferenz
Dag1 01 veronique_goossens_cfo_conferenzFDMagazine
 
Dag2 04 peter_de_keyzer_cfo_conferenz
Dag2 04 peter_de_keyzer_cfo_conferenzDag2 04 peter_de_keyzer_cfo_conferenz
Dag2 04 peter_de_keyzer_cfo_conferenzFDMagazine
 
Dag2 03 elke_jeurissen_cfo_conferenz
Dag2 03 elke_jeurissen_cfo_conferenzDag2 03 elke_jeurissen_cfo_conferenz
Dag2 03 elke_jeurissen_cfo_conferenzFDMagazine
 
Dag2 01 pedro_matthynssens_cfo_conferenz
Dag2 01 pedro_matthynssens_cfo_conferenzDag2 01 pedro_matthynssens_cfo_conferenz
Dag2 01 pedro_matthynssens_cfo_conferenzFDMagazine
 
Dag2 02 kristof_stouthuysen_cfo_conferenz
Dag2 02 kristof_stouthuysen_cfo_conferenzDag2 02 kristof_stouthuysen_cfo_conferenz
Dag2 02 kristof_stouthuysen_cfo_conferenzFDMagazine
 
02 simon logghe_ml6
02 simon logghe_ml602 simon logghe_ml6
02 simon logghe_ml6FDMagazine
 
01 robert debeukelaer_groups
01 robert debeukelaer_groups01 robert debeukelaer_groups
01 robert debeukelaer_groupsFDMagazine
 
Jan Casteels - Duracell
Jan Casteels - DuracellJan Casteels - Duracell
Jan Casteels - DuracellFDMagazine
 
Christoph De Jaeger - C&A
Christoph De Jaeger - C&AChristoph De Jaeger - C&A
Christoph De Jaeger - C&AFDMagazine
 
Bram Desmet - Vlerick & Solventure
Bram Desmet - Vlerick & SolventureBram Desmet - Vlerick & Solventure
Bram Desmet - Vlerick & SolventureFDMagazine
 
Edward Schiettecatte (TRAINM) #cfoconferenz)
Edward Schiettecatte (TRAINM) #cfoconferenz)Edward Schiettecatte (TRAINM) #cfoconferenz)
Edward Schiettecatte (TRAINM) #cfoconferenz)FDMagazine
 
Jürgen Ingels (B-Hive) #cfoconferenz
Jürgen Ingels (B-Hive) #cfoconferenzJürgen Ingels (B-Hive) #cfoconferenz
Jürgen Ingels (B-Hive) #cfoconferenzFDMagazine
 
Giulia Van Waeyenberge (Sofina) #cfoconferenz
Giulia Van Waeyenberge (Sofina) #cfoconferenzGiulia Van Waeyenberge (Sofina) #cfoconferenz
Giulia Van Waeyenberge (Sofina) #cfoconferenzFDMagazine
 
Geert Gielens (Belfius) #cfoconferenz
Geert Gielens (Belfius) #cfoconferenzGeert Gielens (Belfius) #cfoconferenz
Geert Gielens (Belfius) #cfoconferenzFDMagazine
 
David Ducheyne (Otolith) #cfoconferenz
David Ducheyne (Otolith) #cfoconferenzDavid Ducheyne (Otolith) #cfoconferenz
David Ducheyne (Otolith) #cfoconferenzFDMagazine
 
Bruno Lowagie (iText) #cfoconferenz
Bruno Lowagie (iText) #cfoconferenzBruno Lowagie (iText) #cfoconferenz
Bruno Lowagie (iText) #cfoconferenzFDMagazine
 

More from FDMagazine (20)

FDevent Robotics & Finance
FDevent Robotics & FinanceFDevent Robotics & Finance
FDevent Robotics & Finance
 
Agfa case - CCH Tagetik as efficient CPM platform at Agfa
Agfa case - CCH Tagetik as efficient CPM platform at AgfaAgfa case - CCH Tagetik as efficient CPM platform at Agfa
Agfa case - CCH Tagetik as efficient CPM platform at Agfa
 
Casper Van Leeuwen - Why cash flow should be a focal point
Casper Van Leeuwen - Why cash flow should be a focal pointCasper Van Leeuwen - Why cash flow should be a focal point
Casper Van Leeuwen - Why cash flow should be a focal point
 
Dag1 02 geert_letens_cfo_conferenz
Dag1 02 geert_letens_cfo_conferenzDag1 02 geert_letens_cfo_conferenz
Dag1 02 geert_letens_cfo_conferenz
 
Dag1 01 veronique_goossens_cfo_conferenz
Dag1 01 veronique_goossens_cfo_conferenzDag1 01 veronique_goossens_cfo_conferenz
Dag1 01 veronique_goossens_cfo_conferenz
 
Dag2 04 peter_de_keyzer_cfo_conferenz
Dag2 04 peter_de_keyzer_cfo_conferenzDag2 04 peter_de_keyzer_cfo_conferenz
Dag2 04 peter_de_keyzer_cfo_conferenz
 
Dag2 03 elke_jeurissen_cfo_conferenz
Dag2 03 elke_jeurissen_cfo_conferenzDag2 03 elke_jeurissen_cfo_conferenz
Dag2 03 elke_jeurissen_cfo_conferenz
 
Dag2 01 pedro_matthynssens_cfo_conferenz
Dag2 01 pedro_matthynssens_cfo_conferenzDag2 01 pedro_matthynssens_cfo_conferenz
Dag2 01 pedro_matthynssens_cfo_conferenz
 
Dag2 02 kristof_stouthuysen_cfo_conferenz
Dag2 02 kristof_stouthuysen_cfo_conferenzDag2 02 kristof_stouthuysen_cfo_conferenz
Dag2 02 kristof_stouthuysen_cfo_conferenz
 
02 simon logghe_ml6
02 simon logghe_ml602 simon logghe_ml6
02 simon logghe_ml6
 
01 robert debeukelaer_groups
01 robert debeukelaer_groups01 robert debeukelaer_groups
01 robert debeukelaer_groups
 
Jan Casteels - Duracell
Jan Casteels - DuracellJan Casteels - Duracell
Jan Casteels - Duracell
 
Christoph De Jaeger - C&A
Christoph De Jaeger - C&AChristoph De Jaeger - C&A
Christoph De Jaeger - C&A
 
Bram Desmet - Vlerick & Solventure
Bram Desmet - Vlerick & SolventureBram Desmet - Vlerick & Solventure
Bram Desmet - Vlerick & Solventure
 
Edward Schiettecatte (TRAINM) #cfoconferenz)
Edward Schiettecatte (TRAINM) #cfoconferenz)Edward Schiettecatte (TRAINM) #cfoconferenz)
Edward Schiettecatte (TRAINM) #cfoconferenz)
 
Jürgen Ingels (B-Hive) #cfoconferenz
Jürgen Ingels (B-Hive) #cfoconferenzJürgen Ingels (B-Hive) #cfoconferenz
Jürgen Ingels (B-Hive) #cfoconferenz
 
Giulia Van Waeyenberge (Sofina) #cfoconferenz
Giulia Van Waeyenberge (Sofina) #cfoconferenzGiulia Van Waeyenberge (Sofina) #cfoconferenz
Giulia Van Waeyenberge (Sofina) #cfoconferenz
 
Geert Gielens (Belfius) #cfoconferenz
Geert Gielens (Belfius) #cfoconferenzGeert Gielens (Belfius) #cfoconferenz
Geert Gielens (Belfius) #cfoconferenz
 
David Ducheyne (Otolith) #cfoconferenz
David Ducheyne (Otolith) #cfoconferenzDavid Ducheyne (Otolith) #cfoconferenz
David Ducheyne (Otolith) #cfoconferenz
 
Bruno Lowagie (iText) #cfoconferenz
Bruno Lowagie (iText) #cfoconferenzBruno Lowagie (iText) #cfoconferenz
Bruno Lowagie (iText) #cfoconferenz
 

Recently uploaded

/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...lizamodels9
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Serviceankitnayak356677
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creationsnakalysalcedo61
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingShawn Pang
 
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckPitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckHajeJanKamps
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 

Recently uploaded (20)

/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In.../:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
/:Call Girls In Indirapuram Ghaziabad ➥9990211544 Independent Best Escorts In...
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creations
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth MarketingTech Startup Growth Hacking 101 - Basics on Growth Marketing
Tech Startup Growth Hacking 101 - Basics on Growth Marketing
 
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckPitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 

FDseminar IT Risk - Yuri Bobbert - Antwerp Management School

  • 1. Maturing Business Information Security (MBIS) Yuri Bobbert 10 October 2017 IT Risks & Cyberrisks: An academic practitioners view
  • 2. Contents  Introductie  Context  Wat is informatiebeveiliging versus Cyber Security?  Ontwikkelingen en veiligheidsbeeld van Nederland  Research examples: Governance, Management and Operations  The role of the CISO  Value Enablement  Einde
  • 3. Introduction: Yuri Bobbert  Visiting researcher and lecturer at Antwerp University & Radboud University  Chief Information Security Officer (CISO) at NN Group (+DeltaLloyd) (Financial Services)  Former interim CISO at UWV (Government)  Professor (lector) at NOVI University of Applied Sciences in Utrecht  Founder of Maturing Business Information Security Methodology & Community (www.mbis.eu)
  • 4. Action Research as part of the “Relevance Cycle”
  • 6. Context  Internet of Things  Cloud  CaaS  Corporate Espionage  Value of Data  Regulations  Cyber resilience due diligence  Integrated reporting  Innovations Source: Ponemon 2016 World Economic Forum 2017
  • 7. Ontwikkeling van Cybercrime; van netwerk naar software/applicaties Bron:trendMicro CRIMEWARE DamagecausedbyCybercrime 2001 2003 2004 2005 2007 2010 Vulnerabilities Worm Outbreaks Spam Mass Mailers Spyware Intelligent Botnets Web Threats 2012+ Targeted Attacks Mobile Attacks
  • 9. Our biggest cyber challenges Source: CSBN 2016  Professional criminals carry out long-lasting and high-quality operations  Digital economic espionage by foreign intelligence services puts a strain on the competitiveness of European companies  Ransomware is commonplace and has become even more advanced  Advertising networks have not yet shown the ability to cope with malvertising
  • 10. What’s the problem?  Low Business Information Security “maturity”  Leads to unknown risks and incidents  Has effect on the –perceived- success of firms (WEF)  Quest for practical methods to implement Information Security Governance and management processes, structures and relational mechanisms Source: Bobbert, Mulder 2015 ICCICN
  • 11. From IT Security to Business Information Security Source: Bobbert, Hubbard Enterprise Risk Management is the overarching domain for Information Risk Management ensuring proper controls is the discipline of Information Security Information Security Controls exist of IT Controls, Process Controls and People Controls Business Continuity is part of Enterprise Risk Management and consists of physical and digital controls Enterprise Risk management Business Continuity Information Security Information Technology (IT) Cyber SecurityIT Security
  • 13. Source: ISACA Plan (APO) Build (BAI) Run (DSS) Monitor (MEA) Management: The making of operation decisions Direct Monitor Evaluate Governance: The creation of a Setting wich others can manage effectively Operations: The operational effectuation of management decisions
  • 14. From Governance to operations  Presence of Information Security Management practices  Absence of Information Security Governance practices Source: Bobbert
  • 15. 15 The role of the CISO
  • 17. The role of the CISO; Enable Value  The CISO is generally the “heart and soul” of an information security program in most organizations. There is no better way to obtain a pulse regarding cyber risk” according to the IIA [327].  The CISO “defines the information security strategy and organises and manages the organisation’s information security in line with the organisation’s needs and risk appetite”, according to the European Competence Framework [328]  In 2015 Accenture [330] did research into so-called “leapfrog companies” that outperform in the field of Information Security compared to others. For example, due to the positioning of the CISO as a strategic role “These relatively new aspects of the role require CISOs to be successful change agents. To do this they need to be able to reflect on, and understand, the impact of their role on organisational culture”  IT Policy Compliance Group reports that firms that standardise procedures and controls for IS and manage IS via a dedicated IS staff which is led by a CISO achieve 8.5% higher revenue than industry averages (n= 3000 organisations) [329]  Hooper et al. states “organisations need to embrace their concern about cybersecurity and build it into their selection criteria for board members” [333]. Source: IIA, Accenture, Bobbert, Hooper et al
  • 18. The role of the CISO; Enable Value by measuring Source: ISACA, Bobbert Plan (APO) Build (BAI) Run (DSS) Monitor (MEA) Management: The making of operation decisions Direct Monitor Evaluate Governance: The creation of a Setting wich others can manage effectively Operations: The operational effectuation of management decisions METRICS Risk appetite treshholds # of Business Risks and EUR impact # of relevant Stakeholders Compliance percentage Maturity level METRICS Number en percent of information security incidents related to changes made in assets Number en percent of information security incidents related to changes made in accounts Percent of (un)authorized assets Percent of (un)authorized accounts Average time for update/change of asset Average time for update/change of account .. METRICS Number of breaches Number of threats identified Number of vulnerabilities discovered Number of information security incidents and their risk rankings Number of information security violations Average time to resolve information security incidents Number en Percent of information security incidents causing disruption to business-critical processes …. METRICS Identity number of information leakage events Identity number mean time to resolve information security incidents Identity number and percent of information security- related incidents causing disruption to business-critical processes Identity number of information security incidents open/closed and their risk rankings Identity number of recurring information security problems that remain unresolved Identity number of vulnerabilities discovered Identity number of incidents involving endpoint devices Identity number of unauthorised devices detected on the network or in the end-user environment Identity average time between change and update of accounts Identity number of incidents relating to unauthorised access to information Identity number of threats identified Identity number of information security violations Identity percent of availability, performance and capacity incidents per year caused by information security controls Identity number of information security incidents caused by operational problems Identity number of firewall breaches ….
  • 19. Value Creation: Value contributors  Increase stakeholders trust (World Economic Forum, OECD)  Corporate Social Responsibility ladder on IT Risk & Cyber Security (S&P, DJI, MVO)  Responsible disclosure on Information Security has a positive effect on the perceived value of the firm  Providing greater confidence and trust with customers via In control statements (ISAE, ISO, SOC1/2)  Reducing operational costs by providing predictable outcomes – mitigating risk factors that may interrupt the process  Increase the number of new customers (Hunter & Westerman, 2007)  Increase the number of passed audits (Cobit5)  Increase in resilience (Amazon)  Marketing differentiation (Pharmaceuticals, Carriers, Telco’s)  Decrease the number of Compliance penalties (Cobit5)  Decrease the number of Privacy Violations (ITGI, 2005) (ENISA)  Strengthening reputation (Peters, 2012)
  • 20. Further Reading  http://www.b-able.nl/nl/news/video/  Panel discussion Dick Schoof & Prof S. de Haes  Gordon, L.A., M.P. Loeb and T. Sohail, “A Framework for Using Insurance for Cyber Risk Management,” Communications of the ACM, March 2003. This paper examines the unique aspects associated with cyber risk and presents a framework for using insurance as a tool for helping to manage information security risk.  Campbell, K., L.A. Gordon, M.P. Loeb and L. Zhou, “The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market,” Journal of Computer Security, Vol. 11, No. 3, 2003. This study examines the economic effect of information security breaches on the stock market value of corporations.  Gordon, L.A., M.P. Loeb, and L. Zhou, “The Impact of Information Security Breaches: Has there been a Downward Shift?,” Journal of Computer Security, Vol. 19, No. 1, 2011. This paper shows that information security breaches have had a significant impact on the stock market returns of some firms, but there has been a significant downward shift in the impact of such breaches in the sub-period following 9/11/2001.  Gordon, L.A., M.P. Loeb and T. Sohail, “Market Value of Voluntary Disclosures Concerning Information Security,” MIS Quarterly, Vol. 34, No.3, 2010. This paper provides strong evidence that voluntary disclosures concerning information security, in annual reports filed with the SEC, are positively associated with the stock market value of firms.
  • 21. Q&A