SlideShare a Scribd company logo

Managing Cyber and Five Other Technology Risks

Lincoln Institute of Land Policy
Lincoln Institute of Land Policy

This document discusses the importance of managing technology risks for municipal governments. It identifies six categories of technology risk: cybersecurity, financial, operational, legal, reputational, and societal. Cybersecurity risks like data breaches and network intrusions are discussed in depth. The document emphasizes that developing technological proficiency requires strong governance, planning, cyber hygiene practices, and technical competency. It provides a five-stage model for assessing an organization's maturity in managing technology risks and recommends that all organizations start prioritizing technological proficiency.

Government & Nonprofit
1 of 30
Download to read offline
MANAGING CYBER AND FIVE OTHER TECHNOLOGY RISKS WHAT MUNICIPAL OFFICIALS AND SENIOR EXECUTIVES NEED TO KNOW CRITICAL ISSUES FOR THE FISCAL HEALTH OF NEW ENGLAND CITIES AND TOWNS APRIL 8 ,2016 Presented By Marc Pfeiffer, Principal Investigator and Assistant Director, Bloustein Local Government Research Center, Rutgers University
THE TECHNOLOGY MANAGEMENT OPPORTUNITY: • Integrating new technologies into a government environment that includes: • Cost/tax/fee pressures • Citizen expectations • Political dynamics that work against against long-term planning • “We can defer that purchase for another year, can’t we?”
KEY TECHNOLOGY MANAGEMENT CHALLENGES • Determining what we need, want, can afford; when and how we get it, how to manage it • Understanding that “technology” is more than “information technology”, but also includes operational and communications technologies; and they all have risks to manage • Understanding the risks; and that technology risks go beyond cyber-security; that it includes the other risks that need to be reckoned with • Knowing that managing technology and their risks is a not journey with a destination; it is an ongoing and evolving activity
WHAT IS TECHNOLOGICAL RISK?
Categories of Technology Risk Cyber- security Financial Opera- tional Legal Reputa- tional Societal
1. CYBER SECURITY • Banking incursions – electronic funds transfer • Data/PII breach/theft • Network breach/use as a remote host • Access to networked control systems • Credit card security • Cyber extortion – DDOS, Cryptolocker/ransomware • Website/Social Media Security
TYPES OF THREATS – SO FAR Targeted Attacks • Local government agencies are not usually specifically targeted, but you might be targeted by someone disgruntled or if something goes wrong Mass Attacks • This stems from successful email phishing and its cousins, and social engineering attacks Your Humans: • Clicking on the wrong link/opening the wrong file Bottom line: bad guys try to manipulate people into divulging personal or business information or tricking them into schemes to defraud
2. LEGAL RISKS
THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources
THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources 4. Financial – costs of responses to breaches and operational failure
THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources 4. Financial – costs of responses to breaches and operational failure 5. Reputational risks
THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources 4. Financial – costs of responses to breaches and operational failure 5. Reputational risks 6. Society driven risks
MANAGING TECHNOLOGY RISKS: THE NEED FOR TECHNOLOGICAL PROFICIENCY
A TECHNOLOGICALLY PROFICIENT ORGANIZATION …Understands the links between its business processes and its technology …Understands its technology needs …Is assured that the technology will work when it needs to, including routine and emergency situations …Is capable of protecting itself against compromise, including protecting and responding to cyber threats
DEVELOPING TECHNOLOGICAL PROFICIENCY To the extent one is weaker than the other, they are all weaker. ProficiencyGovernance Planning Cyber Hygiene Technical Competency
GOVERNANCE Governing boards cannot ignore technology or delegate key elements • Reputational and financial risks cannot be delegated • Governing body and chief executive must be engaged • Includes technology managers, fiscal staff, public safety, operational representation; can include responsible citizens.
GOVERNANCE Management needs to set the tone from the top, down: • Understands technology as an enterprise-wide risk management issue • Create a technology governance process • Has adequate access to technology expertise • Develop risk management processes • Adopts technology policies • Establish a technology planning process • Ensure reports to elected officials are meaningful
PLANNING Determines how you spend technology resources Key elements of the plan: • Matches organizational goals to technology goals • Assessment of technology assets, services, resources (hardware, software, networks, contractors, facilities, people) • Identify priorities of changes in technology solutions and activities • Assess and address technology risks • Define the information security management framework • Address “make or buy” decisions • Assign plan execution responsibilities to appropriate staff and tie plan to organization budget • Use a practical time horizon: No more than 3 years and review annually (or more often )
CYBER HYGIENE
BECAUSE… The bulk of successful attacks come because an employee clicked on something they shouldn’t have, so… • Train (and retrain) your humans • Consider intrusion testing • Have informed employee policies
TECHNICAL COMPETENCE Implement the plan with technical competency • Keep Governance updated on activities • Apply and enforce policies • Ensure that all tech employees are trained and contractors are secure • Keep aware of changing circumstances and technology, and SHARE information with peers • Be consistent; do not slack off
http://blousteinlocal.rutgers.edu/managing-technology-risk/
TECHNOLOGY PROFICIENCY MATURITY MODEL • UnawareStage 1 • FragmentedStage 2 • Top Down/EvolvingStage 3 • Managed/PervasiveStage 4 • Optimized/NetworkedStage 5
RISKPOTENTIAL UNAWARE FRAGMENTED DEFINED MANAGED OPTIMIZED MATURITY LEVEL MATURITY AND RISK POTENTIAL
TECHNOLOGY PROFILES BASIC
WHAT SHOULD I DO?
PUT TECHNOLOGY PROFICIENCY ON YOUR ORGANIZATIONS AGENDA You can’t do this overnight; it will always be a work in progress. It will likely cost new resources of time, attention, and $$ Remember, proficiency and cybersecurity are an ongoing process and challenge, NOT a destination! And every organization is at a different spot on the map So… START
STUDY CONDUCTED BY: Marc Pfeiffer, Assistant Director Bloustein Local Government Research Center Bloustein School of Planning and Public Policy Rutgers, The State University 33 Livingston Street, New Brunswick 08901 marc.pfeiffer@rutgers.edu 848-932-2830 http://blousteinlocal.rutgers.edu/managing-technology-risk/ Under a grant provided by the: Municipal Excess Liability Joint Insurance Fund 9 Campus Drive - Suite 16 Parsippany, NJ 07054 (201) 881-7632 With an assist from Dr. Alan Shark, Director of the Center for Technology Leadership at the Rutgers School of Public Affairs and Administration, and Executive Director, Public Technology Institute All materials © 2015 by Rutgers and the Municipal Excess Liability Joint Insurance Fund

Recommended

Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
shinydey
 
31 ijaprr vol1-4-29-35harmeet
31 ijaprr vol1-4-29-35harmeet31 ijaprr vol1-4-29-35harmeet
31 ijaprr vol1-4-29-35harmeet
ijaprr_editor
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and control
Yulias Sihombing, Ak, MAk, CIA
 

Recommended

Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
shinydey
 
31 ijaprr vol1-4-29-35harmeet
31 ijaprr vol1-4-29-35harmeet31 ijaprr vol1-4-29-35harmeet
31 ijaprr vol1-4-29-35harmeet
ijaprr_editor
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information Policy
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and control
Yulias Sihombing, Ak, MAk, CIA
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
Marc Vael
 
Information Security
Information SecurityInformation Security
Information Security
chenpingling
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
Marneil Sanchez
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better Together
EOTSS
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
Resilient Systems
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014
Peter ODell
 
Cyber Rangers S1 E2
Cyber Rangers S1 E2Cyber Rangers S1 E2
Cyber Rangers S1 E2
JudyEvans8
 
Privacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident ResponsePrivacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident Response
ID Experts
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security Continuum
Martin Hingley
 
Operational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solutionOperational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solution
Faysal Ghauri
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic Planning
Keyaan Williams
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 
Online BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techOnline BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol tech
Bradford Sims
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
Anne Starr
 
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
Levi Shapiro
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Empired
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote
John D. Johnson
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
AstalapulosListestos
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 

More Related Content

What's hot

ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
Marc Vael
 
Information Security
Information SecurityInformation Security
Information Security
chenpingling
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
Marneil Sanchez
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better Together
EOTSS
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
Resilient Systems
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014
Peter ODell
 
Cyber Rangers S1 E2
Cyber Rangers S1 E2Cyber Rangers S1 E2
Cyber Rangers S1 E2
JudyEvans8
 
Privacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident ResponsePrivacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident Response
ID Experts
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security Continuum
Martin Hingley
 
Operational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solutionOperational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solution
Faysal Ghauri
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic Planning
Keyaan Williams
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 
Online BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techOnline BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol tech
Bradford Sims
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
Anne Starr
 
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
Levi Shapiro
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Empired
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote
John D. Johnson
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
McKonly & Asbury, LLP
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 

What's hot (20)

ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
 
Information Security
Information SecurityInformation Security
Information Security
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better Together
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014
 
Cyber Rangers S1 E2
Cyber Rangers S1 E2Cyber Rangers S1 E2
Cyber Rangers S1 E2
 
Privacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident ResponsePrivacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident Response
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security Continuum
 
Operational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solutionOperational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solution
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic Planning
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Online BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techOnline BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol tech
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
 
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 

Similar to Managing Cyber and Five Other Technology Risks

It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
AstalapulosListestos
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
James Rutt
 
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. HawkinsSteel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
lthawkins
 
Managing IT projects by David Bustin
Managing IT projects by David BustinManaging IT projects by David Bustin
Managing IT projects by David Bustin
David Bustin
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
North Texas Chapter of the ISSA
 
1_ICT.pdf
1_ICT.pdf1_ICT.pdf
1_ICT.pdf
DRPOONAMDRPOONAM1
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
BOHR International Journal of Financial market and Corporate Finance
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
BIJFMCF Journal
 
100531 it management dpa upload
100531 it management dpa upload100531 it management dpa upload
100531 it management dpa upload
plpictimatec
 
S36169184
S36169184S36169184
S36169184
American Research Journal of Humanities & Social Science
 
Technology intelliegence & forecasting
Technology intelliegence & forecastingTechnology intelliegence & forecasting
Technology intelliegence & forecasting
VijayKrKhurana
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docx
SUBHI7
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
FinancialMarketCorpo
 
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
Black Duck by Synopsys
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
Rd. R. Agung Trimanda
 
A Critical Appraisal of Technology in the University
A Critical Appraisal of Technology in the University A Critical Appraisal of Technology in the University
A Critical Appraisal of Technology in the University
Richard Hall
 
1_ICT.pptx
1_ICT.pptx1_ICT.pptx
1_ICT.pptx
poonam256394
 
Using ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernanceUsing ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and Governance
PECB
 
Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015
Matthew Rosenquist
 
Technology forcasting ch#5
Technology forcasting ch#5Technology forcasting ch#5
Technology forcasting ch#5
Yasir Abbas
 

Similar to Managing Cyber and Five Other Technology Risks (20)

It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
 
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. HawkinsSteel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
 
Managing IT projects by David Bustin
Managing IT projects by David BustinManaging IT projects by David Bustin
Managing IT projects by David Bustin
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
 
1_ICT.pdf
1_ICT.pdf1_ICT.pdf
1_ICT.pdf
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
 
100531 it management dpa upload
100531 it management dpa upload100531 it management dpa upload
100531 it management dpa upload
 
S36169184
S36169184S36169184
S36169184
 
Technology intelliegence & forecasting
Technology intelliegence & forecastingTechnology intelliegence & forecasting
Technology intelliegence & forecasting
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docx
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
 
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
 
A Critical Appraisal of Technology in the University
A Critical Appraisal of Technology in the University A Critical Appraisal of Technology in the University
A Critical Appraisal of Technology in the University
 
1_ICT.pptx
1_ICT.pptx1_ICT.pptx
1_ICT.pptx
 
Using ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernanceUsing ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and Governance
 
Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015
 
Technology forcasting ch#5
Technology forcasting ch#5Technology forcasting ch#5
Technology forcasting ch#5
 

More from Lincoln Institute of Land Policy

Land Value Capture Examples
Land Value Capture ExamplesLand Value Capture Examples
Land Value Capture Examples
Lincoln Institute of Land Policy
 
Rethinking Property Tax Incentives for Business
Rethinking Property Tax Incentives for BusinessRethinking Property Tax Incentives for Business
Rethinking Property Tax Incentives for Business
Lincoln Institute of Land Policy
 
Nonprofits, the Property Tax, and PILOTs in New England
Nonprofits, the Property Tax, and PILOTs in New EnglandNonprofits, the Property Tax, and PILOTs in New England
Nonprofits, the Property Tax, and PILOTs in New England
Lincoln Institute of Land Policy
 
Working Cities Challenge
Working Cities ChallengeWorking Cities Challenge
Working Cities Challenge
Lincoln Institute of Land Policy
 
What Research Shows about Resurgent Cities: Lessons for Policy Makers
What Research Shows about Resurgent Cities: Lessons for Policy MakersWhat Research Shows about Resurgent Cities: Lessons for Policy Makers
What Research Shows about Resurgent Cities: Lessons for Policy Makers
Lincoln Institute of Land Policy
 
Best Practices for Funding Retirement & Benefits
Best Practices for Funding Retirement & BenefitsBest Practices for Funding Retirement & Benefits
Best Practices for Funding Retirement & Benefits
Lincoln Institute of Land Policy
 
Nonprofits, the Property Tax, and PILOTs in New England
Nonprofits, the Property Tax, and PILOTs in New EnglandNonprofits, the Property Tax, and PILOTs in New England
Nonprofits, the Property Tax, and PILOTs in New England
Lincoln Institute of Land Policy
 
What's Up With Property Taxes
What's Up With Property TaxesWhat's Up With Property Taxes
What's Up With Property Taxes
Lincoln Institute of Land Policy
 
Fiscal Distress in Local Governments: Opportunities for State/Local Partnership
Fiscal Distress in Local Governments: Opportunities for State/Local PartnershipFiscal Distress in Local Governments: Opportunities for State/Local Partnership
Fiscal Distress in Local Governments: Opportunities for State/Local Partnership
Lincoln Institute of Land Policy
 
Rhode Island's Fiscal Stability Act and Municipal Transparency Portal
Rhode Island's Fiscal Stability Act and Municipal Transparency PortalRhode Island's Fiscal Stability Act and Municipal Transparency Portal
Rhode Island's Fiscal Stability Act and Municipal Transparency Portal
Lincoln Institute of Land Policy
 
Regional Economic Update
Regional Economic UpdateRegional Economic Update
Regional Economic Update
Lincoln Institute of Land Policy
 
Financing Infrastructure in U.S. Cities
Financing Infrastructure in U.S. CitiesFinancing Infrastructure in U.S. Cities
Financing Infrastructure in U.S. Cities
Lincoln Institute of Land Policy
 
Accessing Capital Markets for Capital Needs
Accessing Capital Markets for Capital NeedsAccessing Capital Markets for Capital Needs
Accessing Capital Markets for Capital Needs
Lincoln Institute of Land Policy
 
Fiscal Transparency in Arlington, Massachusetts
Fiscal Transparency in Arlington, MassachusettsFiscal Transparency in Arlington, Massachusetts
Fiscal Transparency in Arlington, Massachusetts
Lincoln Institute of Land Policy
 
Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...
Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...
Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...
Lincoln Institute of Land Policy
 
Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...
Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...
Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...
Lincoln Institute of Land Policy
 
Tackling Fiscal Stress in Rhode Island
Tackling Fiscal Stress in Rhode IslandTackling Fiscal Stress in Rhode Island
Tackling Fiscal Stress in Rhode Island
Lincoln Institute of Land Policy
 
Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...
Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...
Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...
Lincoln Institute of Land Policy
 
City Fiscal Structures and Conditions
City Fiscal Structures and ConditionsCity Fiscal Structures and Conditions
City Fiscal Structures and Conditions
Lincoln Institute of Land Policy
 
New England Regional Economic Update
New England Regional Economic UpdateNew England Regional Economic Update
New England Regional Economic Update
Lincoln Institute of Land Policy
 

More from Lincoln Institute of Land Policy (20)

Land Value Capture Examples
Land Value Capture ExamplesLand Value Capture Examples
Land Value Capture Examples
 
Rethinking Property Tax Incentives for Business
Rethinking Property Tax Incentives for BusinessRethinking Property Tax Incentives for Business
Rethinking Property Tax Incentives for Business
 
Nonprofits, the Property Tax, and PILOTs in New England
Nonprofits, the Property Tax, and PILOTs in New EnglandNonprofits, the Property Tax, and PILOTs in New England
Nonprofits, the Property Tax, and PILOTs in New England
 
Working Cities Challenge
Working Cities ChallengeWorking Cities Challenge
Working Cities Challenge
 
What Research Shows about Resurgent Cities: Lessons for Policy Makers
What Research Shows about Resurgent Cities: Lessons for Policy MakersWhat Research Shows about Resurgent Cities: Lessons for Policy Makers
What Research Shows about Resurgent Cities: Lessons for Policy Makers
 
Best Practices for Funding Retirement & Benefits
Best Practices for Funding Retirement & BenefitsBest Practices for Funding Retirement & Benefits
Best Practices for Funding Retirement & Benefits
 
Nonprofits, the Property Tax, and PILOTs in New England
Nonprofits, the Property Tax, and PILOTs in New EnglandNonprofits, the Property Tax, and PILOTs in New England
Nonprofits, the Property Tax, and PILOTs in New England
 
What's Up With Property Taxes
What's Up With Property TaxesWhat's Up With Property Taxes
What's Up With Property Taxes
 
Fiscal Distress in Local Governments: Opportunities for State/Local Partnership
Fiscal Distress in Local Governments: Opportunities for State/Local PartnershipFiscal Distress in Local Governments: Opportunities for State/Local Partnership
Fiscal Distress in Local Governments: Opportunities for State/Local Partnership
 
Rhode Island's Fiscal Stability Act and Municipal Transparency Portal
Rhode Island's Fiscal Stability Act and Municipal Transparency PortalRhode Island's Fiscal Stability Act and Municipal Transparency Portal
Rhode Island's Fiscal Stability Act and Municipal Transparency Portal
 
Regional Economic Update
Regional Economic UpdateRegional Economic Update
Regional Economic Update
 
Financing Infrastructure in U.S. Cities
Financing Infrastructure in U.S. CitiesFinancing Infrastructure in U.S. Cities
Financing Infrastructure in U.S. Cities
 
Accessing Capital Markets for Capital Needs
Accessing Capital Markets for Capital NeedsAccessing Capital Markets for Capital Needs
Accessing Capital Markets for Capital Needs
 
Fiscal Transparency in Arlington, Massachusetts
Fiscal Transparency in Arlington, MassachusettsFiscal Transparency in Arlington, Massachusetts
Fiscal Transparency in Arlington, Massachusetts
 
Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...
Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...
Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...
 
Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...
Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...
Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...
 
Tackling Fiscal Stress in Rhode Island
Tackling Fiscal Stress in Rhode IslandTackling Fiscal Stress in Rhode Island
Tackling Fiscal Stress in Rhode Island
 
Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...
Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...
Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...
 
City Fiscal Structures and Conditions
City Fiscal Structures and ConditionsCity Fiscal Structures and Conditions
City Fiscal Structures and Conditions
 
New England Regional Economic Update
New England Regional Economic UpdateNew England Regional Economic Update
New England Regional Economic Update
 

Recently uploaded

PPT Item # 4 - 434 College Blvd. (sign. review)
PPT Item # 4 - 434 College Blvd. (sign. review)PPT Item # 4 - 434 College Blvd. (sign. review)
PPT Item # 4 - 434 College Blvd. (sign. review)
ahcitycouncil
 
State crafting: Changes and challenges for managing the public finances
State crafting: Changes and challenges for managing the public financesState crafting: Changes and challenges for managing the public finances
State crafting: Changes and challenges for managing the public finances
ResolutionFoundation
 
Preliminary findings _OECD field visits to ten regions in the TSI EU mining r...
Preliminary findings _OECD field visits to ten regions in the TSI EU mining r...Preliminary findings _OECD field visits to ten regions in the TSI EU mining r...
Preliminary findings _OECD field visits to ten regions in the TSI EU mining r...
OECDregions
 
PPT Item # 8&9 - Demolition Code Amendments
PPT Item # 8&9 - Demolition Code AmendmentsPPT Item # 8&9 - Demolition Code Amendments
PPT Item # 8&9 - Demolition Code Amendments
ahcitycouncil
 
Indira P.S Vs sub Collector Kochi - The settlement register is not a holy cow...
Indira P.S Vs sub Collector Kochi - The settlement register is not a holy cow...Indira P.S Vs sub Collector Kochi - The settlement register is not a holy cow...
Indira P.S Vs sub Collector Kochi - The settlement register is not a holy cow...
Jamesadhikaram land matter consultancy 9447464502
 
Item # 10 -- Historical Presv. Districts
Item # 10 -- Historical Presv. DistrictsItem # 10 -- Historical Presv. Districts
Item # 10 -- Historical Presv. Districts
ahcitycouncil
 
2024: The FAR - Federal Acquisition Regulations, Part 38
2024: The FAR - Federal Acquisition Regulations, Part 382024: The FAR - Federal Acquisition Regulations, Part 38
2024: The FAR - Federal Acquisition Regulations, Part 38
JSchaus & Associates
 
A proposed request for information on LIHTC
A proposed request for information on LIHTCA proposed request for information on LIHTC
A proposed request for information on LIHTC
Roger Valdez
 
Researching the client.pptxsxssssssssssssssssssssss
Researching the client.pptxsxssssssssssssssssssssssResearching the client.pptxsxssssssssssssssssssssss
Researching the client.pptxsxssssssssssssssssssssss
DanielOliver74
 
Item #s 8&9 -- Demolition Code Amendment
Item #s 8&9 -- Demolition Code AmendmentItem #s 8&9 -- Demolition Code Amendment
Item #s 8&9 -- Demolition Code Amendment
ahcitycouncil
 
CBO’s Outlook for U.S. Fertility Rates: 2024 to 2054
CBO’s Outlook for U.S. Fertility Rates: 2024 to 2054CBO’s Outlook for U.S. Fertility Rates: 2024 to 2054
CBO’s Outlook for U.S. Fertility Rates: 2024 to 2054
Congressional Budget Office
 
Combined Illegal, Unregulated and Unreported (IUU) Vessel List.
Combined Illegal, Unregulated and Unreported (IUU) Vessel List.Combined Illegal, Unregulated and Unreported (IUU) Vessel List.
Combined Illegal, Unregulated and Unreported (IUU) Vessel List.
Christina Parmionova
 
Invitation Letter for an alumni association
Invitation Letter for an alumni associationInvitation Letter for an alumni association
Invitation Letter for an alumni association
elmerdalida001
 
Transit-Oriented Development Study Working Group Meeting
Transit-Oriented Development Study Working Group MeetingTransit-Oriented Development Study Working Group Meeting
Transit-Oriented Development Study Working Group Meeting
Cuyahoga County Planning Commission
 
Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019
Partito democratico
 
2024: The FAR - Federal Acquisition Regulations, Part 39
2024: The FAR - Federal Acquisition Regulations, Part 392024: The FAR - Federal Acquisition Regulations, Part 39
2024: The FAR - Federal Acquisition Regulations, Part 39
JSchaus & Associates
 
Texas Water Development Board Updates June 2024
Texas Water Development Board Updates June 2024Texas Water Development Board Updates June 2024
Texas Water Development Board Updates June 2024
Texas Alliance of Groundwater Districts
 
Practical guide for the celebration of World Environment Day on june 5th.
Practical guide for the celebration of World Environment Day on june 5th.Practical guide for the celebration of World Environment Day on june 5th.
Practical guide for the celebration of World Environment Day on june 5th.
Christina Parmionova
 
快速办理(Bristol毕业证书)布里斯托大学毕业证Offer一模一样
快速办理(Bristol毕业证书)布里斯托大学毕业证Offer一模一样快速办理(Bristol毕业证书)布里斯托大学毕业证Offer一模一样
快速办理(Bristol毕业证书)布里斯托大学毕业证Offer一模一样
3woawyyl
 
PUBLIC FINANCIAL MANAGEMENT SYSTEM (PFMS) and DBT.pptx
PUBLIC FINANCIAL MANAGEMENT SYSTEM (PFMS) and DBT.pptxPUBLIC FINANCIAL MANAGEMENT SYSTEM (PFMS) and DBT.pptx
PUBLIC FINANCIAL MANAGEMENT SYSTEM (PFMS) and DBT.pptx
Marked12
 

Recently uploaded (20)

PPT Item # 4 - 434 College Blvd. (sign. review)
PPT Item # 4 - 434 College Blvd. (sign. review)PPT Item # 4 - 434 College Blvd. (sign. review)
PPT Item # 4 - 434 College Blvd. (sign. review)
 
State crafting: Changes and challenges for managing the public finances
State crafting: Changes and challenges for managing the public financesState crafting: Changes and challenges for managing the public finances
State crafting: Changes and challenges for managing the public finances
 
Preliminary findings _OECD field visits to ten regions in the TSI EU mining r...
Preliminary findings _OECD field visits to ten regions in the TSI EU mining r...Preliminary findings _OECD field visits to ten regions in the TSI EU mining r...
Preliminary findings _OECD field visits to ten regions in the TSI EU mining r...
 
PPT Item # 8&9 - Demolition Code Amendments
PPT Item # 8&9 - Demolition Code AmendmentsPPT Item # 8&9 - Demolition Code Amendments
PPT Item # 8&9 - Demolition Code Amendments
 
Indira P.S Vs sub Collector Kochi - The settlement register is not a holy cow...
Indira P.S Vs sub Collector Kochi - The settlement register is not a holy cow...Indira P.S Vs sub Collector Kochi - The settlement register is not a holy cow...
Indira P.S Vs sub Collector Kochi - The settlement register is not a holy cow...
 
Item # 10 -- Historical Presv. Districts
Item # 10 -- Historical Presv. DistrictsItem # 10 -- Historical Presv. Districts
Item # 10 -- Historical Presv. Districts
 
2024: The FAR - Federal Acquisition Regulations, Part 38
2024: The FAR - Federal Acquisition Regulations, Part 382024: The FAR - Federal Acquisition Regulations, Part 38
2024: The FAR - Federal Acquisition Regulations, Part 38
 
A proposed request for information on LIHTC
A proposed request for information on LIHTCA proposed request for information on LIHTC
A proposed request for information on LIHTC
 
Researching the client.pptxsxssssssssssssssssssssss
Researching the client.pptxsxssssssssssssssssssssssResearching the client.pptxsxssssssssssssssssssssss
Researching the client.pptxsxssssssssssssssssssssss
 
Item #s 8&9 -- Demolition Code Amendment
Item #s 8&9 -- Demolition Code AmendmentItem #s 8&9 -- Demolition Code Amendment
Item #s 8&9 -- Demolition Code Amendment
 
CBO’s Outlook for U.S. Fertility Rates: 2024 to 2054
CBO’s Outlook for U.S. Fertility Rates: 2024 to 2054CBO’s Outlook for U.S. Fertility Rates: 2024 to 2054
CBO’s Outlook for U.S. Fertility Rates: 2024 to 2054
 
Combined Illegal, Unregulated and Unreported (IUU) Vessel List.
Combined Illegal, Unregulated and Unreported (IUU) Vessel List.Combined Illegal, Unregulated and Unreported (IUU) Vessel List.
Combined Illegal, Unregulated and Unreported (IUU) Vessel List.
 
Invitation Letter for an alumni association
Invitation Letter for an alumni associationInvitation Letter for an alumni association
Invitation Letter for an alumni association
 
Transit-Oriented Development Study Working Group Meeting
Transit-Oriented Development Study Working Group MeetingTransit-Oriented Development Study Working Group Meeting
Transit-Oriented Development Study Working Group Meeting
 
Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019
 
2024: The FAR - Federal Acquisition Regulations, Part 39
2024: The FAR - Federal Acquisition Regulations, Part 392024: The FAR - Federal Acquisition Regulations, Part 39
2024: The FAR - Federal Acquisition Regulations, Part 39
 
Texas Water Development Board Updates June 2024
Texas Water Development Board Updates June 2024Texas Water Development Board Updates June 2024
Texas Water Development Board Updates June 2024
 
Practical guide for the celebration of World Environment Day on june 5th.
Practical guide for the celebration of World Environment Day on june 5th.Practical guide for the celebration of World Environment Day on june 5th.
Practical guide for the celebration of World Environment Day on june 5th.
 
快速办理(Bristol毕业证书)布里斯托大学毕业证Offer一模一样
快速办理(Bristol毕业证书)布里斯托大学毕业证Offer一模一样快速办理(Bristol毕业证书)布里斯托大学毕业证Offer一模一样
快速办理(Bristol毕业证书)布里斯托大学毕业证Offer一模一样
 
PUBLIC FINANCIAL MANAGEMENT SYSTEM (PFMS) and DBT.pptx
PUBLIC FINANCIAL MANAGEMENT SYSTEM (PFMS) and DBT.pptxPUBLIC FINANCIAL MANAGEMENT SYSTEM (PFMS) and DBT.pptx
PUBLIC FINANCIAL MANAGEMENT SYSTEM (PFMS) and DBT.pptx
 

Managing Cyber and Five Other Technology Risks

  • 1. MANAGING CYBER AND FIVE OTHER TECHNOLOGY RISKS WHAT MUNICIPAL OFFICIALS AND SENIOR EXECUTIVES NEED TO KNOW CRITICAL ISSUES FOR THE FISCAL HEALTH OF NEW ENGLAND CITIES AND TOWNS APRIL 8 ,2016 Presented By Marc Pfeiffer, Principal Investigator and Assistant Director, Bloustein Local Government Research Center, Rutgers University
  • 2. THE TECHNOLOGY MANAGEMENT OPPORTUNITY: • Integrating new technologies into a government environment that includes: • Cost/tax/fee pressures • Citizen expectations • Political dynamics that work against against long-term planning • “We can defer that purchase for another year, can’t we?”
  • 3. KEY TECHNOLOGY MANAGEMENT CHALLENGES • Determining what we need, want, can afford; when and how we get it, how to manage it • Understanding that “technology” is more than “information technology”, but also includes operational and communications technologies; and they all have risks to manage • Understanding the risks; and that technology risks go beyond cyber-security; that it includes the other risks that need to be reckoned with • Knowing that managing technology and their risks is a not journey with a destination; it is an ongoing and evolving activity
  • 6. 1. CYBER SECURITY • Banking incursions – electronic funds transfer • Data/PII breach/theft • Network breach/use as a remote host • Access to networked control systems • Credit card security • Cyber extortion – DDOS, Cryptolocker/ransomware • Website/Social Media Security
  • 7. TYPES OF THREATS – SO FAR Targeted Attacks • Local government agencies are not usually specifically targeted, but you might be targeted by someone disgruntled or if something goes wrong Mass Attacks • This stems from successful email phishing and its cousins, and social engineering attacks Your Humans: • Clicking on the wrong link/opening the wrong file Bottom line: bad guys try to manipulate people into divulging personal or business information or tricking them into schemes to defraud
  • 9. THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources
  • 10. THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources 4. Financial – costs of responses to breaches and operational failure
  • 11. THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources 4. Financial – costs of responses to breaches and operational failure 5. Reputational risks
  • 12. THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources 4. Financial – costs of responses to breaches and operational failure 5. Reputational risks 6. Society driven risks
  • 13. MANAGING TECHNOLOGY RISKS: THE NEED FOR TECHNOLOGICAL PROFICIENCY
  • 14. A TECHNOLOGICALLY PROFICIENT ORGANIZATION …Understands the links between its business processes and its technology …Understands its technology needs …Is assured that the technology will work when it needs to, including routine and emergency situations …Is capable of protecting itself against compromise, including protecting and responding to cyber threats
  • 15. DEVELOPING TECHNOLOGICAL PROFICIENCY To the extent one is weaker than the other, they are all weaker. ProficiencyGovernance Planning Cyber Hygiene Technical Competency
  • 16. GOVERNANCE Governing boards cannot ignore technology or delegate key elements • Reputational and financial risks cannot be delegated • Governing body and chief executive must be engaged • Includes technology managers, fiscal staff, public safety, operational representation; can include responsible citizens.
  • 17. GOVERNANCE Management needs to set the tone from the top, down: • Understands technology as an enterprise-wide risk management issue • Create a technology governance process • Has adequate access to technology expertise • Develop risk management processes • Adopts technology policies • Establish a technology planning process • Ensure reports to elected officials are meaningful
  • 18. PLANNING Determines how you spend technology resources Key elements of the plan: • Matches organizational goals to technology goals • Assessment of technology assets, services, resources (hardware, software, networks, contractors, facilities, people) • Identify priorities of changes in technology solutions and activities • Assess and address technology risks • Define the information security management framework • Address “make or buy” decisions • Assign plan execution responsibilities to appropriate staff and tie plan to organization budget • Use a practical time horizon: No more than 3 years and review annually (or more often )
  • 20. BECAUSE… The bulk of successful attacks come because an employee clicked on something they shouldn’t have, so… • Train (and retrain) your humans • Consider intrusion testing • Have informed employee policies
  • 21. TECHNICAL COMPETENCE Implement the plan with technical competency • Keep Governance updated on activities • Apply and enforce policies • Ensure that all tech employees are trained and contractors are secure • Keep aware of changing circumstances and technology, and SHARE information with peers • Be consistent; do not slack off
  • 23. TECHNOLOGY PROFICIENCY MATURITY MODEL • UnawareStage 1 • FragmentedStage 2 • Top Down/EvolvingStage 3 • Managed/PervasiveStage 4 • Optimized/NetworkedStage 5
  • 26.
  • 27.
  • 29. PUT TECHNOLOGY PROFICIENCY ON YOUR ORGANIZATIONS AGENDA You can’t do this overnight; it will always be a work in progress. It will likely cost new resources of time, attention, and $$ Remember, proficiency and cybersecurity are an ongoing process and challenge, NOT a destination! And every organization is at a different spot on the map So… START
  • 30. STUDY CONDUCTED BY: Marc Pfeiffer, Assistant Director Bloustein Local Government Research Center Bloustein School of Planning and Public Policy Rutgers, The State University 33 Livingston Street, New Brunswick 08901 marc.pfeiffer@rutgers.edu 848-932-2830 http://blousteinlocal.rutgers.edu/managing-technology-risk/ Under a grant provided by the: Municipal Excess Liability Joint Insurance Fund 9 Campus Drive - Suite 16 Parsippany, NJ 07054 (201) 881-7632 With an assist from Dr. Alan Shark, Director of the Center for Technology Leadership at the Rutgers School of Public Affairs and Administration, and Executive Director, Public Technology Institute All materials © 2015 by Rutgers and the Municipal Excess Liability Joint Insurance Fund