SlideShare a Scribd company logo

Using international standards to improve US cybersecurity

IT Governance Ltd
IT Governance Ltd

Understand the current cyber threat facing US businesses, President Obama's proposed data protection act and how you can implement international standards to get your business cybersecure in this informative webinar with expert Alan Calder.

Business
1 of 34
Download to read offline
Using international standards to improve US cybersecurity Wednesday, March 18, 2015 Alan Calder IT Governance Ltd www.itgovernanceusa.com PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING AND WILL AUTOMATICALLY BE UNMUTED FOR THE START OF THE Q&A SESSION
Introduction About Alan Calder… • Acknowledged international cybersecurity expert • Leading author on information security and IT governance issues • Led the world’s first successful implementation of ISO 27001 (then BS 7799) • Consultant on cybersecurity and IT governance strategies globally, including across the USA 2 © IT Governance Ltd 2015
Agenda • The current cyber threat – Breaking down recent high- profile data breaches • Current legislation – Reviewing the patchwork of state data breach notification laws • Proposed US legislation – Learn about President Obama's proposed data breach notification law • International standard – Discover how the cybersecurity standard, ISO 27001, will help get your business cyber secure 3 © IT Governance Ltd 2015
4 © IT Governance Ltd 2015 Current cyber threat
The current cyber threat Health care and business industries suffered most breaches in 2014 5 © IT Governance Ltd 2015 783US data breach incidents in 2014 348.16 million US records compromised 88% believe cyber attacks are among the three biggest threats facing organizations
The current cyber threat 6
The changing threat landscape • 87% of iPhone and 97% of Android top 100 Apps have been hacked • 100% of companies experience virus attacks, and 97% have suffered malware attacks • Every day, 156 million phishing emails are sent • 15 million make it through spam filters • The average global cost for each stolen record is $145 – in the USA it is $201 7 © IT Governance Ltd 2015
Why did they fail to avoid a breach? 8 © IT Governance Ltd 2015 Root cause of data breaches The changing threat landscape
Case study – Target Data breach • November/December 2013 • Hackers logged into the retailer’s network using credentials stolen from heating and ventilation firm Fazio Mechanical Services, which they stole through a sophisticated phishing attack • Hackers were able to upload malware programs onto Target’s POS systems and remain undetected • 110 million customers had their card data or personal information stolen 9 © IT Governance Ltd 2015
Case study – Target Repercussions • Target profits for the first six months of the fiscal year were down 41% • Costs associated are estimated to have reached $148 million • CEO Gregg Steinhafel and CIO Beth Jacob resign What could Target have done differently? • Properly secure third-party access to its network • Segment network so third parties could not access payment systems/sensitive information • Regular testing of their software to identify any vulnerabilities early on 10 © IT Governance Ltd 2015
Case study – Home Depot 11 © IT Governance Ltd 2015 Data breach • September 2014 • Hackers used third-party credentials to break into network and installed POS malware through unpatched vulnerability • Breach involved 56 million payment cards and 53 million customer email addresses • Home Depot now facing at least 44 lawsuits • Spending to deal with the breach has exceeded $43 million
Case study – Home Depot 12 © IT Governance Ltd 2015 What did Home Depot lack? • The right attitude towards cybersecurity – When employees asked for security training, management response was: “We sell hammers” • Up-to-date software – Allegedly used outdated Symantec antivirus software to protect its network • Rigorous vetting of employees – Hired a computer engineer in 2012 who had been in prison for disabling computers at previous company
Case study – Sony Pictures Data breach • November 2014 • Hackers infiltrate Sony’s corporate computer network • Torrents of unreleased Sony Pictures films appear online • Personal information about employees (families, emails, salaries, etc.) is leaked • Plaintext passwords are leaked online, along with other credential data • Huge number of marketing slide decks are leaked • Sony staff are kept from using computers for days • Sony postpones release of upcoming film The Interview 13 © IT Governance Ltd 2015
Case study – Sony Pictures Repercussions • North Korea blamed, causing tension between the two nations • Ex-employees seek to combine class action lawsuits against Sony • Costs reach $100 million How did the breach get so bad? • Executives ignored ransom emails, treated as spam • Failed to acknowledge breach until one week later • General lax approach to online security – April 2011 - Sony’s PlayStation network hacked and 76 million gamers’ accounts compromised – Inappropriate spending? $250m budget still couldn’t keep them cyber secure 14 © IT Governance Ltd 2015
Small companies are at risk too • Cyber criminals target indiscriminately • 60% of breached small organizations close down within six months • Often lack effective internal security practices • No dedicated IT security and support • Passwords, system access easily compromised • Out-of-date server hardware and software • Websites are built on common, open-source frameworks – weaknesses easily exploited 15 © IT Governance Ltd 2015
What is the board told? • 32.5% of boards do not receive any information about their cybersecurity posture and activities • 38% of the remainder receive reports only annually • 29% of IT teams don’t report breaches for fear of retribution 16 © IT Governance Ltd 2014
Cybersecurity skills shortage Shortage • 209,000 unfilled cybersecurity positions in US • 74% up on last five years ISACA report • 90% believe there is a shortage • 41% expect difficulties finding skilled candidates • 58% plan to increase staff training Companies should be looking for • Industry-recognized qualifications (IBITGQ) 17 © IT Governance Ltd 2015
Current legislation 18
Data breach notification laws 19 © IT Governance Ltd 2015 Consumer data is currently protected by a patchwork of state legislation More information: www.itgovernanceusa.com/data-breach- notification-laws.aspx
Industry-specific laws • FISMA – requires federal agencies to implement appropriate information security programs • HIPAA – aims to protect health care information • SOX – improves accuracy and reliability of financial disclosures 20 © IT Governance Ltd 2015
Costs of a data breach in America 21 © IT Governance Ltd 2015 • Data breach notification cost = $509,237 • Post-data breach costs = $1,599,996 • Lost business cost = $3,324,959 - Ponemon Institute Cost of Data Breaches Report 2014
Proposed US data breach notification legislation 22
Personal Data Notification and Protection Act 23 © IT Governance Ltd 2014 • Single, strong, national standard • Notify individuals within 30 days of data breach • Punishment could be up to 10 years in prison
Reducing the cost of a breach • A strong security posture • An effective incident response plan • A CISO appointment • Implementing industry standards 24 © IT Governance Ltd 2015
International Standards 25 © IT Governance Ltd 2014
ISO 27001 – the cybersecurity standard • ISO 27001 – a globally recognized standard that provides a best-practice framework for addressing the entire range of cyber risks – Encompasses people, processes, and technology – Systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organization's information security to achieve business objectives 26 © IT Governance Ltd 2015
Key elements of implementing ISO 27001 • Determine the scope of the ISMS • Consider the context of the organization and interested parties • Appoint a senior individual responsible for information security • Conduct a risk assessment – identify risks, threats, and vulnerabilities • Appoint risk owners for each of the identified risks • Implement appropriate policies and procedures • Conduct staff training • Conduct an internal audit • Implement continual improvement of the ISMS 27 © IT Governance Ltd 2015
How will ISO 27001 benefit your business? • Increased/appropriate level of information security – Systematic approach to risks – Informed decisions on security investments: cost-effective security • Better work practices that support business goals • Good marketing opportunities • Credibility with staff, customers, and partner organizations • Due diligence • Compliance with corporate governance requirements – Appropriate action to comply with law – Manage business risks – Industry best-practice security – Internationally recognized good security practice 28 © IT Governance Ltd 2015
Benefits of ISO 27001 registration • Assurance to customers, employees, investors – their data is safe • Credibility and confidence • Internationally recognized • Shows that you have considered all of the information security-associated risks • Notably fulfilling fiduciary responsibilities • Supports your adherence to multiple compliance requirements 29 © IT Governance Ltd 2015
ISO 27001 in the US 30 © IT Governance Ltd 2015 Number of ISO 27001-registered organizations in America* 36% Between 2012 and 2013 the number of ISO 27001-registered organizations jumped
Why some of the world’s most valuable brands pursue ISO 27001 registration 31 © IT Governance Ltd 2015 Google: “This certification validates what I already knew…that the technology, process and infrastructure offers good security and protection for the data that I store in Google Apps” Amazon: “The certification confirms our longstanding commitment to the security of our services to our customers.” Microsoft: “…provides external validation that our approach to managing security risk in a global organization is comprehensive and effective, which is important for our business and consumer customers.”
Fixed-priced, packaged solutions You deliver the project independently You resource the project, calling on specialist tools and courses to aid efficiency and accelerate implementation Standards and books Software and documentation templates Training Mentor and coach IT Governance removes all the pain, delivering a registration- ready ISMS, aligned with ISO 27001 You resource the project, use tools and courses and benefit from the expert’s know-how You own and are in control of the project, receiving hands- on guidance from us You provide input $659 $3,160 $6,800 $16,700 $14,995 From $8,500 $7,650 Find out more: www.itgovernanceusa.com/iso27001-solutions.aspx
33 © IT Governance Ltd 2015
IT Governance • Helped over 150 organizations achieve ISO 27001 registration worldwide • 15+ years’ experience • Highly regarded within the industry • Unique offering of tools, training, and consultancy unavailable elsewhere 34 © IT Governance Ltd 2015

Recommended

Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber security
IT Governance Ltd
 
The integration of legal aspects in Information Security: Is your organisatio...
The integration of legal aspects in Information Security: Is your organisatio...The integration of legal aspects in Information Security: Is your organisatio...
The integration of legal aspects in Information Security: Is your organisatio...
Rabelani Dagada
 
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsPrivacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Nicholas Van Exan
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The Challenges
Napier University
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat Experiences
Napier University
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
IT Governance Ltd
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-
IT Strategy Group
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security culture
IT Governance Ltd
 

Recommended

Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber security
IT Governance Ltd
 
The integration of legal aspects in Information Security: Is your organisatio...
The integration of legal aspects in Information Security: Is your organisatio...The integration of legal aspects in Information Security: Is your organisatio...
The integration of legal aspects in Information Security: Is your organisatio...
Rabelani Dagada
 
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsPrivacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Nicholas Van Exan
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The Challenges
Napier University
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat Experiences
Napier University
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
IT Governance Ltd
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-
IT Strategy Group
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security culture
IT Governance Ltd
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
Raymond Cunningham
 
Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security Nowadays
Goutama Bachtiar
 
3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk
►David Clarke FBCS CITP
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
IT Governance Ltd
 
Chapter 5 MIS
Chapter 5 MISChapter 5 MIS
Chapter 5 MIS
Amirul Shafiq Ahmad Zuperi
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...
IT Governance Ltd
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
Rd. R. Agung Trimanda
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar Presentation
Ethos Media S.A.
 
IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New Economy
Goutama Bachtiar
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
Sean Graham
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...
IT Governance Ltd
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
Ernest Staats
 
Presentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 ConferencePresentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 Conference
Bill Despo
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
PECB
 
Isaca csx2018-continuous assurance
Isaca csx2018-continuous assuranceIsaca csx2018-continuous assurance
Isaca csx2018-continuous assurance
François Samarcq
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
TechSoup Canada
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
Raymond Cunningham
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
Precisely
 
GDPR Webinar - feb
GDPR Webinar - febGDPR Webinar - feb
GDPR Webinar - feb
Sophos Benelux
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here
Richard Hogg,Global GDPR Offerings Evangelist
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
IT Governance Ltd
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social Engineering
Resolver Inc.
 

More Related Content

What's hot

Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
Raymond Cunningham
 
Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security Nowadays
Goutama Bachtiar
 
3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk
►David Clarke FBCS CITP
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
IT Governance Ltd
 
Chapter 5 MIS
Chapter 5 MISChapter 5 MIS
Chapter 5 MIS
Amirul Shafiq Ahmad Zuperi
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...
IT Governance Ltd
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
Rd. R. Agung Trimanda
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar Presentation
Ethos Media S.A.
 
IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New Economy
Goutama Bachtiar
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
Sean Graham
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...
IT Governance Ltd
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
Ernest Staats
 
Presentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 ConferencePresentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 Conference
Bill Despo
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
PECB
 
Isaca csx2018-continuous assurance
Isaca csx2018-continuous assuranceIsaca csx2018-continuous assurance
Isaca csx2018-continuous assurance
François Samarcq
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
TechSoup Canada
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
Raymond Cunningham
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
Precisely
 
GDPR Webinar - feb
GDPR Webinar - febGDPR Webinar - feb
GDPR Webinar - feb
Sophos Benelux
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here
Richard Hogg,Global GDPR Offerings Evangelist
 

What's hot (20)

Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 
Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security Nowadays
 
3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 
Chapter 5 MIS
Chapter 5 MISChapter 5 MIS
Chapter 5 MIS
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar Presentation
 
IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New Economy
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
Presentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 ConferencePresentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 Conference
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
Isaca csx2018-continuous assurance
Isaca csx2018-continuous assuranceIsaca csx2018-continuous assurance
Isaca csx2018-continuous assurance
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
 
GDPR Webinar - feb
GDPR Webinar - febGDPR Webinar - feb
GDPR Webinar - feb
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here
 

Similar to Using international standards to improve US cybersecurity

Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
IT Governance Ltd
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social Engineering
Resolver Inc.
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.
Cyril Soeri
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
Precisely
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
Financial Poise
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
lgcdcpas
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve Howse
CGTI
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
AIIM International
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
ssusera5ade5
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
Precisely
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
Joe Nathans
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
David Doughty
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
JagdeepSingh394
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
Judith Beckhard Cardoso
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16
Glenn E. Davis
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
Livingstone Advisory
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
FERMA
 
5 things digital media companies need to do now
5 things digital media companies need to do now5 things digital media companies need to do now
5 things digital media companies need to do now
Grant Thornton LLP
 
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. HawkinsSteel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
lthawkins
 

Similar to Using international standards to improve US cybersecurity (20)

Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social Engineering
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve Howse
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
5 things digital media companies need to do now
5 things digital media companies need to do now5 things digital media companies need to do now
5 things digital media companies need to do now
 
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. HawkinsSteel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
 

More from IT Governance Ltd

Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get started
IT Governance Ltd
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
IT Governance Ltd
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
IT Governance Ltd
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
IT Governance Ltd
 
Risk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR complianceRisk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR compliance
IT Governance Ltd
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...
IT Governance Ltd
 
The first steps towards GDPR compliance 
The first steps towards GDPR compliance The first steps towards GDPR compliance 
The first steps towards GDPR compliance 
IT Governance Ltd
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
IT Governance Ltd
 
The GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceThe GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for compliance
IT Governance Ltd
 
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
IT Governance Ltd
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
IT Governance Ltd
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR
IT Governance Ltd
 
Privacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingPrivacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failing
IT Governance Ltd
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
IT Governance Ltd
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
IT Governance Ltd
 
Appointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRAppointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPR
IT Governance Ltd
 
GDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersGDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud Providers
IT Governance Ltd
 
Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?
IT Governance Ltd
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPR
IT Governance Ltd
 

More from IT Governance Ltd (20)

Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get started
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
 
Risk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR complianceRisk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR compliance
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...
 
The first steps towards GDPR compliance 
The first steps towards GDPR compliance The first steps towards GDPR compliance 
The first steps towards GDPR compliance 
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
 
The GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceThe GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for compliance
 
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR
 
Privacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingPrivacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failing
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 
Appointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRAppointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPR
 
GDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersGDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud Providers
 
Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPR
 

Recently uploaded

The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
ABHILASH DUTTA
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
my Pandit
 
2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings
aragme
 
Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
WilliamRodrigues148
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and CreationIndustrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
Christian Dahlen
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
ecamare2
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
fisherameliaisabella
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
Kirill Klimov
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
LuanWise
 
Authentically Social Presented by Corey Perlman
Authentically Social Presented by Corey PerlmanAuthentically Social Presented by Corey Perlman
Authentically Social Presented by Corey Perlman
Corey Perlman, Social Media Speaker and Consultant
 
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfThe 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
thesiliconleaders
 
Structural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for BuildingsStructural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for Buildings
Chandresh Chudasama
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
NZSG
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 
Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024
Top Forex Brokers Review
 

Recently uploaded (20)

The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
The Evolution and Impact of OTT Platforms: A Deep Dive into the Future of Ent...
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
 
2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings2022 Vintage Roman Numerals Men Rings
2022 Vintage Roman Numerals Men Rings
 
Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and CreationIndustrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdfModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
ModelingMarketingStrategiesMKS.CollumbiaUniversitypdf
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
 
Authentically Social Presented by Corey Perlman
Authentically Social Presented by Corey PerlmanAuthentically Social Presented by Corey Perlman
Authentically Social Presented by Corey Perlman
 
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfThe 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
 
Structural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for BuildingsStructural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for Buildings
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
 
Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024
 

Using international standards to improve US cybersecurity

  • 1. Using international standards to improve US cybersecurity Wednesday, March 18, 2015 Alan Calder IT Governance Ltd www.itgovernanceusa.com PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING AND WILL AUTOMATICALLY BE UNMUTED FOR THE START OF THE Q&A SESSION
  • 2. Introduction About Alan Calder… • Acknowledged international cybersecurity expert • Leading author on information security and IT governance issues • Led the world’s first successful implementation of ISO 27001 (then BS 7799) • Consultant on cybersecurity and IT governance strategies globally, including across the USA 2 © IT Governance Ltd 2015
  • 3. Agenda • The current cyber threat – Breaking down recent high- profile data breaches • Current legislation – Reviewing the patchwork of state data breach notification laws • Proposed US legislation – Learn about President Obama's proposed data breach notification law • International standard – Discover how the cybersecurity standard, ISO 27001, will help get your business cyber secure 3 © IT Governance Ltd 2015
  • 4. 4 © IT Governance Ltd 2015 Current cyber threat
  • 5. The current cyber threat Health care and business industries suffered most breaches in 2014 5 © IT Governance Ltd 2015 783US data breach incidents in 2014 348.16 million US records compromised 88% believe cyber attacks are among the three biggest threats facing organizations
  • 6. The current cyber threat 6
  • 7. The changing threat landscape • 87% of iPhone and 97% of Android top 100 Apps have been hacked • 100% of companies experience virus attacks, and 97% have suffered malware attacks • Every day, 156 million phishing emails are sent • 15 million make it through spam filters • The average global cost for each stolen record is $145 – in the USA it is $201 7 © IT Governance Ltd 2015
  • 8. Why did they fail to avoid a breach? 8 © IT Governance Ltd 2015 Root cause of data breaches The changing threat landscape
  • 9. Case study – Target Data breach • November/December 2013 • Hackers logged into the retailer’s network using credentials stolen from heating and ventilation firm Fazio Mechanical Services, which they stole through a sophisticated phishing attack • Hackers were able to upload malware programs onto Target’s POS systems and remain undetected • 110 million customers had their card data or personal information stolen 9 © IT Governance Ltd 2015
  • 10. Case study – Target Repercussions • Target profits for the first six months of the fiscal year were down 41% • Costs associated are estimated to have reached $148 million • CEO Gregg Steinhafel and CIO Beth Jacob resign What could Target have done differently? • Properly secure third-party access to its network • Segment network so third parties could not access payment systems/sensitive information • Regular testing of their software to identify any vulnerabilities early on 10 © IT Governance Ltd 2015
  • 11. Case study – Home Depot 11 © IT Governance Ltd 2015 Data breach • September 2014 • Hackers used third-party credentials to break into network and installed POS malware through unpatched vulnerability • Breach involved 56 million payment cards and 53 million customer email addresses • Home Depot now facing at least 44 lawsuits • Spending to deal with the breach has exceeded $43 million
  • 12. Case study – Home Depot 12 © IT Governance Ltd 2015 What did Home Depot lack? • The right attitude towards cybersecurity – When employees asked for security training, management response was: “We sell hammers” • Up-to-date software – Allegedly used outdated Symantec antivirus software to protect its network • Rigorous vetting of employees – Hired a computer engineer in 2012 who had been in prison for disabling computers at previous company
  • 13. Case study – Sony Pictures Data breach • November 2014 • Hackers infiltrate Sony’s corporate computer network • Torrents of unreleased Sony Pictures films appear online • Personal information about employees (families, emails, salaries, etc.) is leaked • Plaintext passwords are leaked online, along with other credential data • Huge number of marketing slide decks are leaked • Sony staff are kept from using computers for days • Sony postpones release of upcoming film The Interview 13 © IT Governance Ltd 2015
  • 14. Case study – Sony Pictures Repercussions • North Korea blamed, causing tension between the two nations • Ex-employees seek to combine class action lawsuits against Sony • Costs reach $100 million How did the breach get so bad? • Executives ignored ransom emails, treated as spam • Failed to acknowledge breach until one week later • General lax approach to online security – April 2011 - Sony’s PlayStation network hacked and 76 million gamers’ accounts compromised – Inappropriate spending? $250m budget still couldn’t keep them cyber secure 14 © IT Governance Ltd 2015
  • 15. Small companies are at risk too • Cyber criminals target indiscriminately • 60% of breached small organizations close down within six months • Often lack effective internal security practices • No dedicated IT security and support • Passwords, system access easily compromised • Out-of-date server hardware and software • Websites are built on common, open-source frameworks – weaknesses easily exploited 15 © IT Governance Ltd 2015
  • 16. What is the board told? • 32.5% of boards do not receive any information about their cybersecurity posture and activities • 38% of the remainder receive reports only annually • 29% of IT teams don’t report breaches for fear of retribution 16 © IT Governance Ltd 2014
  • 17. Cybersecurity skills shortage Shortage • 209,000 unfilled cybersecurity positions in US • 74% up on last five years ISACA report • 90% believe there is a shortage • 41% expect difficulties finding skilled candidates • 58% plan to increase staff training Companies should be looking for • Industry-recognized qualifications (IBITGQ) 17 © IT Governance Ltd 2015
  • 19. Data breach notification laws 19 © IT Governance Ltd 2015 Consumer data is currently protected by a patchwork of state legislation More information: www.itgovernanceusa.com/data-breach- notification-laws.aspx
  • 20. Industry-specific laws • FISMA – requires federal agencies to implement appropriate information security programs • HIPAA – aims to protect health care information • SOX – improves accuracy and reliability of financial disclosures 20 © IT Governance Ltd 2015
  • 21. Costs of a data breach in America 21 © IT Governance Ltd 2015 • Data breach notification cost = $509,237 • Post-data breach costs = $1,599,996 • Lost business cost = $3,324,959 - Ponemon Institute Cost of Data Breaches Report 2014
  • 22. Proposed US data breach notification legislation 22
  • 23. Personal Data Notification and Protection Act 23 © IT Governance Ltd 2014 • Single, strong, national standard • Notify individuals within 30 days of data breach • Punishment could be up to 10 years in prison
  • 24. Reducing the cost of a breach • A strong security posture • An effective incident response plan • A CISO appointment • Implementing industry standards 24 © IT Governance Ltd 2015
  • 25. International Standards 25 © IT Governance Ltd 2014
  • 26. ISO 27001 – the cybersecurity standard • ISO 27001 – a globally recognized standard that provides a best-practice framework for addressing the entire range of cyber risks – Encompasses people, processes, and technology – Systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organization's information security to achieve business objectives 26 © IT Governance Ltd 2015
  • 27. Key elements of implementing ISO 27001 • Determine the scope of the ISMS • Consider the context of the organization and interested parties • Appoint a senior individual responsible for information security • Conduct a risk assessment – identify risks, threats, and vulnerabilities • Appoint risk owners for each of the identified risks • Implement appropriate policies and procedures • Conduct staff training • Conduct an internal audit • Implement continual improvement of the ISMS 27 © IT Governance Ltd 2015
  • 28. How will ISO 27001 benefit your business? • Increased/appropriate level of information security – Systematic approach to risks – Informed decisions on security investments: cost-effective security • Better work practices that support business goals • Good marketing opportunities • Credibility with staff, customers, and partner organizations • Due diligence • Compliance with corporate governance requirements – Appropriate action to comply with law – Manage business risks – Industry best-practice security – Internationally recognized good security practice 28 © IT Governance Ltd 2015
  • 29. Benefits of ISO 27001 registration • Assurance to customers, employees, investors – their data is safe • Credibility and confidence • Internationally recognized • Shows that you have considered all of the information security-associated risks • Notably fulfilling fiduciary responsibilities • Supports your adherence to multiple compliance requirements 29 © IT Governance Ltd 2015
  • 30. ISO 27001 in the US 30 © IT Governance Ltd 2015 Number of ISO 27001-registered organizations in America* 36% Between 2012 and 2013 the number of ISO 27001-registered organizations jumped
  • 31. Why some of the world’s most valuable brands pursue ISO 27001 registration 31 © IT Governance Ltd 2015 Google: “This certification validates what I already knew…that the technology, process and infrastructure offers good security and protection for the data that I store in Google Apps” Amazon: “The certification confirms our longstanding commitment to the security of our services to our customers.” Microsoft: “…provides external validation that our approach to managing security risk in a global organization is comprehensive and effective, which is important for our business and consumer customers.”
  • 32. Fixed-priced, packaged solutions You deliver the project independently You resource the project, calling on specialist tools and courses to aid efficiency and accelerate implementation Standards and books Software and documentation templates Training Mentor and coach IT Governance removes all the pain, delivering a registration- ready ISMS, aligned with ISO 27001 You resource the project, use tools and courses and benefit from the expert’s know-how You own and are in control of the project, receiving hands- on guidance from us You provide input $659 $3,160 $6,800 $16,700 $14,995 From $8,500 $7,650 Find out more: www.itgovernanceusa.com/iso27001-solutions.aspx
  • 34. IT Governance • Helped over 150 organizations achieve ISO 27001 registration worldwide • 15+ years’ experience • Highly regarded within the industry • Unique offering of tools, training, and consultancy unavailable elsewhere 34 © IT Governance Ltd 2015