Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Global Privacy and Data Protection Risks: Protecting Corporate Digital Assets

268 views

Published on

–– Cyber threats and data breaches: Top risks, vulnerabilities
and implications for compliance professionals.
–– Challenges and case studies: Insiders, competitors, third
parties and supply chains – who poses the greatest risk?
Target’s data breach was via a vendor – how do you close
security gaps?
–– Cross-organization solutions: Aligning teams, asking
key questions and investing in people, processes
and technology to mitigate risks internally and with
third parties.

Published in: Education
  • Be the first to comment

  • Be the first to like this

Global Privacy and Data Protection Risks: Protecting Corporate Digital Assets

  1. 1. October 5, 2015 Copyright © 2015 CREATe.org All rights reserved
  2. 2. Pamela Passman President & CEO Center for Responsible Enterprise and Trade CREATe.org David Heller Vice President Enterprise Risk Management and General Auditor Edison International Copyright © 2015 CREATe.org All rights reserved Today, we’ll cover: • Cyber threats and data breaches • Challenges and examples • Cross-organizational solutions
  3. 3. • • • • • • • • • National Conference of State Legislators
  4. 4. • • • • • • • • •
  5. 5. Data security Privacy and confidentiality
  6. 6. • Email • Employee PII (banking, medical, passport, SSN, performance reviews) • Financial data • Customer, Vendor and third party proprietary and confidential information • Products and Services (films, scripts) • Business plans • Intellectual Property and Trade Secrets • Other Confidential and Private Information Employee & Company Information IP, Products & Competitive Information Copyright © 2015 CREATe.org All rights reserved
  7. 7. Copyright © 2015 CREATe.org All rights reserved
  8. 8. Globalized Marketplace Information Digitalization Mobile Workforce Fragmented Value Chains Corporate Digital Assets Copyright © 2015 CREATe.org All rights reserved
  9. 9. Threat Actor Objectives Methods Vulnerabilities Nation States Military technology, help national companies Blunt force hacking Social Engineering Trojan Horse Spear phishing Watering Hole Exploits Malware Co-opted Credentials Physical/Non-technical Processes People Technology Malicious Insiders Competitive advantage, financial gain, national goals Competitors Competitive advantage Transnati’l Organized Crime Financial gain Hacktivists Political/social goals Source: CREATe.org – PwC Report: Economic Impact of Trade Secret Theft: A framework for companies to safeguard trade secrets and mitigate potential thefts, February 2014 Copyright © 2015 CREATe.org All rights reserved
  10. 10. Impact Motivation Access Connections Red Flags Most common source of the theft of corporate assets; Differs from unintentional or uninformed insiders Typically disgruntlement or ego, ideology, competition, or personal financial gain Insider authorization to systems, records, source code, and even facilities = opportunity to exploit access for malicious purposes Can be leveraged or planted by Advanced Persistent Threats to exploit access to critical assets Activity changes with mergers, divestitures and legal entity separations; and within 2 weeks before and after employment separation (voluntarily or involuntarily) Copyright © 2015 CREATe.org All rights reserved
  11. 11. Copyright © 2015 CREATe.org All rights reserved
  12. 12. Copyright © 2015 CREATe.org All rights reserved
  13. 13. Addressing Cyber Risk and Embedding Protection of Corporate Digital Assets in Business Operations • • • • Copyright © 2015 CREATe.org All rights reserved
  14. 14. IDENTIFY 1. What risks does the company face? ASSESS 2. How serious are those risks? MANAGE 3. How should the company manage risks? Cybersecurity Corporate Digital Assets Breach Trade Secrets or other IP Theft Copyright © 2015 CREATe.org All rights reserved
  15. 15. 1Identify Critical Business Information 2 Assess Threat Actors 3 Relative Value Ranking 4 Economic Impact Analysis 5 Secure Critical Business Information Copyright © 2015 CREATe.org All rights reserved
  16. 16. 5Secure Trade Secrets and Critical Business Information Copyright © 2015 CREATe.org All rights reserved
  17. 17. Incident Response Team • Legal • Risk • Chief Information Officer (CIO) • Chief Information Security Officer (CISO) • Chief Compliance Officer (CCO) • Finance • Communications/PR • Physical Security • Supply Chain • Customer Support • Human Resources Board Oversight Executive Level Decision-Making Stakeholders • Employees • Regulatory agencies • Customers • Law enforcement • Vendors/Suppliers • Lenders • Shareholders • Media (formal and informal) • Partners
  18. 18. IDENTIFY 1. What risks does the company face? ASSESS 2. How serious are those risks? MANAGE 3. How should the company manage those risks? • Identify cybersecurity as part of broader risk programs • Assess greatest risks to corporate digital assets • Manage risks according to likelihood and severity of breach • Proactively secure business critical information in implementing risk management Copyright © 2015 CREATe.org All rights reserved
  19. 19. Copyright © 2015 CREATe.org All rights reserved
  20. 20. Thank You! ppassman@CREATe.org david.heller@sce.com Copyright © 2015 CREATe.org All rights reserved
  21. 21. Free Downloads Available at www.CREATe.org Trade Secrets: • CREATe-PwC Report/Framework • Protecting Trade Secrets with Supply Chain Partners • Model Policies: Trade Secrets • Reasonable Steps Requirement Protecting Intellectual Property Through Enterprise Risk Management (ERM) • Model IP Policies • Health and Safety Risks of Counterfeits in the Supply Chain Copyright © 2015 CREATe.org All rights reserved

×