Cybersecurity is not a new issue! Dr. Edgar Frank Codd, an IBM researcher, wrote a paper that described the fundamental model of the relational databases.

Slides:

Advertisements

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Advertisements

Module N° 7 – Introduction to SMS

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Risk Management and Internal Controls ASSAL 20 November 2014 Annick Teubner Chair, IAIS Governance Working Group.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.

1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.

It’s Time to Talk About Risk and Control

“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”

Meeting with IESBA CPAB Update Glenn Fagan and Kam Grewal April 7, 2014.

Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.

Security Controls – What Works

ERIC R. FISCHER SENIOR FELLOW BOSTON UNIVERSITY CENTER FOR FINANCE, LAW & POLICY 1.

Accounting Information Systems Chapter Outlines

PwC Role of Internal Audit in Corporate Governance September 2010 Tumin Gültekin, Partner.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

ISACA Research Update Robert Foster Research Director, ISACA Northern England Chapter.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”

Opportunities & Implications for Turkish Organisations & Projects

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

Staff Structure Support HCCA Special Interest Group New Regulations: A Strategy for Implementation Sharon Schmid Vice President, Compliance and.

Security and Privacy Services Cloud computing point of view October 2012.

OECD Guidelines on Insurer Governance

Fraud & Internal Control Frank M. Klaus, CPA. Fraud Definition  Fraud is the misappropriation of assets for the benefit of an individual.  “Willful.

CORPORATE GOVERNANCE Regulatory expectations and current good practice Charles Cattell The Cattellyst Consultancy.

Corporate Governance: Basel II and Beyond Corporate Governance Program for Bank Directors of Indian Banks Mumbai December 14, 2005.

“ Heightened Expectations” for Corporate Governance AIBA 2 nd Annual Compliance Seminar June 14, 2012 Lester Miller, Senior International Advisor International.

The Challenge of IT-Business Alignment

Enterprise Risk Management Expectations Outpacing Capabilities and The Audit Committee’s Role July 30, 2013 Presented by: Suzette E. Ramsden (B.Sc., CISA,

Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.

© 2014 IBM Corporation Smarter Workforce Services Business Process Innovation.

Benoît ESNAULT Commission de Régulation de l’Energie 17th Madrid Forum Madrid, 15 January year network development plan ERGEG recommendations.

ICT Action Plan Refresh

ISO GENERAL REQUIREMENTS. ISO Environmental Management Systems 2 Lesson Learning Goals At the end of this lesson you should be able to: 

AGA’s 2015 IG Survey: Accelerating Change IG Panel Discussion of Survey Results September 15, 2015.

Understanding Technology Stakeholders: Their Progress and Challenges John M. Gilligan Software Assurance Forum November 4, 2009.

Operational Risk Ruth Hanna Strong FIRMA Conference San Francisco March 31, 2010 © 2010 Wells Fargo Bank, N.A. All rights reserved. For public use.

IT Controls Global Technology Auditing Guide 1.

Chapter 9: Introduction to Internal Control Systems

RESPONSIBLE CARE ® SECURITY CODE Daniel Roczniak Senior Director, Responsible Care American Chemistry Council June 2010.

Enterprise Cybersecurity Strategy

CSI—The Lifecycle Stage

Strong Internal Audit Association of International Bank Auditors – Regulatory Panel June 9, 2011 Carlos D. Henández International Banking Supervision Comptroller.

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

John Weigelt, MEng, PEng, CISSP, CISM National Technology Officer Microsoft Canada November 2005 Fighting Fraud Through Data Governance.

Karsten Thiel ICAO EUR/NAT Regional Director AVIATION SAFETY Almaty, 5 to 9 September 2005.

Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.

Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.

Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.

ISACA: 2016 AND BEYOND MATT LOEB (CGEIT, CAE) ISACA CHIEF EXECUTIVE OFFICER.

1 Corruption Prevention Strategies. 2 Specific Objectives: 1. Corruption Loopholes 2. Corruption Prevention Strategies 3. Conclusions.

Engagement Timeline Identify Partners Build and Test Publish Toolkit Review Saurin Nanavati Director of Global Partnerships Building sustainable supply.

IoD presentation to the Institute of Internal Auditors July 2014 Felicity Caird, Executive, Governance Leadership Centre.

JOHN M. HUFF NAIC PRESIDENT DIRECTOR, MISSOURI DEPARTMENT OF INSURANCE JUNE 16, 2016 NAIC CYBERSECURITY INITIATIVES.

What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.

Cyber Risk Presentation to the Board of Directors

ENTERPRISE RISK MANAGEMENT IN THE CASE OF THE FINANCIAL SERVICE SECTOR

Local Government in Jamaica

An Urgent National Imperative

Presentation to the INTOSAI Working Group on IT Audit Systems assurance and data analytics for continued audit quality and improved efficiency of audits.

Cyber Risk & Cyber Insurance - Overview

I4.0 in Action The importance of people and culture in the Industry 4.0 transformation journey Industry 4.0 Industry 3.0 Industry 2.0 Industry 1.0 Cyber.

Presentation transcript:

Cybersecurity is not a new issue! Dr. Edgar Frank Codd, an IBM researcher, wrote a paper that described the fundamental model of the relational databases that today underpin virtually every major company’s operations. The paper outlined the need for the ‘shared data banks’ to have the attributes of data consistency, integrity, security and privacy. This paper was published in 1970, but its goals are just as relevant today!

Cyber Stress Factors Media coverage (D)evolving workforce Hyper-connectivity People, people, people Cyber talent shortages Legislation, Regulation, Contracts These drivers vary by industry, region and corporate culture

Lessons (to be) Learned Access restrictions Authorization enforcement Segregation of duties Vendor management Root cause analysis Risk-based oversight Is this Déjà vu all over again?

Use of Frameworks is Expanding Source: NIST Cybersecurity Framework 4 Extends the classic security life cycle functions to include Identify The model is more proactive - Business and Governance are key risk aspects The model includes analytics, supply chain risk management, continuous monitoring An emerging imperative is enhancing the role of Internal Audit in risk management ISACA has released an implementation guidance document as part of CSX Other frameworks include COBIT 5 and ISO/IEC 27000

Cybersecurity Roadmap Adopt a risk and control framework Assess your risk profile and appetite Inventory your capabilities and people Define a cyber security strategy Develop an integrated oversight plan Periodically report, review and revise Be pragmatic to create change that is evolutionary and less disruptive

Take on the Challenge for Change The journey begins with each of you: Take a fresh look at your role Become an active participant Be bold - challenge the status quo Increase IA/IS/IT transparency Make audits more meaningful Cybersecurity improvements often need to occur one person at a time

Closing Thoughts Cyber threats constantly change the game Data breaches will continue to focus on finding and exploiting the weak links Perfect security isn’t possible, so flexibility, agility and resilience must be the priority Audit should be playing a stronger role in evaluating the adequacy of risk management A strong partnership between IT, Security and Internal Audit can make a real difference Be prepared, individually and organizationally, instead of being paranoid!

Contact Info: Michael Gerdes Director, Information Security COE Experis