Cyber Risks: Protecting confidential data against unauthorized access Vik Bansal Deloitte & Touche LLP John Reidhead State of Utah March 17, 2016.

Slides:



Advertisements
Similar presentations
AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
Advertisements

General tax landscape.
© 2010 Deloitte & Touche LLP The Cyber-Savvy Organization: 10 Steps to a New Cyber Mission Discipline May 2010.
CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.
© 2010 Deloitte Touche Tohmatsu Sustainable Business Australia Counting the beans - retro-fitted commercial buildings Chris Leach Partner, National Leader.
“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”
Mind the Gap: Evaluating Internal Controls in Pharmaceutical Supply Chains across Sub-Saharan Africa AIDS 2012: July Julianna Kohler, Revathi Avasarala,
David A. Brown Chief Information Security Officer State of Ohio
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Navy Path to Cloud Commercial Services Integration (CSI) Team November 2013 ACT-IAC Pacific: Cloud Computing Panel & Roundtable.
Leveraging CPQ Cloud for Channel Enablement Self Service Quoting for One and Two Tier Networks.
Deloitte in India APLG Annual Meeting Savannah, Georgia February 14, 2011.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Financial structure, management, and IFRS Reporting Creating value for growth Presenter: John Robinson Partner.
Page 0 Recording of this session via any media type is strictly prohibited. Page 0 FOR016: EXCELLENCE IN RISK MANAGEMENT 11.
Trade Across the Americas: Bolstering Security and Efficiency Supply Chain Risk Analytics May 2015.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
CLICK TO ADD TITLE The 5th Global Health Supply Chain Summit
Tax Transformation: What does it mean to you?
Keeping up with Today’s Challenges
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Dell Connected Security Solutions Simplify & unify.
Fraud and Prevention: Lessons from the Fire Service August 24,
Copyright © 2007 Deloitte Development LLC. All rights reserved. BSA/AML Update Peter Fitzgerald Principal Deloitte & Touche LLP.
Association of Defense Communities June 23, 2015
Mike Wyatt, Director State Public Sector Cyber Risk Services
KNR- Studiedag 25 september 2013 Btw-checklist. © 2013 Deloitte The Netherlands KNR Studiedag Btw-checklist 1.
Provided by: Page 0 Training Module: Community Staples CDFI Deal Examples This training contains general information only and Deloitte is not, by means.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
October 10-13, 2006 San Diego Convention Center, San Diego California Regulation for VoIP Providers What’s the impact on your business.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Managing Change in the Face of New HCM Technology Dr. Katherine Jones Vice-President, HCM Technology Research Bersin by Deloitte Deloitte Consulting LLP.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.
Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.
Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
FFIEC Cybersecurity Assessment Tool Maine Credit Union League September 23, 2015 Patrick Truett, Information Systems Officer National Credit Union Administration.
Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.
© 2013 Deloitte Global Services Limited Growing Markets for Social Impact September 16 th, 2014 Global Public SectorThinking people.
1Third Party Assurance Optimization and Control RationalizationCopyright © 2016 Deloitte Development LLC. All rights reserved. Third-Party Assurance (TPA)
How Do You Plan Inventory in an Omnichannel World? Integrated Merchandising, Planning, and Supply Chain Presentation and Panel Discussion Led by Jamie.
Cybersecurity as a Business Differentiator
Law Firm Data Security: What In-house Counsel Need to Know
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
Information Security Program
Data Minimization Framework
Modernizing compliance: Moving from value protection to value creation
San Francisco IIA Fall Seminar
I have many checklists: how do I get started with cyber security?
8 Building Blocks of National Cyber Strategies
AGA 7th Annual Energy Market Regulation Conference Value Proposition for U.S. LNG Exports: Market Study October 2014.
Cybersecurity ATD technical
SOUTH AFRICAN INSURANCE ASSOCIATION
Maximizing the Impact of Learning & Development
Onboarding: Update Your Approach with Human-Centered Design
The State of Cybersecurity in State Government NAST March 26, 2019
The Deloitte Industry Proficiency Program
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Strategic threat assessment
MAZARS’ CONSULTING PRACTICE
Managing IT Risk in a digital Transformation AGE
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Session 8: Innovative Uses of Captives: Cyber and Beyond
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Presentation transcript:

Cyber Risks: Protecting confidential data against unauthorized access Vik Bansal Deloitte & Touche LLP John Reidhead State of Utah March 17, 2016

The state of cybersecurity

3Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. … and organizations must trust people every day. We have connected our economy and society using platforms designed for sharing information… not protecting it

4Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. States rapidly embrace new technology to better serve constituents, efficiently CloudSocial Media MobileOnline

5Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. State agencies continue to be a target States collect, share and use large volumes of the most comprehensive citizen information. The large volume of information makes states an attractive target for both organized cyber criminals and hacktivists.

6Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Perfect security is not feasible. Instead, reduce the impact of cyber incidents by becoming: SECURE — Enabling business innovation by protecting critical assets against known and emerging threats across the ecosystem VIGILANT — Gaining detective visibility and preemptive threat insight to detect both known and unknown adversarial activity RESILIENT — Strengthening your ability to recover when incidents occur Innovations that drive growth also create cyber risk Threat actors exploit weaknesses that are byproducts of business growth and innovation. New citizen service models New sourcing and supply-chain models New applications and mobility tools Use of new technologies for efficiency gains and cost reduction Cyber risk management is a positive aspect of managing business performance.

7Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Who might attack? Understand threats and motives relevant to your environment What tactics might they use? IMPACTS ACTORS Financial theft/fraud Theft of IP or strategic plans Business disruption Destruction of critical infrastructure Reputation damage Threats to life safetyRegulatory Organized criminals Hactivists Nation states Insiders/ partners Skilled individual hackers Very highHighModerateLow KEY What are they after, and what are the key business risks we need to mitigate?

8Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. It is almost inevitable that your safeguards will fail, at some point. Have you anticipated and prepared for the possible outcomes?

Financial management’s role in protecting data

10Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. The Deloitte-NASCIO Cybersecurity Study also provides benchmarking data on IT security spending Others provide average breach impact data Use the data wisely…. $3.79M 1 Ponemon Institute 2015 Cost of Data Breach Study: Global Analysis, May 2015 and the average cost of a cyber incident is… $154 Globally, the average per-record cost of data breach is… Investing in a cyber risk program – Elevate your discussion with agency and state leaders Cyber strategy cannot be based solely on preventing the kind of attack you just saw in the news. Benchmarking against security spend for your industry may be misleading. Each organization’s cyber risk profile is distinct. The costs and impact of a cyber attack may be more far-reaching than common references would indicate. Example: Citizen trust impact. Improved security controls may not be the most important investment for your organization.

11Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Financial management’s role The finance function has a unique view into the complexities of the business Financial managers are being asked to take a more proactive role in addressing cyber risks 1 Collaboration is critical across business and functional areas ‏ Source: finance-plays-critical-role-in-mitigating-cyber-security-risks

12Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Better understand cyber risks to the business and the data you manage by asking: Where are my high-risk assets? Where does the data reside? What are the citizen privacy issues? Why does the data need to be protected? What are the possible motives of an attack? What is the business implication of a breach within the agency, state and external parties? What systems are in place to manage risks and where are they? Ask the right questions

13Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. An assessment of the organization’s cybersecurity should evaluate specific capabilities across multiple domains Establish a risk-based, not compliance-based, framework Vigilant Secure Data management and protection Secure development life cycle/ERP & financial applications Cybersecurity risk and compliance management Threat and vulnerability management Resilient Security operations Security awareness and training Crisis management and resiliency Risk analytics Security program and talent management Third-party management Identity and access management Information and asset management * The Deloitte cybersecurity framework is aligned with industry standards and maps to Cyber Security Framework, NIST, ISO, COSO, and ITIL.

14Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Secure.Vigilant.Resilient.™ approach Vigilant Secure Data management and protection Secure development life cycle/ERP & financial applications Cybersecurity risk and compliance management Threat and vulnerability management Resilient Security operations Security awareness and training Crisis management and resiliency Risk analytics Security program and talent management Third-party management Identity and access management Information and asset management * The Deloitte cybersecurity framework is aligned with industry standards and maps to Cyber Security Framework, NIST, ISO, COSO, and ITIL. An assessment of the organization’s cybersecurity should evaluate specific capabilities across multiple domains

15Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Leverage your framework to better manage compliance IRS Publication 1075: Illustrative Top 10 Requirements

State of Utah case study

Utah Cybersecurity Improvements  Improvements in Cybersecurity Due to 2012 Breach  Established a Statewide Security Council  Established a Statewide CISO Position  Central IT (DTS) –Better Coordination and Cooperation with Dept’s –Better Data Classification, Monitoring, Encryption –Biennial Independent Security Reviews

Department Improvements  Increased Focus on Security in IT Councils  Adopted Formal Security Policies  Improved Communication with IT at Dept Level (524 Forms)  Better Understanding and Adherence to NIST and Other Standards  Dept Annual Calendar of Security Tasks  PCI Coordinator, Statewide Improvement

19Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Effectively manage what is in your control Being VIGILANT means having threat intelligence and situational awareness to anticipate and identify harmful behavior. Being RESILIENT means being prepared and having the ability to recover from, and minimize the impact of, cyber incidents. Being SECURE means having risk-prioritized controls to defend critical assets against known and emerging threats. Secure.Vigilant.Resilient. TM

20Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Presenter information Vik Bansal Director Cyber Risk Services Deloitte & Touche LLP John Reidhead Director UT Division of Finance State of Utah

This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation. As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright © 2016 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.