Information Assets, Security and Cyber Threats

Slides:



Advertisements
Similar presentations
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
Advertisements

Computer Fraud Chapter 5.
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.
1 8 - Management and Operation of Technology Infrastructure Management and Operation of Technology Infrastructure.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
CUAV Conference Risk Assessment May 18, 2015
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
AUGUST 25, 2015 Cyber Insurance:
ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.
Outsourcing Business Processes ( without In-sourcing the Associated Risks) Gregg Anderson – Crowe Horwath (risk manager) Doug Tripp – Crowe Dunlevy (outsourced.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
CYBER INSURANCE Luxury or necessary protection?. What is a data breach? A breach is defined as an event in which an individual’s name plus personal information.
1 © 2000 Arthur Andersen All rights reserved. Arthur Andersen Then and Now …. TODAY14 YRS. AGO $7 billion $1 billion ( ) (about 75 yrs to.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
A PM’s Guide to Surviving A Data Breach. Compliance: PCI QSA and PCI Gap Analysis FISMA HIPAA SSAE 16 GLBA, Red Flags Response Incident Response and Disaster.
INDIANA UNIVERSITY X 420 “POOP” SESSION September 6, 2001.
1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
The cost of Cybercrime 1 Steve Lamb Regional Marketing Manager – EMEA, Enterprise Security Products Twitter: actionlamb.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.
CYBER SECURITY & ITS IMPACT ON FINANCIAL STATEMENTS AUDITS BOB WAGNER TUESDAY, NOVEMBER FLORIDA SCHOOL FINANCE OFFICERS ASSOCIATION CONFERENCE.
Managing Uncertainty, Creating Opportunity Enterprise Risk Management J. Brown, CEO.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.
Dolly Dhamodiwala CEO, Business Beacon Management Consultants
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
Cyber Summit 2016 Data Bytes and Frights Presented by: President and CEO Peter J. Elliott, CPCU.
HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
Integrated Risk Management Solutions, LLC___________________________ Risk Management Governance For Information Assets, Security and Cyber Threats ______.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Threats & Challenges in the Digital World EY 2015 Global Information Security Survey.
Draft - Enterprise Risk Management Risk Universe
Cyber Insurance Risk Transfer Alternatives
Cybersecurity as a Business Differentiator
An Information Security Management System
Physical Security Governance Model
Information Security Program
E&O Risk Management: Meeting the Challenge of Change
Comprehensive Security and Compliance at an Affordable Price.
Protection of CONSUMER information
Managing a Cyber Event Steven P. Gibson President
BUSINESS CONTINUITY BY HUI ZHENG.
Current ‘Hot Topics’ in Information Security Governance Auditing
Information Security: Risk Management or Business Enablement?
Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk.
Red Flags Rule An Introduction County College of Morris
Cyber Trends and Market Update
Securing the Threats of Tomorrow, Today.
CompTIA Security+ Study Guide (SY0-401)
DATA LOSS PREVENTION Mr. Collins Oduor.
Forensic and Investigative Accounting
Strategic threat assessment
Cyber Security: What the Head & Board Need to Know
University of Maryland Robert H. Smith School of Business
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Anatomy of a Common Cyber Attack
Presentation transcript:

Information Assets, Security and Cyber Threats Risk Management Governance For Information Assets, Security and Cyber Threats ______ June 22-23, 2016 Jim Blair, President Integrated Risk Management Solutions, LLC___________________________

Risk Management is NOT! Only Insurance – approx. 40% of claims paid Hope – “It won’t happen to us” Third party studies – “filed” on a back shelf Controls or Compliance – rear-looking check lists Hiring a team of “really smart” people Time limited – “it’ll go away” Burdensome (when proactively managed) 7-10% of Revenue Consumed by RM Costs Integrated Risk Management Solutions, LLC___________________________

The Business Approach Integrated Risk Management Solution Risk Finance & Insurance Claims Mgt. & Cost Control Health & Safety Captive Insurance Absence Management Claims Managemen t & Cost Control Fraud Prevention Business Resiliency Planning Ethics & Conduct CASH FLOW GROWTH Audit & Sox Secur ity Security Revenue Assurance Revenue Assurance Scenario Planning Compliance Emergency Response Privacy Enterprise Risk Assessment Information Management Internet & Information Systems Security Change Management Copyright protected – Property of Integrated Risk Management Solutions, LLC

Managing Risk = Cash Flow Risk Management IS! A strategy to strengthen the business A primary cash-flow driver Strategic examination of material risks Integrated action for mitigation Scenarios and alternative solutions Preparedness for uncertainty and crisis Managing Risk = Cash Flow Integrated Risk Management Solutions, LLC___________________________

Information Risks-Cyber Threats Information Assets Cyber Threats Intellectual Property Theft/Loss of Physical Equipment Patents, Trade Secrets, Copyrights Internal Breach – Employees & Vendors Drawings, Architectures, Networks 70% of Breaches – Internal Merger & Acquisition Plans Data Theft, Manipulation, Contamination Financial & Strategic Plans Fraud – 6% of GDP Board Records External Attacks – Network, Firewalls, Encrypted Data, Information In Transit & at Rest Banking and Financial Records Personal Identification Information (PII) Personal Credit Information (PCI) Attacks on The Cloud, Data Warehouses Employment Records All Portable Devices – Smart Phones, Tablets, Hard Drives, Flash & Thumb Drives, Video Players HIPPA and HITECH FERPA – Student Records Vendor-Customer Lists w/ Billing Info. FAX Machines and Scanners Stored in ALL MEDIA FORMS Manufacturing Digital Controls – SCADA Integrated Risk Management Solutions, LLC___________________________

Risk Transfer Priorities Recover “first” costs of Response & Recovery: 1. Breach Detection 8. Notify Parties (millions) 2. Forensic Analysis 9. Credit Monitoring 3. Repair 10. Identity Repair 4. Identification of Parties 11. PCI/Credit Card Providers 5. Legal Protection/Costs 12. Regulatory Fines 6. Communications Plan 13. Litigation 7. Notify Regulators (48) 14. Reputation Recovery Ponemon Est. Cost $201/Account Breached Average Business Loss - $5.85 million Business Interruption Cost Recovery – Imperative Reputational Damage a Major Issue Lloyds of London Est. Global Cost ~ $400 billion Integrated Risk Management Solutions, LLC___________________________

Top 5 Risk Management Priorities Integrated Risk Management Solutions Clients Reputation – Client and Investor Impact Cyber-breach – Data compromise – Operating Systems Behavior – Internal and 3rd party providers Business Disruption – Internal & supply chain Cash Flow – Revenue diversity & cost management Integrated Risk Management Solutions, LLC___________________________

Regulatory Risks Growing FDA Regulations OSHA - EPA Foreign Corrupt Practices Act & UK Anti-Bribery Data Privacy – President’s Directive 2/13 48 State Regulations on Information Breach Disclosure PCI Compliance FTC Red Flags Rule - Protects CPI & EPI USA Patriot Act – TSA Regulations Office of Foreign Asset Control (OFAC) Risk Mgt. Likely to Become a Requirement Integrated Risk Management Solutions, LLC___________________________

The Integrated Approach to Risk Management Proactive Management of Organizational Risks Majority of Risks are Operational – Minimal Insurance Form a Risk Management Executive Council Top leaders - Operations – Finance – Marketing - Human Talent – Legal Establishes a Rhythmic Focus on “Material” Risks 90/90 Plan - meets for 90 minutes every 90 days Reports to CEO - Advisory Board / Board Administers Risk Costs 7-10% of Revenue Integrated Risk Management Solutions, LLC___________________________

The Integrated Approach to Risk Management Process Governance of Risk & Preparedness Prioritize Risk Initiatives – measure deliverables Report Performance Results – Resolve disputes Initiate Operations Assurance Processes Scenario Planning – Emergency Response Anticipate Emerging Risks Amplifies Organizational Intelligence Integrated Risk Management Solutions, LLC___________________________

Questions – Discussion - Strategy The Process Questions – Discussion - Strategy jeblair@integratedrisksolutions.com Integrated Risk Management Solutions, LLC___________________________

Cash Flow is Improved – ROI ~ 4:1 The Outcome – Strength A Prevention/Awareness Approach Produces Results “All Eyes On” Risk Priorities are Funded Alignment of Work Efforts Across Business Units Stimulates Prevention-Centric Behavior Results are Measured and Reported Rhythmic Operations Assurance Anticipates “Emerging” Risks Cash Flow is Improved – ROI ~ 4:1 Integrated Risk Management Solutions, LLC___________________________

Questions – Discussion - Strategy jeblair@integratedrisksolutions.com Integrated Risk Management Solutions, LLC___________________________

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.