Information Security: Risk Management or Business Enablement?

Slides:



Advertisements
Similar presentations
Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.
Advertisements

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
Secure Systems Research Group - FAU Process Standards (and Process Improvement)
Risk Awareness: The Need for Transparency in Operations Tom McNamara Senior Vice President, Global Sales EthicsPoint.
RMI Global Risk & Crisis Management Solutions. Certain material influenced by source material drawn from IFAC Risk - Hazard & Opportunity Hazards € Spent.
Jeff Williams Information Security Officer CSU, Sacramento
SOX & ISO Protect your data and be ready to be audited!!!
Session 3 – Information Security Policies
Information Systems Controls for System Reliability -Information Security-
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Vendor Risk: Effective Management is Essential
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Where in the world is your data? Data Breach Analysis Angelbeat Seminar Billy Austin, President iScan Online, Inc.
A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
TOP 10 TECHNOLOGY INITIATIVES © Robert G. Parker S-1 Issues Loss or theft of mobile devices Lack of MDM (mobile device management) software Cloud.
Prepared by Dept. of Information Technology & Telecommunications, November 19, 2015 Application Security Business Risk and Data Protection Gregory Neuhaus.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
Elder Care Seminar FRS Homecare Colin Donnery General Manager FRS Recruitment
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
TOP 10 TECHNOLOGY INITIATIVES Robert G Parker July 12, 2013.
Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.
CYBER SECURITY & ITS IMPACT ON FINANCIAL STATEMENTS AUDITS BOB WAGNER TUESDAY, NOVEMBER FLORIDA SCHOOL FINANCE OFFICERS ASSOCIATION CONFERENCE.
Trinity Industries, Inc. FEI Presentation May 31, 2012.
HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
Telephone : +234 (0) | Website : Registered company : Telephone : +234.
NY DFS Cyber Regulation and the Impact on PA Mutual Insurers
Information Security Management Goes Global
Cyber Insurance Risk Transfer Alternatives
Cybersecurity as a Business Differentiator
Law Firm Data Security: What In-house Counsel Need to Know
Elder Care Seminar FRS Homecare
Managing Compliance for All Departments
Information Security Program
Protecting Our Reputation is Everybody’s Job
Cybersecurity - What’s Next? June 2017
Insiders are Today’s Biggest Security Threat
Healthcare Cybersecurity: State of Industry
Juniper Software-Defined Secure Network
Team 1 – Incident Response
Providing assurance on risk management and controls
Operational Risk.
Cybersecurity Policies & Procedures ICA
Chapter 3: IRS and FTC Data Security Rules
I have many checklists: how do I get started with cyber security?
Making Information Security Manageable with GRC
Office 365 Security Assessment Workshop
Procurement Reviews Marty Desautels, Associate Controller
General Counsel and Chief Privacy Officer
#IASACFO.
Cybersecurity compliance for attorneys
( Compromise).
Our New Integrated Business Management System [“IMS”]
Business Continuity Plan
Managing IT Risk in a digital Transformation AGE
WWC – Why do I need it?.
DSC Contract Management Committee Meeting
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
General Data Protection Regulation “11 months in”
Corporate Encryption:
Leading financial services provider
Presentation transcript:

Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security

Agenda Why Should We Care? The View from the Top Risk Management or Business Enablement Case Study

Why Should We Care?

Data Breaches

// Source of Data Breaches Source: Verizon Business Data Breach Report Verizon Business 2013 Data Breach Report Verizon Business 2013 Data Breach Report

// Timeline of a Breach In 60% of cases, attackers are able to compromise an organization within minutes. Source: Verizon Data Breach Report 2015

How are breaches identified? Only 3% of breaches were detected with common security controls Source: Verizon Business Data Breach Report

The View from the Top

Business View Of Information Security Two Factor Authentication takes too long! How does this fit into our business strategy? What is the Return on Investment? You can’t impact our network latency! Isn’t that too difficult for our clients? Why do we have to change our passwords every month?

Risk Management or Business Enablement?

Question Why Not Both?

Key Business Drivers For Risk Management Regulatory Compliance Maintain Continuity Prevent Financial Loss Detect Unauthorized Access

Key Business Drivers For Business Enablement Protect Brand Reputation Contractual Obligations Third Party Vendor Audits Expanded Business Opportunities

Case Study

Healthcare Services Company Develop an Information Security Strategy Focus on how to protect the business and its data Develop strategy based on the risk to sensitive data Align regulatory compliance standards with information security strategy Develop and implement policies, standards, and procedures to support the Information Security Strategy Integrate policies, standards, and procedures into regular business processes Develop and Test an Incident Response Plan Plan should include detecting, responding to and limiting the effects of an information security event

Questions? Mike Childs Office: 888.712.9531 x711 mike.childs@rooksecurity.com www.rooksecurity.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.