Lecture 15: Cybersecurity management

Slides:

Advertisements

Similar presentations

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Advertisements

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

Information Systems Controls for System Reliability -Information Security-

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Software Project Management Lecture # 8. Outline Chapter 25 – Risk Management  What is Risk Management  Risk Management Strategies  Software Risks.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October

Software Project Management Lecture # 8. Outline Earned Value Analysis (Chapter 24) Topics from Chapter 25.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Develop your Legal Practice using “Cloud” applications, but … Make sure your data is safe! Tuesday 17 November 2015 The Law Society, London Allan Carton,

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

Business Challenges in the evolution of HOME AUTOMATION (IoT)

Welcome to the ICT Department Unit 3_5 Security Policies.

Best Things Done in Managing Hybrid Clouds. Businesses are moving to cloud set-up. However the concerns are security issues, regulatory obstacles, abnormal.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

Security Development Lifecycle (SDL) Overview

Law Firm Data Security: What In-house Counsel Need to Know

Michael Wright • Chief Security Officer • Tech Lock

Accountability & Structured Privacy Management

Data Security and Privacy Overview: NJDOE’s Approach to Cybersecurity

Payment card industry data security standards

The IT Budgeting Process

Data Minimization Framework

Web Application Development

BANKING INFORMATION SYSTEMS

Data protection headaches: GDPR, brexit AND perimeter risk

Compliance with hardening standards

Leverage What’s Out There

Introduction to the Federal Defense Acquisition Regulation

Lecture 14: Business Information Systems - ICT Security

GDPR support January GDPR support January 2018.

Today’s Risk. Today’s Solutions. Cyber security and

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

I have many checklists: how do I get started with cyber security?

8 Building Blocks of National Cyber Strategies

Vision Facilitation Template

Bob Siegel President Privacy Ref, Inc.

GDPR - New Data Protection Regulation

Cyber Issues Facing Medical Practice Managers

Internal control - the IA perspective

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

General Data Protection Regulation

Cybersecurity compliance for attorneys

EC Strategy, Globalization, and SMEs

Chris Ince ISO Lead Auditor Security Risk Management Ltd

Cyber Security Culture

Governing the risk of GDPR compliance

How to address security, cost, IT and migration concerns

DSC Contract Management Committee Meeting

Anatomy of a Common Cyber Attack

Protecting Knowledge Assets – Case & Method for New CISO Portfolio

Cloud Computing for Wireless Networks

Presentation transcript:

Lecture 15: Cybersecurity management Business Intelligence Lecture 15: Cybersecurity management

Overview Understanding the personal, organisational, and legal/regulatory context in which these tools could be used, the risks of such use, and the constraints (such as time, finance, and people) that may affect how cybersecurity is implemented.

content Overview Cybersecurity Using BI Tools For Effective Decision Making Personal Organisational Legal/Regulatory Risks Constraints

Using bi tools for effective decision making Provide BI quickly and efficiently Access to real-time data helps make quicker business decisions e.g.: Oil & Gas industry – real-time data on crude oil price per barrel can help marketing team decide on when to push sales or when to pull back based on price Saves time on data entry and making reports BI tools help eliminate time spent on manual data entry and performing calculations Allows quick report generation and data visualisation Gain more customer insights BI tools help identify who are the customers, patterns in their behaviours, and which customers to prioritize for increase customer satisfaction and improve market reputation -Need to understand why companies are using BI tools to support them in making business decisions -There are many reasons why businesses adopt BI tools and amongst them are: its ability to provide BI quickly & efficiently, saving time on data entry and report generation, and gaining more customer insights

cybersecurity Definition Why is it important? The utilisation of technologies, standard processes and practices to protect information systems including data, computers, software programs and network, from attack, unauthorized access and modification, destruction or theft. Why is it important? It protects the business and function of an organization and must be considered throughout the business life cycle -Before going further into cybersecurity management, it’s important to know what it is first -

personal Data Level Security Determining which data from each data source that a particular user can see Limits the user to only seeing the dashboard that is shared to them Prevents new users from accessing data that is beyond their limitation until they are added to the right group -

organisational System Level Security Object Level Security Controls over who has access and what a user can and can’t do in a system Data encryption, account credentials, and authorization profiles is essential Other security measures: firewalls, intrusion prevention systems Object Level Security Refers to tools that manages the access of different components within the platform e.g.: Admins have the authority to control which users/groups can access/edit which dashboard

Figure 1 – Sisense Dashboards – showing the privileges set for each role

Legal/regulatory Concerns with laws and regulation on data Data should used in a manner that is compliant with regulatory laws e.g.: General Data Protection Regulation (GDPR) – law on data protection and privacy for all individuals in EU Adhering to GDPR, it requires organisations to: implement appropriate technical and organisational measures to protect personal data regularly review controls, detect, investigate and report breaches

risks Poor data quality BI tools does not live up to expectation This can happen due to data architects incorrectly design the system or source system has data quality issues Can cause delivering meaningless and inaccurate reports BI tools does not live up to expectation This happens when the chosen BI tool does not solve the business problem Be sure the chosen BI tool best fit for the organization’s specific data types, customer and reporting needs Data Breach By using BI tools, it means to entrust data to third-party company Data breaching is a risk when vendors misuse or leak the data they are entrusted with e.g: vendors can sell a company’s data to competitors Scope Creep and Loss of Momentum More towards management than it is the tool itself Project managers need to know what data to import into the system and how to visualize the data in UI and reporting environments Wrong approach: dump all data into the system Impacts data modelling Lengthens building process – more items introduced than necessary

Constraints Time Finance People Resistance to change – users prefer to use tools (spreadsheets, standard report) they are familiar with so it will take time to convince them the need to opt for a new BI tool Training for BI tool usage – takes time to learn and familiarize with how to use the tool Finance A secured and powerful BI tool will be expensive However securing your infrastructure is worth investing in As of 2017, the attack caused by WannaCry virus costed an estimated of $4 billion worldwide People Concerns over the honesty of employees and misuse of that trust e.g.: Facebook – Cambridge Analytica data scandal: Cambridge Analytica harvest personal data from million of Facebook users’ and use it for political purposes Cybersecurity is the responsibility of everyone in the organization The specific person in charge of cybersecurity is Chief Security Officer (CSO) or Chief Information System Officer (CISO) Works closely with General Counsel (GC) to meet legal requirements -CISO ensures: -demonstrates a strong management and board commitment to security -remains focused on creating a security culture -conducts honest assessments to measure and improve security -creates a roadmap for improving its security posture -monitors its network and other vulnerabilities -implements and maintains an incident response plan -reacts quickly to attacks -Before a breach occurs, GC needs to be involved with CISO/CSO and the board – to shape the cyber risk strategy in order to ensure it incorporates legal landscape around the obligations to protect against cyber risks -When breach occurs, it’s wise to have GC conduct the investigation of potentially significant security breach If a CSO/CISO investigates the breach, puts him/her in a position where they are unable to hold an opinion in the examination of his/her own department’s failure

End of chapter References https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html https://www.sisense.com/guides/guide-everything-you-need-to-know-about-security-in-a-bi- solution/ -http://www.scientect.com/the-role-of-cybersecurity-in-an-organization/