Top Questions Executives and Board Members Should be Asking About IT and Cloud Risks.

Slides:



Advertisements
Similar presentations
The IT Staff of the Future: The Importance of IT Business Alignment for Staff Development Katherine Spencer Lee Executive Director Robert Half Technology.
Advertisements

Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
The Lucernex Cloud: A software-as-a-service solution delivered via the Cloud What is the Cloud? Cloud Computing is the future of all software applications,
Cloud Computing EDT Cloud Computing Overview Cloud Computing can be defined as a network of applications, services, and infrastructure that are.
FIA Prague Preparation February 6, Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.
INFORMATION TECHNOLOGY FOR MINNESOTA GOVERNMENT Christopher P. Buse Assistant Commissioner and CISO State of Minnesota Mobile Device Management Assessing.
1 8 - Management and Operation of Technology Infrastructure Management and Operation of Technology Infrastructure.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
The 2009 Cloud Consensus Report July 28, 2009 Bringing the Cloud Down to Earth Sponsored by the Merlin Federal Cloud Initiative.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.
SPRING 2011 CLOUD COMPUTING Cloud Computing San José State University Computer Architecture (CS 147) Professor Sin-Min Lee Presentation by Vladimir Serdyukov.
1. 2 New Computing Models, and What They Mean to the Small and Mid Sized Business Consumer How your business can make practical decisions between “The.
5205 – IT Service Delivery and Support
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
Chapter-7 Introduction to Cloud Computing Cloud Computing.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Open Cloud Sunil Kumar Balaganchi Thammaiah Internet and Web Systems 2, Spring 2012 Department of Computer Science University of Massachusetts Lowell.
Will you need your umbrella?.  Objective: Explain the Cloud In business terms, so you can see if it will benefit you.  Agenda: 12:00 – Welcome and Introductions.
Presentation to the Housing Technology Conference Tim Cowland- Senior Consultant 27 th February 2014 The Rise of the Housing Cloud.
For more notes and topics visit:
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
InformationWeek 2014 Strategic Security Survey Research Findings © 2014 Property of UBM Tech; All Rights Reserved.
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
David Overton Head of Small Business Technology – Head of Small Business Technology – Microsoft solutions for.
Lecture 6: Cloud Computing By D. Najla Al-Nabhan 1.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Cloud Computing Characteristics A service provided by large internet-based specialised data centres that offers storage, processing and computer resources.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.
Chapter 17 THE FUTURE OF BUSINESS Gitman & McDaniel 5 th Edition THE FUTURE OF BUSINESS Gitman & McDaniel 5 th Edition Chapter Using Technology to Manage.
Cloud Computing Project By:Jessica, Fadiah, and Bill.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. BUSINESS PLUG-IN B19 Global Information Systems.
CLOUD COMPUTING JAZ PATERNOSTER. DEFINITION Cloud computing is the use of ‘the cloud’ as a place to save files rather than in a personal computer, allowing.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Chapter 11 Management Control of Information Technology.
Develop your Legal Practice using “Cloud” applications, but … Make sure your data is safe! Tuesday 17 November 2015 The Law Society, London Allan Carton,
Robert Mahowald August 26, 2015 VP, Cloud Software, IDC
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.
Thepul Ginige Lecture-7 Implementation of Information System Thepul Ginige.
Copyright © 2016 – Curt Hill The Digital World Understanding the challenges of this world.
Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.
1 TCS Confidential. 2 Objective : In this session we will be able to learn:  What is Cloud Computing?  Characteristics  Cloud Flavors  Cloud Deployment.
THE NEED FOR NETWORK SECURITY Hunar & Nawzad & Kovan & Abdulla & Aram.
CLOUD COMPUTING WHAT IS CLOUD COMPUTING?  Cloud Computing, also known as ‘on-demand computing’, is a kind of Internet-based computing,
CYBER SECURITY & ITS IMPACT ON FINANCIAL STATEMENTS AUDITS BOB WAGNER TUESDAY, NOVEMBER FLORIDA SCHOOL FINANCE OFFICERS ASSOCIATION CONFERENCE.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Understanding IT Infrastructure Lecture 9. 2 Announcements Business Case due Thursday Business Analysis teams have been formed Business Analysis Proposals.
CLOUD-BASED VIDS A CIO’S PERSPECTIVE Stephen Alford, CIO WEP, Inc.
1 Evolution and Revolution: Windows 7 and Desktop Virtualization Changing the Desktop Support Landscape Denise Harrison, CIO and Vice President.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
Chapter 6: Securing the Cloud
Understanding The Cloud
Cyber Security for Building Management
Set up your own Cloud The search for a secure and acceptable means of gaining access to your files stored at the office from a remote location.
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Forensics Week 11.
CLOUD COMPUTING Presented By:- EduTechlearners
Consumer Empowerment through Education
Virtual Private Network
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Protect data in core business applications
Presentation transcript:

Top Questions Executives and Board Members Should be Asking About IT and Cloud Risks

2 Learning Objectives Participants will learn about: –The types of IT risks which may go unaddressed by executives and audit committees –Risks of cloud computing –The types of questions around IT risks that will solicit the most meaningful responses –What types of responses to questions on IT risks may be indicative of bigger issues –How to communicate more effectively topics surrounding IT risks

3 What boards say… Nearly half of boards surveyed are dissatisfied with their ability to oversee IT risk * Source: Oliver Wyman’s Global Risk Center and the National Association of Corporate Directors (NACD)

4 What boards say… The top three reasons: –Insufficient expertise at the board level –Insufficient communication on company's IT strategy and operations –Lack of integrated business IT strategy picture presented by management to board * Source: Oliver Wyman’s Global Risk Center and the National Association of Corporate Directors (NACD)

5 Questions Executives Should Ask How many times have we been successfully hacked this year? –What you should know: Foreign hackers are attacking U.S. businesses every day. –Red flag answers from management: “We haven’t.”

6 Questions Executives Should Ask How many people can access our customers’ or employees’ sensitive data? –What you should know: Many organizations don’t know the answer. –Red flag answers from management: “We have SOX controls.”

7 Questions Executives Should Ask Who is going to lose their job if the implementation goes poorly? –What you should know: Accountability is often one of the biggest hurdles to a successful implementation. –Red flag answers from management: Naming anyone not at the meeting.

8 Questions Executives Should Ask What is the definition of a successful project? Budget? Timing? Functionality? –What you should know: Consultants usually get paid more when projects go poorly and rarely do the stakeholders set the definition of a success up front. –Red flag answers from management: “A system that does what it’s supposed to do.”

9 Questions Executives Should Ask Are our laptops and other portable devices encrypted? –What you should know: Encrypting a laptop can help show adequate controls and possibly will allow you to avoid liability for data breaches. –Red flag answers from management: “It costs too much.”

10 Questions Executives Should Ask Do we enforce strong passwords? –What you should know: Easily guessed passwords make hackers’ lives easier. –Red flag answers from management: “Our users will just write them down.”

11 Questions Executives Should Ask Has our disaster recovery plan been fully and completely tested in the past year? –What you should know: If you don’t test the plan, it’s likely to not work when you need it. –Red flag answers from management: “We haven’t tested it.”

12 Questions Executives Should Ask How do we know our service providers are keeping our data safe? –What you should know: A lot of customer and proprietary data is provided to third parties by many organizations. –Red flag answers from management: “We get a SAS No 70 report” or “It’s in our contract.”

13 Guiding Principles Advice Invite IT leadership and IT auditors to audit committee meetings periodically. Don’t be afraid to ask the tough questions about IT. Don’t be afraid to probe the responses to your questions. Consider holding executive sessions with IT leadership and IT auditors.

14 The Cloud Should we be using the cloud?

15 Reactions to the Cloud Why is my CIO talking about the weather? Is this just a sales ploy so I pay more for what I’m already getting? Are these computers in the sky somewhere? What happens if it rains? So you want me to put my critical business information and computer operations in a place I can’t see at some company I’ve never heard of?

16 The History of Computing – 1970s and Early 80s Overview: Mainframes dominated the landscape Workstations had little processing power, effectively “thin clients” Network infrastructure was often contained within a single building and was proprietary Users needed to be at the physical site

17 The History of Computing – 1970s and Early 80s Characteristics: Biggest security threats were insiders Privacy laws were in their infancy Disaster recovery plans focused on the physical building and data center with offsite recovery centers. Storage took up significant space Few people had Few people had cell phones Phones were separate from the computer network

18 The History of Computing – Late 1980s and Early 90s Overview: Client server architecture started to replace mainframes Workstations had more processing power Network infrastructure was beginning to use standard protocols. Many companies started creating company-wide networks using private lines Companies cautiously used the internet for limited purposes Users needed to be at the physical site

19 The History of Computing – Late 1980s and Early 90s Characteristics: Biggest security threats were insiders Privacy laws were in their infancy Disaster recovery plans focused on the physical building and data center with offsite recovery centers Storage took up significant space and cell phones were still the exception Phones were separate from the computer network “Outsourcing” was generally related running a physical large data center

20 The History of Computing – 1990s Overview: Client server architecture widely replaced mainframes Workstations had much more processing power, laptops started to be adopted but were much less powerful. “Thin clients” re-emerged Network infrastructure still used several standards Many companies started using the internet, but still not for critical business Most users needed to be at the physical site “Outsourcing” was generally related running a physical large data center with some application service providers

21 The History of Computing – 1990s Characteristics: Biggest security threats were insiders, but network and internet connectivity began introducing new security risks Privacy laws were in their infancy Disaster recovery plans focused on the physical building and data center with offsite recovery centers Storage took up significant space, but less than before and cell phones were widely adopted Phones were separate from the computer network Data center hosting became more popular as did application service providers

22 The History of Computing – 2000s Overview: Client server architecture dominates the landscape Workstations and laptops had much more processing power Smart phones widely used Network infrastructure came to one standard VPN was adopted on a widespread basis Many companies started using the internet for critical business applications Significant move towards application service providers and remote data center hosting Most users could now work remotely

23 The History of Computing – 2000s Characteristics: Biggest security threats were now from the internet Security vulnerabilities of major products were easily exploited Privacy laws began to take form Disaster recovery plans still focused on the physical building and data center with offsite recovery centers Storage became inexpensive and small Smart phones and laptops were the norm – data now resided outside the company, but generally only on company devices Phones began to get integrated with the computer network

24 Computing – Today Overview: Client server architecture dominates the landscape with widespread “virtualization” Workstations and laptops are powerful, but little is run on them making most operate more like “thin clients” Smart phones widely used Network infrastructure on one standard and VPN heavily used Most companies use the internet for critical business Majority of users can work remotely Many companies exploring the use of the cloud

25 Computing – Today Characteristics: Biggest security threats are state sponsored cyber attacks Major developers better at security Privacy laws much more robust Disaster recovery plans still focused on the physical building and data center with offsite recovery centers Storage is extremely inexpensive and small Smart phones and laptops are the norm – data resides outside the company, including on personal devices Phones often integrated with the computer network

26 What is the Cloud Virtualized servers and applications running in remote data centers that may have redundancy between data centers

27 Cloud Considerations Security –Cloud providers may be more of a target for hackers since they are widely known as service providers, however they also typically have very deep security resources to manage those risks –The cloud might be accessed from anywhere, so end user security access configurations tend to be more important –Third party cloud providers potentially have significant access to any system in their environment Key considerations –Can your internal IT resources secure your environment based on your risk profile better than the cloud? –Do you have strong enough end user security? –Does the cloud provider have a type 2 SOC 2 report over Security?

28 Cloud Considerations Availability and disaster recovery –Cloud providers tend to use hardened data centers with redundancy between locations –Heavy reliance on network connectivity to access cloud resources Key considerations –Do you think you can harden your data centers as well as the cloud data centers? –Has your disaster recovery and business continuity plan been revised to address end user computing? –Do you have adequate network redundancy? –Does the cloud provider have a type 2 SOC 2 report over Availability?

29 Cloud Considerations Privacy –Cloud providers may be more of a target for hackers since they are widely known as service providers, however they also typically have very deep security resources to manage those risks –Third party cloud providers potentially have significant access to any system in their environment –If there is a breach at the cloud provider you may still be responsible for compliance with privacy laws and the impact Key considerations –Are you able to comply with all of the privacy requirements relevant to your industry –Does the cloud provider have a type 2 SOC 2 report over Privacy?

30 Cloud Considerations Cost –With cloud providers there is much less capital spending –The cost of personnel with expertise in maintaining servers, infrastructure, and security can be spread across many organizations, potentially decreasing cost Key considerations –Are you comparing “apples to apples”?

31 Cloud Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.