Securing the Digital Environment Technology Risk Management - A Caribbean Perspective Monday November 10 th 2014 Roshan Mohammed.

Slides:



Advertisements
Similar presentations
ISACA January 8, IT Auditor at Cintas Corporation Internal Audit Department Internal Security Assessor (ISA) Certification September 2010 Annual.
Advertisements

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Improving Technology Decision Making for the Multichannel Retailer.
BalaBit Shell Control Box
Understanding and Building Basic Networks Chapter 4 Protecting Yourself Online.
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.
Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
Information Security Policies Larry Conrad September 29, 2009.
Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.
Safe Information By Eli Salazar. The Government The Internet A strategic way to communicate top secret plans. The government used Internet for its safety.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
Business Plug-In B7 Ethics.
Brian Markham Director, DIT Compliance and Risk Services May 1, 2014
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
SOX Compliance Don’t fight what can help you. Skye L. Rogers  9 Years experience working in Systems & Operations in various roles.  4 years focusing.
Chapter 2 Modern Private Security
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
Outline  Company Profile  Services Provided  Assets  System Schema  Risk Categories  Technical Risks and Mitigation  Summary.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
IT Control Objectives for Sarbanes-Oxley
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
PCI: As complicated as it sounds? Gerry Lawrence CTO
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
FIVE STEPS TO REDUCE THE RISK OF CYBERCRIME TO YOUR BUSINESS.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
GRC - Governance, Risk MANAGEMENT, and Compliance
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
L ESSON 2 A website is a collection of different types of data, which can be anything like text, graphics, videos etc. combined together to provide.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
IT GOVERNANCE  Objective : The objective of this area is to ensure that the Certified Information Systems Auditor ( CISA ) candidate understands and can.
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-1 BUSINESS DRIVEN TECHNOLOGY Business Plug-In B2 Ethics.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
EECS 4482 Fall 2014 Session 8 Slides. IT Security Standards and Procedures An information security policy is at a corporate, high level and generally.
Pro-active Security Measures
Placing Information Security within an Organization
Agency Name Security Program FY 2009 John Q. Public Agency Director/CIO/ISO.
Preparing for negotiation  Understand client’s business intention and goals  Measure positioning of your client and the opposite party: the purpose.
Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015.
FFIEC Cyber Security Assessment Tool
Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)
Working On The Frontier
CYBER SECURITY PRACTICES: AN EXPERT PANEL DISCUSSION February 12, 2015 Harvard Business School Association of Boston.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
Cyber Risk Management and Insurance
Performing Risk Analysis and Testing: Outsource or In-house
Information Security Program
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Cybersecurity - What’s Next? June 2017
Risk Management and the Treasury Function
Educause/Internet 2 Computer and Network Security Task Force
Network monitoring service pricing. Table Of Contents 1.Company Overview 2.Network monitoring service pricing 3.Certifications.
Network Access Control 101 Securing the Critical Edge of Your Network
Unit 7 – Organisational Systems Security
Today’s Risk. Today’s Solutions. Cyber security and
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Server Security Policy
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
National Information Assurance (NIA) Policy
Presentation transcript:

Securing the Digital Environment Technology Risk Management - A Caribbean Perspective Monday November 10 th 2014 Roshan Mohammed

Current State Low business priority on securing digital assets Reactive Management - After the web site is hacked After the data has been taken After employees take intellectual property We perceive information security to be simple – Can be done in-house by IT Department Firewall + Anti Virus = Secure Network Caribbean Incidents Mar 20 Barbados … Bank Records hacked Mar 11 BahamasHackers spark credit card chaos Feb 6JamaicaHackers said to be found with DPP files Feb 6BarbadosBarbados police investigating missing data on oil industry Jan 26Jamaica… Hacked Quoted mainly from the Trinidad Guardian - guardian/ /caribbean-cyberattacks-rise

Imminent Landscape Legislation -Local -and International (SOX, PCI DSS, ISO) Board Due Diligence Requirements – Pro Active Management of Risk - Managing Risk within the local technology ecosystem Internet Operational Risk -Cybercrime Technology Adoption - Stay-in-Business

Planning for Risk Management For my business, in my country, in my industry, in my region – what are the most critical technology risks? What strategic options do I have in approaching the mitigation of these risks? How do I future proof my investment in risk mitigation? DO NOT Invest in risk management technology without understanding your business risks. Underestimate the technology risk in business activities. - JP Morgan - Dropbox - Target

What can help If you do not already have a risk management strategy, invest in getting one -Have a technology risk assessment done for your business -Make sure the strategy fits our Caribbean business model Use the right tools -Best practice standards (ISO 27000, ISO etc) -You cannot manage what you do not measure Use the right resources -Proven work history -Grow with the company over time.

The Results Some of the questions that will be answered at the end of the strategic risk assessment. Policy and Procedures – If these are in place, do they meet best practice guidelines? Do they cover my greatest business risk areas? Technology Is technology design and configuration sufficient to protect my business? Will my technology defenses grow with my business? People Does my corporate culture embrace risk management, and if not how can I achieve this? Are my superusers actions being monitored?

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.