The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.

Slides:

Advertisements

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Advertisements

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

1 Federal Communications Commission Public Safety and Homeland Security Bureau NARUC Summer Committee Meetings Dallas, Texas July 13, 2014 Clete D. Johnson.

Developing a business plan

For Investors How it works Investing in private emerging growth companies You are an accredited investor and looking for ways to increase your return.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

IT Risk Mitigation Lewan Technology, Agility Recovery, FORTRUST & Woodruff Sawyer.

Fraud Prevention and Investigation Branch. Fraud Prevention- Everyone’s Responsibility.

Domestic Violence: Prevention at Work. Domestic Violence … What Is It? Domestic violence is a pattern of physical, sexual and emotional assault used by.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Vcapital Confidential1 Startup Workshop Presentation to.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

1 Submitted as an Information Sharing Subject (ISS) for the High Interest Subject of “Cybersecurity” GTSC Agenda Item 4.2 DOCUMENT #:GSC14-GTSC7-004 FOR:For.

Developing a Business Plan Cameron Stevenson. Business plan’s can help with many things in a business ranging from financial progress to how to manage.

ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.

Mark Carey, CPA, CISA President x8431 Management-ese: An Introductory Course.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

AICP New England 13 th Annual Education Day PRIVACY Jenny Erickson Vice President, Legislative and Regulatory Affairs The Life Insurance Association of.

© MISHCON DE REYA MAY 2014 RECRUITMENT INTERNATIONAL FINANCIAL DIRECTORS’ FORUM Protecting your business from unlawful competition.

Cyber Security in Local Government. One of the Industry’s Most Widely Recognized and Highly Accredited Partners 1.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,

Risk and Financial Management Panel FPPA 13 th Annual Convention Sanibel Harbour – Fort Meyers, Florida February 23, 2010.

1 Submitted as an Information Sharing Subject (ISS) for the High Interest Subject of “Security and Lawful Interception” Open Agenda 6.3 DOCUMENT #:GSC14-PLEN-070.

The Internet of Things and Consumer Protection

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Lexmundi.com TRADE SECRET PROTECTION IN THE DIGITAL AGE Eric H. Rumbaugh Partner Michael Best & Friedrich LLP Lex Mundi member firm for Wisconsin This.

1 CONFIDENTIAL ©2015 AIR WORLDWIDE New Approaches for Managing Cyber Risk.

New A.M. Best Cyber Questionnaire

Have the Time? Steps to Deal with Cybercrime HFTP Annual Conference Bellevue, Washington October 23, 2015 Presented by: John D. Daum, CPA Scott Perry (Just.

Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Office of Pipeline Safety Hazardous Liquid Pipeline Integrity Management July , 2002 Houston, Texas Welcome.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Albany Bank Corporation Security Incident Management Program.

February 2, 2016 | Chicago NFA Cybersecurity Workshop.

Microsoft Collaboration Survey Research Results Survey of Business and Technology Decision-Makers.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Armenia Twinning 2011 Component F – Information Society, 2 – 6 May DEVELOPMENT OF INFORMATION SOCIETY STATISTICS IN LITHUANIA SURVEY ON.

ICAJ/PAB - Improving Compliance with International Standards on Auditing Planning an audit of financial statements 19 July 2014.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Creating a Culture of Privacy Michael Kaiser Executive Director National Cyber Security

The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.

Classification September 2003© Peltier and Associates, all rights reserved Creating an Asset Classification Methodology ISIG & ISSA September, 2003.

Centers of Excellence and Expertise Department of Homeland Security  Customs and Border Protection 1.

Cyber Liability: New Exposures Presented by: Henriott Group © 2007, , Zywave Inc. All rights reserved.

U.S. NATIONAL CYBERSECURITY BY: SEIF ABOU NAR. WHY ARE WE TALKING ABOUT CYBERSECURITY? Attacks received the attention of president Clinton and Attorney.

SOFTWARE PIRACY & WORKPLACE ETHICS. What Is Software Piracy? Unauthorized copying/installation/use Unauthorized distribution or sale.

Cybersecurity as a Business Differentiator

Information Security Program

New A.M. Best Cyber Questionnaire

Business Continuity Plan Training

The Office in Relation to the Total Organization

I have many checklists: how do I get started with cyber security?

Cyber Trends and Market Update

The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask

Anatomy of a Common Cyber Attack

The state of digital supplier risk management: In partners we trust

Presentation transcript:

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 1 The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask ANSI Homeland Security Standards Panel (ANSI-HSSP) October 2, :00 to 4:15 PM U.S. Chamber of Commerce

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 2 Presenters Moderator –Ty R. Sagalow, President, American International Group (AIG) Product Development, and Workshop Leader Panelists –Michael Castagna, Chief Information Security Officer, U.S. Department of Commerce –Larry Clinton, President, Internet Security Alliance (ISA) –Harrison Oellrich, Managing Director, Guy Carpenter & Company, LLC –Regan Adams, Former Assistant Privacy Counsel, Goldman Sachs

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 3 Agenda Background: Setting the Scene Development of an Action Guide to analyze, manage, and transfer financial risk for cyber security Questions and Answers

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 4 Background Setting the Scene Cyber security is vital to the economic well-being of the U.S. What does cyber security really mean? –No standard definition, but one interpretation is the protection of any computer system, software program, and data against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional –Cyber security attacks can come from internal networks, the Internet, or other private or public systems

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 5 Background (continued) Corporations use cyber systems for multiple purposes –Real-time tracking of supply chains –Inventory management –Improvement of employee efficiency –Generation of on-line commerce Twenty-five percent of America’s economic value – up to $3 trillion a day – moves over network connections each day

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 6 Background While corporations appreciate the benefits of the Internet, they have often failed to properly account for its financial risks –50% of Senior Executives said they did not know how much money was lost due to an attack –Congressional Research Service estimates that the economic impact of cyber attacks on business has grown to over $226 billion annually –Total average cost of a data breach grew to approximately $200 per record compromised in 2007

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 7 Background There is a substantial body of work dealing with the technical standards of cyber security Plenty of attention paid to important technical issues, such as data encryption and best-in-class security technologies BUT...to date, there has not been any comprehensive methodology for understanding and mitigating the financial losses associated with cyber risk

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 8 Net Financial Risk Formula

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 9 What Are Some of the Costs? Failure of security can have costly consequences –Civil and criminal lawsuits –Lost trade secrets –Breach of contract, breach of privacy –Reputation damage –Business interruption, lost income

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 10 Development of Financial Risk Action Guide To promote understanding of financial risk, the American National Standards Institute’s (ANSI) Homeland Security Standards Panel (HSSP) and the Internet Security Alliance (ISA) launched a workshop

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 11 Development of Financial Risk Action Guide The Goal –Create an Action Guide to analyze, manage, and transfer financial risk for Cyber Security The Team –More than 30 industry leaders and governmental partners The key to understanding the financial risks of cyber security is to fully embrace its multi-disciplinary nature, covering many areas of a company

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 12 Resolve: Multidisciplinary Feed to CFO A CFO needs to know the key questions to ask to the major stakeholders in all corporate domains, including: –General Counsel –Chief Risk Officer –Chief Compliance Officer –Chief Technology Officer –Heads of Corporate Communications, Investor Relations, and Customer Service –Head of Human Resources

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 13 Time Table The Timetable –First Workshop held in March 2008 –Draft Action Guide prepared by teams representing the different disciplines –Subsequent Workshops held in May and July –Action Guide finalized in early August –Publication is being released this month, “National Cyber Awareness Month”

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 14 Action Guide: How to get it The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask Release date: October 20, 2008 Register in advance for a free electronic copy of the document to be ed to you early that morning: webstore.ansi.org/cybersecurity