Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Slides:

Advertisements

Similar presentations

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.

Advertisements

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

IT Control Objectives for Sarbanes-Oxley Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines.

Secure Systems Research Group - FAU Process Standards (and Process Improvement)

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

RMI Global Risk & Crisis Management Solutions. Certain material influenced by source material drawn from IFAC Risk - Hazard & Opportunity Hazards € Spent.

Jeff Williams Information Security Officer CSU, Sacramento

Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.

SOX & ISO Protect your data and be ready to be audited!!!

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

Session 3 – Information Security Policies

Information Systems Controls for System Reliability -Information Security-

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.

Vendor Risk: Effective Management is Essential

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Discussing “Risk Analysis in Software Design” 1 FEB Joe Combs.

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

IDENTITY THEFT. RHONDA L. ANDERSON, RHIA, PRESIDENT ANDERSON HEALTH INFORMATION SYSTEMS, INC.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.

Where in the world is your data? Data Breach Analysis Angelbeat Seminar Billy Austin, President iScan Online, Inc.

Recent Regulatory Developments in EU and the Roles and Responsibilities of Compliance Officers‘ Presentation at the Banks Association of Turkey TBB - TÜRKİYE.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

ERP For Payments Presented by: Greg Midtbo Oracle Corporation Industry Vice President Financial Services.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Prepared by Dept. of Information Technology & Telecommunications, November 19, 2015 Application Security Business Risk and Data Protection Gregory Neuhaus.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Security Awareness at Board Level Dr. Claudia Natanson CISO Diageo TERENA Networking Conference May 2007 Lyngby, Denmark “Myth or Reality”

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

Elder Care Seminar FRS Homecare Colin Donnery General Manager FRS Recruitment

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

TOP 10 TECHNOLOGY INITIATIVES Robert G Parker July 12, 2013.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Protecting your Managed Services Practice: Are you at Risk?

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

CYBER SECURITY & ITS IMPACT ON FINANCIAL STATEMENTS AUDITS BOB WAGNER TUESDAY, NOVEMBER FLORIDA SCHOOL FINANCE OFFICERS ASSOCIATION CONFERENCE.

Trinity Industries, Inc. FEI Presentation May 31, 2012.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

Why SIEM – Why Security Intelligence??

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Securing Big Data is a business imperative. PROTECT BIG DATA

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

Telephone : +234 (0) | Website : Registered company : Telephone : +234.

NY DFS Cyber Regulation and the Impact on PA Mutual Insurers

Information Security Management Goes Global

Cyber Insurance Risk Transfer Alternatives

Cybersecurity as a Business Differentiator

Managing Compliance for All Departments

Information Security Program

Juniper Software-Defined Secure Network

Team 1 – Incident Response

Providing assurance on risk management and controls

Chapter 3: IRS and FTC Data Security Rules

Information Security: Risk Management or Business Enablement?

I have many checklists: how do I get started with cyber security?

General Counsel and Chief Privacy Officer

Cybersecurity compliance for attorneys

The MobileIron® Threat Detection difference:

Managing IT Risk in a digital Transformation AGE

DSC Contract Management Committee Meeting

Corporate Encryption:

Leading financial services provider

Presentation transcript:

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security

Agenda  Why Should We Care?  The View from the Top  Risk Management or Business Enablement  Case Study

Why Should We Care? 3

Data Breaches

// Source of Data Breaches Source: Verizon Business Data Breach Report Verizon Business 2013 Data Breach Report

// Timeline of a Breach Source: Verizon Data Breach Report 2015 In 60% of cases, attackers are able to compromise an organization within minutes.

How are breaches identified? Source: Verizon Business Data Breach Report Only 3% of breaches were detected with common security controls

The View from the Top 8

Business View Of Information Security How does this fit into our business strategy? Why do we have to change our passwords every month? You can’t impact our network latency! What is the Return on Investment? Two Factor Authentication takes too long! Isn’t that too difficult for our clients?

Risk Management or Business Enablement? 10

Question 11

Key Business Drivers For Risk Management  Regulatory Compliance  Maintain Continuity  Prevent Financial Loss  Detect Unauthorized Access

Key Business Drivers For Business Enablement  Protect Brand Reputation  Contractual Obligations  Third Party Vendor Audits  Expanded Business Opportunities

Case Study 14

Healthcare Services Company  Develop an Information Security Strategy  Focus on how to protect the business and its data  Develop strategy based on the risk to sensitive data  Align regulatory compliance standards with information security strategy  Develop and implement policies, standards, and procedures to support the Information Security Strategy  Integrate policies, standards, and procedures into regular business processes  Develop and Test an Incident Response Plan  Plan should include detecting, responding to and limiting the effects of an information security event

Questions? Mike Childs Office: x711