Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Risks: Protecting confidential data against unauthorized access Vik Bansal Deloitte & Touche LLP John Reidhead State of Utah March 17, 2016.

Published byBeverly King Modified over 8 years ago

Similar presentations

Presentation on theme: "Cyber Risks: Protecting confidential data against unauthorized access Vik Bansal Deloitte & Touche LLP John Reidhead State of Utah March 17, 2016."— Presentation transcript:

1 Cyber Risks: Protecting confidential data against unauthorized access Vik Bansal Deloitte & Touche LLP John Reidhead State of Utah March 17, 2016

2 The state of cybersecurity

3 3Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. … and organizations must trust people every day. We have connected our economy and society using platforms designed for sharing information… not protecting it

4 4Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. States rapidly embrace new technology to better serve constituents, efficiently CloudSocial Media MobileOnline

5 5Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. State agencies continue to be a target States collect, share and use large volumes of the most comprehensive citizen information. The large volume of information makes states an attractive target for both organized cyber criminals and hacktivists.

6 6Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Perfect security is not feasible. Instead, reduce the impact of cyber incidents by becoming: SECURE — Enabling business innovation by protecting critical assets against known and emerging threats across the ecosystem VIGILANT — Gaining detective visibility and preemptive threat insight to detect both known and unknown adversarial activity RESILIENT — Strengthening your ability to recover when incidents occur Innovations that drive growth also create cyber risk Threat actors exploit weaknesses that are byproducts of business growth and innovation. New citizen service models New sourcing and supply-chain models New applications and mobility tools Use of new technologies for efficiency gains and cost reduction Cyber risk management is a positive aspect of managing business performance.

7 7Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Who might attack? Understand threats and motives relevant to your environment What tactics might they use? IMPACTS ACTORS Financial theft/fraud Theft of IP or strategic plans Business disruption Destruction of critical infrastructure Reputation damage Threats to life safetyRegulatory Organized criminals Hactivists Nation states Insiders/ partners Skilled individual hackers Very highHighModerateLow KEY What are they after, and what are the key business risks we need to mitigate?

8 8Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. It is almost inevitable that your safeguards will fail, at some point. Have you anticipated and prepared for the possible outcomes?

9 Financial management’s role in protecting data

10 10Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. The Deloitte-NASCIO Cybersecurity Study also provides benchmarking data on IT security spending Others provide average breach impact data Use the data wisely…. $3.79M 1 Ponemon Institute 2015 Cost of Data Breach Study: Global Analysis, May 2015 and the average cost of a cyber incident is… $154 Globally, the average per-record cost of data breach is… Investing in a cyber risk program – Elevate your discussion with agency and state leaders Cyber strategy cannot be based solely on preventing the kind of attack you just saw in the news. Benchmarking against security spend for your industry may be misleading. Each organization’s cyber risk profile is distinct. The costs and impact of a cyber attack may be more far-reaching than common references would indicate. Example: Citizen trust impact. Improved security controls may not be the most important investment for your organization.

11 11Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Financial management’s role The finance function has a unique view into the complexities of the business Financial managers are being asked to take a more proactive role in addressing cyber risks 1 Collaboration is critical across business and functional areas ‏ Source: http://www.securitymagazine.com/articles/86838- finance-plays-critical-role-in-mitigating-cyber-security-risks

12 12Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Better understand cyber risks to the business and the data you manage by asking: Where are my high-risk assets? Where does the data reside? What are the citizen privacy issues? Why does the data need to be protected? What are the possible motives of an attack? What is the business implication of a breach within the agency, state and external parties? What systems are in place to manage risks and where are they? Ask the right questions

13 13Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. An assessment of the organization’s cybersecurity should evaluate specific capabilities across multiple domains Establish a risk-based, not compliance-based, framework Vigilant Secure Data management and protection Secure development life cycle/ERP & financial applications Cybersecurity risk and compliance management Threat and vulnerability management Resilient Security operations Security awareness and training Crisis management and resiliency Risk analytics Security program and talent management Third-party management Identity and access management Information and asset management * The Deloitte cybersecurity framework is aligned with industry standards and maps to Cyber Security Framework, NIST, ISO, COSO, and ITIL.

14 14Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Secure.Vigilant.Resilient.™ approach Vigilant Secure Data management and protection Secure development life cycle/ERP & financial applications Cybersecurity risk and compliance management Threat and vulnerability management Resilient Security operations Security awareness and training Crisis management and resiliency Risk analytics Security program and talent management Third-party management Identity and access management Information and asset management * The Deloitte cybersecurity framework is aligned with industry standards and maps to Cyber Security Framework, NIST, ISO, COSO, and ITIL. An assessment of the organization’s cybersecurity should evaluate specific capabilities across multiple domains

15 15Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Leverage your framework to better manage compliance IRS Publication 1075: Illustrative Top 10 Requirements

16 State of Utah case study

17 Utah Cybersecurity Improvements  Improvements in Cybersecurity Due to 2012 Breach  Established a Statewide Security Council  Established a Statewide CISO Position  Central IT (DTS) –Better Coordination and Cooperation with Dept’s –Better Data Classification, Monitoring, Encryption –Biennial Independent Security Reviews

18 Department Improvements  Increased Focus on Security in IT Councils  Adopted Formal Security Policies  Improved Communication with IT at Dept Level (524 Forms)  Better Understanding and Adherence to NIST and Other Standards  Dept Annual Calendar of Security Tasks  PCI Coordinator, Statewide Improvement

19 19Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Effectively manage what is in your control Being VIGILANT means having threat intelligence and situational awareness to anticipate and identify harmful behavior. Being RESILIENT means being prepared and having the ability to recover from, and minimize the impact of, cyber incidents. Being SECURE means having risk-prioritized controls to defend critical assets against known and emerging threats. Secure.Vigilant.Resilient. TM

20 20Managing the Complexity of Cyber RisksCopyright © 2016 Deloitte Development LLC. All rights reserved. Presenter information Vik Bansal Director Cyber Risk Services Deloitte & Touche LLP vbansal@deloitte.com John Reidhead Director UT Division of Finance State of Utah jreidhead@utah.gov

21 This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation. As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.www.deloitte.com/us/about Copyright © 2016 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited

Download ppt "Cyber Risks: Protecting confidential data against unauthorized access Vik Bansal Deloitte & Touche LLP John Reidhead State of Utah March 17, 2016."

Similar presentations

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
General tax landscape.

General tax landscape.
© 2010 Deloitte & Touche LLP The Cyber-Savvy Organization: 10 Steps to a New Cyber Mission Discipline May 2010.

© 2010 Deloitte & Touche LLP The Cyber-Savvy Organization: 10 Steps to a New Cyber Mission Discipline May 2010.
CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.

CUBIC DEFENSE APPLICATIONS Security Summit Discussions Jeff Snyder Vice President, Cyber Programs Cubic Defense Applications.
© 2010 Deloitte Touche Tohmatsu Sustainable Business Australia Counting the beans - retro-fitted commercial buildings Chris Leach Partner, National Leader.

© 2010 Deloitte Touche Tohmatsu Sustainable Business Australia Counting the beans - retro-fitted commercial buildings Chris Leach Partner, National Leader.
“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”

“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”
Mind the Gap: Evaluating Internal Controls in Pharmaceutical Supply Chains across Sub-Saharan Africa AIDS 2012: July 22-27 Julianna Kohler, Revathi Avasarala,

Mind the Gap: Evaluating Internal Controls in Pharmaceutical Supply Chains across Sub-Saharan Africa AIDS 2012: July Julianna Kohler, Revathi Avasarala,
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Navy Path to Cloud Commercial Services Integration (CSI) Team November 2013 ACT-IAC Pacific: Cloud Computing Panel & Roundtable.

Navy Path to Cloud Commercial Services Integration (CSI) Team November 2013 ACT-IAC Pacific: Cloud Computing Panel & Roundtable.
Leveraging CPQ Cloud for Channel Enablement Self Service Quoting for One and Two Tier Networks.

Leveraging CPQ Cloud for Channel Enablement Self Service Quoting for One and Two Tier Networks.
Deloitte in India APLG Annual Meeting Savannah, Georgia February 14, 2011.

Deloitte in India APLG Annual Meeting Savannah, Georgia February 14, 2011.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.

PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Financial structure, management, and IFRS Reporting Creating value for growth Presenter: John Robinson Partner.

Financial structure, management, and IFRS Reporting Creating value for growth Presenter: John Robinson Partner.
Page 0 Recording of this session via any media type is strictly prohibited. Page 0 FOR016: EXCELLENCE IN RISK MANAGEMENT 11.

Page 0 Recording of this session via any media type is strictly prohibited. Page 0 FOR016: EXCELLENCE IN RISK MANAGEMENT 11.
Trade Across the Americas: Bolstering Security and Efficiency Supply Chain Risk Analytics May 2015.

Trade Across the Americas: Bolstering Security and Efficiency Supply Chain Risk Analytics May 2015.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
CLICK TO ADD TITLE The 5th Global Health Supply Chain Summit

CLICK TO ADD TITLE The 5th Global Health Supply Chain Summit

Similar presentations

Ads by Google