Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security What every CFO needs to consider Joe Fracchia, CPA, CISA November 22, 2013.

Published byEugene Dalton Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security What every CFO needs to consider Joe Fracchia, CPA, CISA November 22, 2013."— Presentation transcript:

1 Information Security What every CFO needs to consider Joe Fracchia, CPA, CISA November 22, 2013

2 Information Security  A Quick Primer  Context  Headlines  Opportunity

3 Information Security Primer  What:  Intellectual Property: Customer Lists, Recipes, Proprietary Processes/Formulae, R&D  Supplier pricing, customer pricing  Financial Data; banking data  HR data  Personally Identifiable Data (PII)  Etc…  Why:  Regulatory, Contractual, Reputational, Competitive

4 Context Business Operations CompetitionCustomersRegulatorySuppliers Information Security Zones

5 Headlines Security Week 10/10/2013 Business Operatio ns Competit ion Customer s Regulator y Suppliers

6 Headlines Business Operatio ns Competit ion Customer s Regulator y Suppliers

7 Headlines 10/4/2013 Business Operatio ns Competit ion Customer s Regulator y Suppliers

8 Headlines Business Operatio ns Competit ion Customer s Regulator y Suppliers

9 Headlines Business Operatio ns Competit ion Customer s Regulator y Suppliers

10 Headlines Business Operatio ns Competit ion Customer s Regulator y Suppliers

11 Headlines What specifically does your product do? Where has your R&D investment gone in the past 2 years? What ROI am I buying? What is the value add? When will I get the benefit? Now? What advantage do I get by doing business with you? Business Operatio ns Competit ion Customer s Regulator y Suppliers

12 Vulnerabilities run across the and overlap the various zones Business Operations CompetitionCustomersRegulatorySuppliers IP, Financial Data, Customer Lists, R&D, Marketing PII, IP Pricing, IP Financial, HIPAA, PII PII, PCI, R&D, Strategic Moves, OPS and Fin Data

13 How we assure ourselves and each other takes on various forms, each with their own approaches Business Operations CompetitionCustomersRegulatorySuppliers SSAE 16 SOC Reports PCI-DSS; PA-DSS PCI-DSS; PA-DSS; Internal Audit SOX, Internal Audit, PII

14 Ownership of the various assurance vehicles and the data tends to be in silos: Finance Human Resources Legal/ Counsel SOX, SSAE 16 PII, HIPAAPCIContractual, IP

15 The opportunity is efficiency: leverage assurance, reduce cost, increase effectiveness Control AreaPCIPIISOX SSAE 16 Internal Audit Self Assess Information Security Policy XXX* Secure Network XX*** Protect Data XXX*** Vulnerability Management XXX*** Access Control XX*** Monitor and Test XX*** Change Control X*** Operations Integrity X***

16 Examples  We do penetration testing to test our network; PCI requires scans for various levels of providers- do you do them twice?  System integrity depends on change control. SOX, most SSAE 16s and portions of PCI require testing. How do you avoid doing process testing three times?  Are your internal auditors, QSA and functional areas testing the same things that other providers are? Can you leverage?

17 Now is the right time to have the discussion about the security budget

18 Questions?

19 Information Security What every CFO needs to consider Joe Fracchia, CPA.CISA 901.333.2255 / 901.289.3417

Download ppt "Information Security What every CFO needs to consider Joe Fracchia, CPA, CISA November 22, 2013."

Similar presentations

MASTER OF MANAGEMENT PROGRAM MM46 PPM GRADUATE SCHOOL OF MANAGEMENT January 09, 2010 LECTURER : HENRY CHRISTIANTO., ST., MTI.

MASTER OF MANAGEMENT PROGRAM MM46 PPM GRADUATE SCHOOL OF MANAGEMENT January 09, 2010 LECTURER : HENRY CHRISTIANTO., ST., MTI.
Company Analysis.

Company Analysis.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.

Navigating Compliance Requirements DCM 6.2 Regs and Codes linford & co llp.
RMI Global Risk & Crisis Management Solutions. Certain material influenced by source material drawn from IFAC Risk - Hazard & Opportunity Hazards € Spent.

RMI Global Risk & Crisis Management Solutions. Certain material influenced by source material drawn from IFAC Risk - Hazard & Opportunity Hazards € Spent.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Enterprise Risk Management Its Meaning and Import Jerry A. Miccolis, FCAS, MAAA Tillinghast - Towers Perrin.

Enterprise Risk Management Its Meaning and Import Jerry A. Miccolis, FCAS, MAAA Tillinghast - Towers Perrin.
Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.

Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall Ch 3 -1 External Strategic Management Audit – Environmental Scanning – Industry Analysis.

Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall Ch 3 -1 External Strategic Management Audit – Environmental Scanning – Industry Analysis.
Vendor Management Frequent regulatory findings:

Vendor Management Frequent regulatory findings:
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.

Chapter 11.  The board is ultimately responsible for risk management  Oversee strategic risks, operational risks, and financial risks  Many federal.
The Evolution of IT Risk & Compliance February 2012 Rosalyn Ellis, CRISC Susan Hoffman, CISA,CGEIT 1.

The Evolution of IT Risk & Compliance February 2012 Rosalyn Ellis, CRISC Susan Hoffman, CISA,CGEIT 1.
CUAV Conference Risk Assessment May 18, 2015

CUAV Conference Risk Assessment May 18, 2015
100 % UPTIME SLAs 27 | 8 DATA CLOUD CENTERSPODS SSAE-16, SOC 2 TYPE II, PCI-DSS, HIPAA, HITECH AT101, NIST 800-53, SAFE HARBOR COMPLIANT POWER INFRASTRUCTURE.

100 % UPTIME SLAs 27 | 8 DATA CLOUD CENTERSPODS SSAE-16, SOC 2 TYPE II, PCI-DSS, HIPAA, HITECH AT101, NIST , SAFE HARBOR COMPLIANT POWER INFRASTRUCTURE.
Consultancy.

Consultancy.
Saxson Global Services Outsourced Professional Services BPO Business Process Outsourcing Your Global Sourcing Partners.

Saxson Global Services Outsourced Professional Services BPO Business Process Outsourcing Your Global Sourcing Partners.
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.
Governance of the Treasury Function CIPFA Scottish Treasury Management Forum Alan George, Regional Director 23rd February 2012.

Governance of the Treasury Function CIPFA Scottish Treasury Management Forum Alan George, Regional Director 23rd February 2012.

Similar presentations

Ads by Google