Presentation is loading. Please wait.

Presentation is loading. Please wait.

Customer Security Programme (CSP) Denis Kruger SWIFT Head Sub-Sahara Africa April 2017 v17.

Published byArlene Burke Modified over 7 years ago

Similar presentations

Presentation on theme: "Customer Security Programme (CSP) Denis Kruger SWIFT Head Sub-Sahara Africa April 2017 v17."— Presentation transcript:

1 Customer Security Programme (CSP) Denis Kruger SWIFT Head Sub-Sahara Africa April 2017
v17

2 CSP | Modus Operandi Step 1 Step 2 Step 3 Step 4
Attackers compromise customer's environment Attackers obtain valid operator credentials Attackers submit fraudulent messages Attackers hide the evidence Common starting point has been a security breach in a customer’s local environment In all cases, the SWIFT’s network and core messaging services have not been compromised Attackers are well-organised and sophisticated Attackers compromise the bank’s local environment by introducing malware either directly at the bank or remotely, e.g. phishing campaigns, via a USB stick or rogue internet URLs Attack can be started from either a malicious insider or an external attacker, or both Attackers are looking for valid account ID and password credentials from staff who have legitimate access to payment infrastructure Once they obtain them, they have the ‘keys’ to the system At this stage they very often watch and wait to familiarise themselves with how banks’ back office process and systems work Once an attacker has valid credentials and enough knowledge on how to access and use the applications, they can log in, impersonate the operators from whom they stole the credentials, and submit fraudulent payments – all without raising suspicion Sometimes happens outside the normal bank working hours Attackers hide the evidence Numerous methods have been used, e.g. tampering with the reconciliation process; deleting or manipulating records / logs either remotely or using malware This wins time to make sure the transfer of funds happens without detection CSP will reinforce and evolve the security of global banking, in the face of ever-increasing cyber threat, consolidating and building upon existing SWIFT and industry efforts. Within the scope of CSP: Define new security guidelines and audit frameworks - We will introduce new audit frameworks and certification processes to help you ensure that your internal procedures meet key security and operational baselines Enhance SWIFT-related tools - We are strengthening the security requirements for customer-managed software. We will also continue our efforts to harden our own products with further tools and monitoring capabilities Information Sharing - We are supporting greater levels of information sharing across the global community. This means a greater exchange of cyber threat information between customers and SWIFT, and we’ll be keeping you informed of any preventive and detective measures that will help safeguard the community CSP will be limited to customer infrastructure and operations related to SWIFT, both SWIFT products and services as well as third party software products. Scope includes cyber security incidents, either actual or planned, that could result in: Compromise of SWIFT infrastructure, products, services or SDC Fraudulent SWIFT messages being carried over the SWIFT network, or other networks Breach of confidential information, e.g. disclosure of SWIFT message payloads Scope also includes messages generated by back-office applications

3 Customer Security Programme
CSP | Framework Customer Security Programme While all SWIFT customers are individually responsible for the security of their own environments, a concerted, industry-wide effort is required to strengthen end-point security On May 27th, 2016 SWIFT announced its Customer Security Programme that supports customers in reinforcing the security of their SWIFT-related infrastructure CSP focuses on mutually reinforcing strategic initiatives, and related enablers CSP will reinforce and evolve the security of global banking, in the face of ever-increasing cyber threat, consolidating and building upon existing SWIFT and industry efforts. Within the scope of CSP: Define new security guidelines and audit frameworks - We will introduce new audit frameworks and certification processes to help you ensure that your internal procedures meet key security and operational baselines Enhance SWIFT-related tools - We are strengthening the security requirements for customer-managed software. We will also continue our efforts to harden our own products with further tools and monitoring capabilities Information Sharing - We are supporting greater levels of information sharing across the global community. This means a greater exchange of cyber threat information between customers and SWIFT, and we’ll be keeping you informed of any preventive and detective measures that will help safeguard the community CSP will be limited to customer infrastructure and operations related to SWIFT, both SWIFT products and services as well as third party software products. Scope includes cyber security incidents, either actual or planned, that could result in: Compromise of SWIFT infrastructure, products, services or SDC Fraudulent SWIFT messages being carried over the SWIFT network, or other networks Breach of confidential information, e.g. disclosure of SWIFT message payloads Scope also includes messages generated by back-office applications

4 CSP | You > Security Guidelines and Assurance
Security Guidelines and Assurance Framework Enhance security guidelines. Develop security requirements and related assurance compliance framework to strengthen the secure management of SWIFT messages at customer sites. Some guidelines will become mandatory Actions to Date In July 2016, we published an expanded security guidance document for Alliance Products, outlining minimum controls recommended for customer implementation, including 2FA, segregation of networks, segregation of duties and RMA management practices Next Steps Further enhancement of guidance documents for Customer Managed Interfaces and Alliance Lite2 Following customer validation via NMG. A first version will be published in Q and come into play through self-attestation in Q2 2017 CSP will reinforce and evolve the security of global banking, in the face of ever-increasing cyber threat, consolidating and building upon existing SWIFT and industry efforts. Within the scope of CSP: Define new security guidelines and audit frameworks - We will introduce new audit frameworks and certification processes to help you ensure that your internal procedures meet key security and operational baselines Enhance SWIFT-related tools - We are strengthening the security requirements for customer-managed software. We will also continue our efforts to harden our own products with further tools and monitoring capabilities Information Sharing - We are supporting greater levels of information sharing across the global community. This means a greater exchange of cyber threat information between customers and SWIFT, and we’ll be keeping you informed of any preventive and detective measures that will help safeguard the community CSP will be limited to customer infrastructure and operations related to SWIFT, both SWIFT products and services as well as third party software products. Scope includes cyber security incidents, either actual or planned, that could result in: Compromise of SWIFT infrastructure, products, services or SDC Fraudulent SWIFT messages being carried over the SWIFT network, or other networks Breach of confidential information, e.g. disclosure of SWIFT message payloads Scope also includes messages generated by back-office applications

5 CSP Security Controls Framework
CSP | You > Security Guidelines and Assurance Security Controls CSP Security Controls Framework Secure Your Environment 1. Restrict Internet access 2. Segregate critical systems from general IT environment 3. Reduce attack surface and vulnerabilities 4. Physically secure the environment Know and Limit Access 5. Prevent compromise of credentials 6. Manage identities and segregate privileges Detect and Respond 7. Detect anomalous activity to system or transaction records 8. Plan for incident response and information sharing 3 Objectives 8 Principles Applicable to all customers and to the whole end-to-end transaction chain beyond the SWIFT local infrastructure Mapped against recognised international standards 16 controls are mandatory and 11 are advisory Documentation and collateral available since end of October 2016 27 Controls CSP will reinforce and evolve the security of global banking, in the face of ever-increasing cyber threat, consolidating and building upon existing SWIFT and industry efforts. Within the scope of CSP: Define new security guidelines and audit frameworks - We will introduce new audit frameworks and certification processes to help you ensure that your internal procedures meet key security and operational baselines Enhance SWIFT-related tools - We are strengthening the security requirements for customer-managed software. We will also continue our efforts to harden our own products with further tools and monitoring capabilities Information Sharing - We are supporting greater levels of information sharing across the global community. This means a greater exchange of cyber threat information between customers and SWIFT, and we’ll be keeping you informed of any preventive and detective measures that will help safeguard the community CSP will be limited to customer infrastructure and operations related to SWIFT, both SWIFT products and services as well as third party software products. Scope includes cyber security incidents, either actual or planned, that could result in: Compromise of SWIFT infrastructure, products, services or SDC Fraudulent SWIFT messages being carried over the SWIFT network, or other networks Breach of confidential information, e.g. disclosure of SWIFT message payloads Scope also includes messages generated by back-office applications

6 CSP | You > Security Guidelines and Assurance

7 CSP | You > Security Guidelines and Assurance

8 CSP | You > Security Guidelines and Assurance
Self-Attestation Where customer positively asserts that it meets the security requirements First- and second-line of defence – provided by senior management All customers with an interface All customers with a small local footprint Assurance Framework Self Attest Self-Inspection Where customer’s Internal Audit asserts that the customer meets the security requirements Third-line of defence - provided by Internal Audit function Risk based sample of customers with a small local footprint Self Inspect Third-Party Inspect Third-Party Inspection For an external party that provides independent validation that the customer meets the security requirements All traffic concentrators (extended SIP), executed by SWIFT Risk based sample of customers with an interface, executed by third-party auditors CSP will reinforce and evolve the security of global banking, in the face of ever-increasing cyber threat, consolidating and building upon existing SWIFT and industry efforts. Within the scope of CSP: Define new security guidelines and audit frameworks - We will introduce new audit frameworks and certification processes to help you ensure that your internal procedures meet key security and operational baselines Enhance SWIFT-related tools - We are strengthening the security requirements for customer-managed software. We will also continue our efforts to harden our own products with further tools and monitoring capabilities Information Sharing - We are supporting greater levels of information sharing across the global community. This means a greater exchange of cyber threat information between customers and SWIFT, and we’ll be keeping you informed of any preventive and detective measures that will help safeguard the community CSP will be limited to customer infrastructure and operations related to SWIFT, both SWIFT products and services as well as third party software products. Scope includes cyber security incidents, either actual or planned, that could result in: Compromise of SWIFT infrastructure, products, services or SDC Fraudulent SWIFT messages being carried over the SWIFT network, or other networks Breach of confidential information, e.g. disclosure of SWIFT message payloads Scope also includes messages generated by back-office applications

9 CSP | You > Security Guidelines and Assurance
Q2 2016 Q3 2016 Q4 2016 H1 2017 H2 2017 2018 Milestones Collateral V0 for Validation V1 Mandatory Alliance R7.2 Community Engagement Bilateral Consultation Validation Self Assessment Self Attestation Pilot Inspections Inspections Pilot CSP will reinforce and evolve the security of global banking, in the face of ever-increasing cyber threat, consolidating and building upon existing SWIFT and industry efforts. Within the scope of CSP: Define new security guidelines and audit frameworks - We will introduce new audit frameworks and certification processes to help you ensure that your internal procedures meet key security and operational baselines Enhance SWIFT-related tools - We are strengthening the security requirements for customer-managed software. We will also continue our efforts to harden our own products with further tools and monitoring capabilities Information Sharing - We are supporting greater levels of information sharing across the global community. This means a greater exchange of cyber threat information between customers and SWIFT, and we’ll be keeping you informed of any preventive and detective measures that will help safeguard the community CSP will be limited to customer infrastructure and operations related to SWIFT, both SWIFT products and services as well as third party software products. Scope includes cyber security incidents, either actual or planned, that could result in: Compromise of SWIFT infrastructure, products, services or SDC Fraudulent SWIFT messages being carried over the SWIFT network, or other networks Breach of confidential information, e.g. disclosure of SWIFT message payloads Scope also includes messages generated by back-office applications Enforcement of Mandatory Software Updates Reinforcement of Cyber-Incident Reporting to SWIFT Enforcement of Controls Enforcement

10 CSP | You > SWIFT Tools
Further strengthen security requirements for interfaces, tools and software (including those from third-parties) to better protect local environments and continue efforts to harden SWIFT-provided products Actions to Date Release Release and with stronger default password management, enhanced integrity checking and in-built 2FA for Alliance Access clients who do not have existing 2FA implementations Bilateral engagement with vendors on third-party certification for interface providers Release for Alliance Gateway and SWIFTNet Link introducing enhanced integrity monitoring capabilities Next Steps Planning of security enhancements for AMH 3.6 Q2 2017 Access 7.2 Q2 2017 Focus on enforcement of mandatory updates CSP will reinforce and evolve the security of global banking, in the face of ever-increasing cyber threat, consolidating and building upon existing SWIFT and industry efforts. Within the scope of CSP: Define new security guidelines and audit frameworks - We will introduce new audit frameworks and certification processes to help you ensure that your internal procedures meet key security and operational baselines Enhance SWIFT-related tools - We are strengthening the security requirements for customer-managed software. We will also continue our efforts to harden our own products with further tools and monitoring capabilities Information Sharing - We are supporting greater levels of information sharing across the global community. This means a greater exchange of cyber threat information between customers and SWIFT, and we’ll be keeping you informed of any preventive and detective measures that will help safeguard the community CSP will be limited to customer infrastructure and operations related to SWIFT, both SWIFT products and services as well as third party software products. Scope includes cyber security incidents, either actual or planned, that could result in: Compromise of SWIFT infrastructure, products, services or SDC Fraudulent SWIFT messages being carried over the SWIFT network, or other networks Breach of confidential information, e.g. disclosure of SWIFT message payloads Scope also includes messages generated by back-office applications

11 CSP | Your Counterparts > Transaction Pattern Detection
Extend the use of existing tools for fraud detection and prevention, to explore the extension of future 'opt-in' fraud prevention services and to share and develop market practice for fraud detection through the SWIFT community Actions to Date Launch of global RMA campaign to promote use of existing tools as a first line of defence against unwanted or unexpected message flows ‘Daily Validation Reports’ designed to help customers identify possible security concerns in their daily transaction flows Next Steps Development of market practice for correspondent banking fraud and stopping/cancelling payments, with the SWIFT community CSP will reinforce and evolve the security of global banking, in the face of ever-increasing cyber threat, consolidating and building upon existing SWIFT and industry efforts. Within the scope of CSP: Define new security guidelines and audit frameworks - We will introduce new audit frameworks and certification processes to help you ensure that your internal procedures meet key security and operational baselines Enhance SWIFT-related tools - We are strengthening the security requirements for customer-managed software. We will also continue our efforts to harden our own products with further tools and monitoring capabilities Information Sharing - We are supporting greater levels of information sharing across the global community. This means a greater exchange of cyber threat information between customers and SWIFT, and we’ll be keeping you informed of any preventive and detective measures that will help safeguard the community CSP will be limited to customer infrastructure and operations related to SWIFT, both SWIFT products and services as well as third party software products. Scope includes cyber security incidents, either actual or planned, that could result in: Compromise of SWIFT infrastructure, products, services or SDC Fraudulent SWIFT messages being carried over the SWIFT network, or other networks Breach of confidential information, e.g. disclosure of SWIFT message payloads Scope also includes messages generated by back-office applications

12 CSP | Your Community > Intelligence Sharing
Deepen our cyber security forensics capabilities so that we can create unique intelligence on SWIFT- related events and disseminate anonymised information to the community Actions to Date Established a Customer Security Intelligence (CSI) forensics team that has built a detailed inventory of malware… Contribution of intelligence to existing organisations and published anonymised threat intelligence to the community Launched Security Notification Service Engagement in industry forums and on a bilateral basis with customers, at CISO and COO level Building a comprehensive CISO network Next Steps Establish ‘SWIFT Intelligence Sharing and Analysis Centre (ISAC)’ to share information and best practice with the SWIFT community as well as the cyber intelligence community CSP will reinforce and evolve the security of global banking, in the face of ever-increasing cyber threat, consolidating and building upon existing SWIFT and industry efforts. Within the scope of CSP: Define new security guidelines and audit frameworks - We will introduce new audit frameworks and certification processes to help you ensure that your internal procedures meet key security and operational baselines Enhance SWIFT-related tools - We are strengthening the security requirements for customer-managed software. We will also continue our efforts to harden our own products with further tools and monitoring capabilities Information Sharing - We are supporting greater levels of information sharing across the global community. This means a greater exchange of cyber threat information between customers and SWIFT, and we’ll be keeping you informed of any preventive and detective measures that will help safeguard the community CSP will be limited to customer infrastructure and operations related to SWIFT, both SWIFT products and services as well as third party software products. Scope includes cyber security incidents, either actual or planned, that could result in: Compromise of SWIFT infrastructure, products, services or SDC Fraudulent SWIFT messages being carried over the SWIFT network, or other networks Breach of confidential information, e.g. disclosure of SWIFT message payloads Scope also includes messages generated by back-office applications

13 CSP | Your Community > Third-Party Providers
Structural enhancement of customer security requires the extensive support of third-party providers, e.g. security software and hardware, consulting and training, implementation services, providers of fraud detection solutions, service bureaus and auditors Foster a secure ecosystem through partner programmes, organisation of industry events where such providers can engage with our customers, and certification programmes Next Steps Engage through industry events, African Regional Conference, Business and Technical Forums, Innotribe, the SWIFT Institute and Sibos CSP will reinforce and evolve the security of global banking, in the face of ever-increasing cyber threat, consolidating and building upon existing SWIFT and industry efforts. Within the scope of CSP: Define new security guidelines and audit frameworks - We will introduce new audit frameworks and certification processes to help you ensure that your internal procedures meet key security and operational baselines Enhance SWIFT-related tools - We are strengthening the security requirements for customer-managed software. We will also continue our efforts to harden our own products with further tools and monitoring capabilities Information Sharing - We are supporting greater levels of information sharing across the global community. This means a greater exchange of cyber threat information between customers and SWIFT, and we’ll be keeping you informed of any preventive and detective measures that will help safeguard the community CSP will be limited to customer infrastructure and operations related to SWIFT, both SWIFT products and services as well as third party software products. Scope includes cyber security incidents, either actual or planned, that could result in: Compromise of SWIFT infrastructure, products, services or SDC Fraudulent SWIFT messages being carried over the SWIFT network, or other networks Breach of confidential information, e.g. disclosure of SWIFT message payloads Scope also includes messages generated by back-office applications

14 CSP | Your Community > Customer Engagement and Communications
General awareness sessions Security Controls / Assurance sessions Deep-dive workshops Premium Plus events Industry Forums and SWIFT events CISO registration Communications Press releases Customer and vendor letters CSP Home Page – FAQs, presentations, webinars, training materials CSP will reinforce and evolve the security of global banking, in the face of ever-increasing cyber threat, consolidating and building upon existing SWIFT and industry efforts. Within the scope of CSP: Define new security guidelines and audit frameworks - We will introduce new audit frameworks and certification processes to help you ensure that your internal procedures meet key security and operational baselines Enhance SWIFT-related tools - We are strengthening the security requirements for customer-managed software. We will also continue our efforts to harden our own products with further tools and monitoring capabilities Information Sharing - We are supporting greater levels of information sharing across the global community. This means a greater exchange of cyber threat information between customers and SWIFT, and we’ll be keeping you informed of any preventive and detective measures that will help safeguard the community CSP will be limited to customer infrastructure and operations related to SWIFT, both SWIFT products and services as well as third party software products. Scope includes cyber security incidents, either actual or planned, that could result in: Compromise of SWIFT infrastructure, products, services or SDC Fraudulent SWIFT messages being carried over the SWIFT network, or other networks Breach of confidential information, e.g. disclosure of SWIFT message payloads Scope also includes messages generated by back-office applications

15 CSP | Your Community > Customer Engagement and Communications
Training Course Category # Courses Available Tue 4 Oct # Additional Courses Available by end 2016 x30 SWIFTSmart eLearning Courses Introduction Courses 4 courses - Security Best Practices Courses 5 courses Security on Alliance Access Courses Operating RMA Courses 7 courses x30 How to Videos Managing PKI: "on Premises" Infrastructure 17 courses Managing PKI: Cloud Infrastructure 9 courses Managing RMA Customer Training Courses CSP will reinforce and evolve the security of global banking, in the face of ever-increasing cyber threat, consolidating and building upon existing SWIFT and industry efforts. Within the scope of CSP: Define new security guidelines and audit frameworks - We will introduce new audit frameworks and certification processes to help you ensure that your internal procedures meet key security and operational baselines Enhance SWIFT-related tools - We are strengthening the security requirements for customer-managed software. We will also continue our efforts to harden our own products with further tools and monitoring capabilities Information Sharing - We are supporting greater levels of information sharing across the global community. This means a greater exchange of cyber threat information between customers and SWIFT, and we’ll be keeping you informed of any preventive and detective measures that will help safeguard the community CSP will be limited to customer infrastructure and operations related to SWIFT, both SWIFT products and services as well as third party software products. Scope includes cyber security incidents, either actual or planned, that could result in: Compromise of SWIFT infrastructure, products, services or SDC Fraudulent SWIFT messages being carried over the SWIFT network, or other networks Breach of confidential information, e.g. disclosure of SWIFT message payloads Scope also includes messages generated by back-office applications

16 You Your Community Your Counterparts
CSP | Your Community > Customer Engagement and Communications You Secure your local environment Sign up to our Security Notification Service Stay up to date with SWIFT’s latest security updates Get ready to adopt our new security requirements Actions for Customers Your Community Your Counterparts Inform SWIFT if you suspect that you have been compromised Provide contact details of your company’s CISO for incident escalation At the same time we noticed this did not only happen within our own training place but in the industry at large. A changing world and workforce Different behaviour and expectations ‘Clean-up’ your RMA relationships Put in place fraud detection measures

17 ? … Questions and open discussion CSP | Open Discussion
CSP will reinforce and evolve the security of global banking, in the face of ever-increasing cyber threat, consolidating and building upon existing SWIFT and industry efforts. Within the scope of CSP: Define new security guidelines and audit frameworks - We will introduce new audit frameworks and certification processes to help you ensure that your internal procedures meet key security and operational baselines Enhance SWIFT-related tools - We are strengthening the security requirements for customer-managed software. We will also continue our efforts to harden our own products with further tools and monitoring capabilities Information Sharing - We are supporting greater levels of information sharing across the global community. This means a greater exchange of cyber threat information between customers and SWIFT, and we’ll be keeping you informed of any preventive and detective measures that will help safeguard the community CSP will be limited to customer infrastructure and operations related to SWIFT, both SWIFT products and services as well as third party software products. Scope includes cyber security incidents, either actual or planned, that could result in: Compromise of SWIFT infrastructure, products, services or SDC Fraudulent SWIFT messages being carried over the SWIFT network, or other networks Breach of confidential information, e.g. disclosure of SWIFT message payloads Scope also includes messages generated by back-office applications GTB-BPC meeting at Sibos – 26 September 2016

18

Download ppt "Customer Security Programme (CSP) Denis Kruger SWIFT Head Sub-Sahara Africa April 2017 v17."

Similar presentations

Child Safeguarding Standards

Child Safeguarding Standards
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
Security Controls – What Works

Security Controls – What Works
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Office of Inspector General (OIG) Internal Audit

Office of Inspector General (OIG) Internal Audit
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,

Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
April 14, 2003- A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October 27-28 th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.

Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc. 2015.

Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc

Similar presentations

Ads by Google