SlideShare una empresa de Scribd logo

Using international standards to improve US cybersecurity

IT Governance Ltd
IT Governance Ltd

Understand the current cyber threat facing US businesses, President Obama's proposed data protection act and how you can implement international standards to get your business cybersecure in this informative webinar with expert Alan Calder.

Empresariales
1 de 34
Descargar para leer sin conexión
Using international standards to improve US cybersecurity Wednesday, March 18, 2015 Alan Calder IT Governance Ltd www.itgovernanceusa.com PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING AND WILL AUTOMATICALLY BE UNMUTED FOR THE START OF THE Q&A SESSION
Introduction About Alan Calder… • Acknowledged international cybersecurity expert • Leading author on information security and IT governance issues • Led the world’s first successful implementation of ISO 27001 (then BS 7799) • Consultant on cybersecurity and IT governance strategies globally, including across the USA 2 © IT Governance Ltd 2015
Agenda • The current cyber threat – Breaking down recent high- profile data breaches • Current legislation – Reviewing the patchwork of state data breach notification laws • Proposed US legislation – Learn about President Obama's proposed data breach notification law • International standard – Discover how the cybersecurity standard, ISO 27001, will help get your business cyber secure 3 © IT Governance Ltd 2015
4 © IT Governance Ltd 2015 Current cyber threat
The current cyber threat Health care and business industries suffered most breaches in 2014 5 © IT Governance Ltd 2015 783US data breach incidents in 2014 348.16 million US records compromised 88% believe cyber attacks are among the three biggest threats facing organizations
The current cyber threat 6
The changing threat landscape • 87% of iPhone and 97% of Android top 100 Apps have been hacked • 100% of companies experience virus attacks, and 97% have suffered malware attacks • Every day, 156 million phishing emails are sent • 15 million make it through spam filters • The average global cost for each stolen record is $145 – in the USA it is $201 7 © IT Governance Ltd 2015
Why did they fail to avoid a breach? 8 © IT Governance Ltd 2015 Root cause of data breaches The changing threat landscape
Case study – Target Data breach • November/December 2013 • Hackers logged into the retailer’s network using credentials stolen from heating and ventilation firm Fazio Mechanical Services, which they stole through a sophisticated phishing attack • Hackers were able to upload malware programs onto Target’s POS systems and remain undetected • 110 million customers had their card data or personal information stolen 9 © IT Governance Ltd 2015
Case study – Target Repercussions • Target profits for the first six months of the fiscal year were down 41% • Costs associated are estimated to have reached $148 million • CEO Gregg Steinhafel and CIO Beth Jacob resign What could Target have done differently? • Properly secure third-party access to its network • Segment network so third parties could not access payment systems/sensitive information • Regular testing of their software to identify any vulnerabilities early on 10 © IT Governance Ltd 2015
Case study – Home Depot 11 © IT Governance Ltd 2015 Data breach • September 2014 • Hackers used third-party credentials to break into network and installed POS malware through unpatched vulnerability • Breach involved 56 million payment cards and 53 million customer email addresses • Home Depot now facing at least 44 lawsuits • Spending to deal with the breach has exceeded $43 million
Case study – Home Depot 12 © IT Governance Ltd 2015 What did Home Depot lack? • The right attitude towards cybersecurity – When employees asked for security training, management response was: “We sell hammers” • Up-to-date software – Allegedly used outdated Symantec antivirus software to protect its network • Rigorous vetting of employees – Hired a computer engineer in 2012 who had been in prison for disabling computers at previous company
Case study – Sony Pictures Data breach • November 2014 • Hackers infiltrate Sony’s corporate computer network • Torrents of unreleased Sony Pictures films appear online • Personal information about employees (families, emails, salaries, etc.) is leaked • Plaintext passwords are leaked online, along with other credential data • Huge number of marketing slide decks are leaked • Sony staff are kept from using computers for days • Sony postpones release of upcoming film The Interview 13 © IT Governance Ltd 2015
Case study – Sony Pictures Repercussions • North Korea blamed, causing tension between the two nations • Ex-employees seek to combine class action lawsuits against Sony • Costs reach $100 million How did the breach get so bad? • Executives ignored ransom emails, treated as spam • Failed to acknowledge breach until one week later • General lax approach to online security – April 2011 - Sony’s PlayStation network hacked and 76 million gamers’ accounts compromised – Inappropriate spending? $250m budget still couldn’t keep them cyber secure 14 © IT Governance Ltd 2015
Small companies are at risk too • Cyber criminals target indiscriminately • 60% of breached small organizations close down within six months • Often lack effective internal security practices • No dedicated IT security and support • Passwords, system access easily compromised • Out-of-date server hardware and software • Websites are built on common, open-source frameworks – weaknesses easily exploited 15 © IT Governance Ltd 2015
What is the board told? • 32.5% of boards do not receive any information about their cybersecurity posture and activities • 38% of the remainder receive reports only annually • 29% of IT teams don’t report breaches for fear of retribution 16 © IT Governance Ltd 2014
Cybersecurity skills shortage Shortage • 209,000 unfilled cybersecurity positions in US • 74% up on last five years ISACA report • 90% believe there is a shortage • 41% expect difficulties finding skilled candidates • 58% plan to increase staff training Companies should be looking for • Industry-recognized qualifications (IBITGQ) 17 © IT Governance Ltd 2015
Current legislation 18
Data breach notification laws 19 © IT Governance Ltd 2015 Consumer data is currently protected by a patchwork of state legislation More information: www.itgovernanceusa.com/data-breach- notification-laws.aspx
Industry-specific laws • FISMA – requires federal agencies to implement appropriate information security programs • HIPAA – aims to protect health care information • SOX – improves accuracy and reliability of financial disclosures 20 © IT Governance Ltd 2015
Costs of a data breach in America 21 © IT Governance Ltd 2015 • Data breach notification cost = $509,237 • Post-data breach costs = $1,599,996 • Lost business cost = $3,324,959 - Ponemon Institute Cost of Data Breaches Report 2014
Proposed US data breach notification legislation 22
Personal Data Notification and Protection Act 23 © IT Governance Ltd 2014 • Single, strong, national standard • Notify individuals within 30 days of data breach • Punishment could be up to 10 years in prison
Reducing the cost of a breach • A strong security posture • An effective incident response plan • A CISO appointment • Implementing industry standards 24 © IT Governance Ltd 2015
International Standards 25 © IT Governance Ltd 2014
ISO 27001 – the cybersecurity standard • ISO 27001 – a globally recognized standard that provides a best-practice framework for addressing the entire range of cyber risks – Encompasses people, processes, and technology – Systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organization's information security to achieve business objectives 26 © IT Governance Ltd 2015
Key elements of implementing ISO 27001 • Determine the scope of the ISMS • Consider the context of the organization and interested parties • Appoint a senior individual responsible for information security • Conduct a risk assessment – identify risks, threats, and vulnerabilities • Appoint risk owners for each of the identified risks • Implement appropriate policies and procedures • Conduct staff training • Conduct an internal audit • Implement continual improvement of the ISMS 27 © IT Governance Ltd 2015
How will ISO 27001 benefit your business? • Increased/appropriate level of information security – Systematic approach to risks – Informed decisions on security investments: cost-effective security • Better work practices that support business goals • Good marketing opportunities • Credibility with staff, customers, and partner organizations • Due diligence • Compliance with corporate governance requirements – Appropriate action to comply with law – Manage business risks – Industry best-practice security – Internationally recognized good security practice 28 © IT Governance Ltd 2015
Benefits of ISO 27001 registration • Assurance to customers, employees, investors – their data is safe • Credibility and confidence • Internationally recognized • Shows that you have considered all of the information security-associated risks • Notably fulfilling fiduciary responsibilities • Supports your adherence to multiple compliance requirements 29 © IT Governance Ltd 2015
ISO 27001 in the US 30 © IT Governance Ltd 2015 Number of ISO 27001-registered organizations in America* 36% Between 2012 and 2013 the number of ISO 27001-registered organizations jumped
Why some of the world’s most valuable brands pursue ISO 27001 registration 31 © IT Governance Ltd 2015 Google: “This certification validates what I already knew…that the technology, process and infrastructure offers good security and protection for the data that I store in Google Apps” Amazon: “The certification confirms our longstanding commitment to the security of our services to our customers.” Microsoft: “…provides external validation that our approach to managing security risk in a global organization is comprehensive and effective, which is important for our business and consumer customers.”
Fixed-priced, packaged solutions You deliver the project independently You resource the project, calling on specialist tools and courses to aid efficiency and accelerate implementation Standards and books Software and documentation templates Training Mentor and coach IT Governance removes all the pain, delivering a registration- ready ISMS, aligned with ISO 27001 You resource the project, use tools and courses and benefit from the expert’s know-how You own and are in control of the project, receiving hands- on guidance from us You provide input $659 $3,160 $6,800 $16,700 $14,995 From $8,500 $7,650 Find out more: www.itgovernanceusa.com/iso27001-solutions.aspx
33 © IT Governance Ltd 2015
IT Governance • Helped over 150 organizations achieve ISO 27001 registration worldwide • 15+ years’ experience • Highly regarded within the industry • Unique offering of tools, training, and consultancy unavailable elsewhere 34 © IT Governance Ltd 2015

Recomendados

Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber securityIT Governance Ltd
 
The integration of legal aspects in Information Security: Is your organisatio...
The integration of legal aspects in Information Security: Is your organisatio...The integration of legal aspects in Information Security: Is your organisatio...
The integration of legal aspects in Information Security: Is your organisatio...Rabelani Dagada
 
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsPrivacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsNicholas Van Exan
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesNapier University
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat ExperiencesNapier University
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-IT Strategy Group
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security cultureIT Governance Ltd
 

Recomendados

Using international standards to improve EU cyber security
Using international standards to improve EU cyber securityUsing international standards to improve EU cyber security
Using international standards to improve EU cyber securityIT Governance Ltd
 
The integration of legal aspects in Information Security: Is your organisatio...
The integration of legal aspects in Information Security: Is your organisatio...The integration of legal aspects in Information Security: Is your organisatio...
The integration of legal aspects in Information Security: Is your organisatio...Rabelani Dagada
 
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsPrivacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsNicholas Van Exan
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesNapier University
 
Insider Threat Experiences
Insider Threat ExperiencesInsider Threat Experiences
Insider Threat ExperiencesNapier University
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksIT Governance Ltd
 
Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-Defensible cybersecurity-jan-25th-
Defensible cybersecurity-jan-25th-IT Strategy Group
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security cultureIT Governance Ltd
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor PrivacyRaymond Cunningham
 
Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysGoutama Bachtiar
 
3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk►David Clarke FBCS CITP
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRIT Governance Ltd
 
Chapter 5 MIS
Chapter 5 MISChapter 5 MIS
Chapter 5 MISAmirul Shafiq Ahmad Zuperi
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...IT Governance Ltd
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsRd. R. Agung Trimanda
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationEthos Media S.A.
 
IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyGoutama Bachtiar
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Presentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 ConferencePresentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 ConferenceBill Despo
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
Isaca csx2018-continuous assurance
Isaca csx2018-continuous assuranceIsaca csx2018-continuous assurance
Isaca csx2018-continuous assuranceFrançois Samarcq
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security ProgramRaymond Cunningham
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessPrecisely
 
GDPR Webinar - feb
GDPR Webinar - febGDPR Webinar - feb
GDPR Webinar - febSophos Benelux
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is hereRichard Hogg,Global GDPR Offerings Evangelist
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringResolver Inc.
 

Más contenido relacionado

La actualidad más candente

Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysGoutama Bachtiar
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRIT Governance Ltd
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...IT Governance Ltd
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsRd. R. Agung Trimanda
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationEthos Media S.A.
 
IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyGoutama Bachtiar
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Presentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 ConferencePresentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 ConferenceBill Despo
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
Isaca csx2018-continuous assurance
Isaca csx2018-continuous assuranceIsaca csx2018-continuous assurance
Isaca csx2018-continuous assuranceFrançois Samarcq
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security ProgramRaymond Cunningham
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessPrecisely
 

La actualidad más candente (20)

Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 
Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security Nowadays
 
3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 
Chapter 5 MIS
Chapter 5 MISChapter 5 MIS
Chapter 5 MIS
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
 
Infocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar PresentationInfocom security 2016 - Cromar Presentation
Infocom security 2016 - Cromar Presentation
 
IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New Economy
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
Presentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 ConferencePresentation for FPANJ Spring 2015 Conference
Presentation for FPANJ Spring 2015 Conference
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
Isaca csx2018-continuous assurance
Isaca csx2018-continuous assuranceIsaca csx2018-continuous assurance
Isaca csx2018-continuous assurance
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
 
GDPR Webinar - feb
GDPR Webinar - febGDPR Webinar - feb
GDPR Webinar - feb
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here
 

Similar a Using international standards to improve US cybersecurity

Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityIT Governance Ltd
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringResolver Inc.
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...Financial Poise
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...AIIM International
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingJoe Nathans
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119David Doughty
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issuesJagdeepSingh394
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16Glenn E. Davis
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach riskLivingstone Advisory
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
 
5 things digital media companies need to do now
5 things digital media companies need to do now5 things digital media companies need to do now
5 things digital media companies need to do nowGrant Thornton LLP
 
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. HawkinsSteel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkinslthawkins
 

Similar a Using international standards to improve US cybersecurity (20)

Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
 
Scammed: Defend Against Social Engineering
Scammed: Defend Against Social EngineeringScammed: Defend Against Social Engineering
Scammed: Defend Against Social Engineering
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve Howse
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
5 things digital media companies need to do now
5 things digital media companies need to do now5 things digital media companies need to do now
5 things digital media companies need to do now
 
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. HawkinsSteel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
 

Más de IT Governance Ltd

Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get startedIT Governance Ltd
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardIT Governance Ltd
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceIT Governance Ltd
 
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...IT Governance Ltd
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeIT Governance Ltd
 
Risk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR complianceRisk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR complianceIT Governance Ltd
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...IT Governance Ltd
 
The first steps towards GDPR compliance 
The first steps towards GDPR compliance The first steps towards GDPR compliance 
The first steps towards GDPR compliance IT Governance Ltd
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
 
The GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceThe GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceIT Governance Ltd
 
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...IT Governance Ltd
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...IT Governance Ltd
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRIT Governance Ltd
 
Privacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingPrivacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingIT Governance Ltd
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRIT Governance Ltd
 
Appointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRAppointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRIT Governance Ltd
 
GDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersGDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersIT Governance Ltd
 
Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?IT Governance Ltd
 

Más de IT Governance Ltd (20)

Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get started
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
 
Risk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR complianceRisk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR compliance
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...
 
The first steps towards GDPR compliance 
The first steps towards GDPR compliance The first steps towards GDPR compliance 
The first steps towards GDPR compliance 
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
 
The GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceThe GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for compliance
 
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR
 
Privacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingPrivacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failing
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 
Appointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRAppointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPR
 
GDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersGDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud Providers
 
Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPR
 

Último

Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...rajveerescorts2022
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 

Último (20)

Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 

Using international standards to improve US cybersecurity

  • 1. Using international standards to improve US cybersecurity Wednesday, March 18, 2015 Alan Calder IT Governance Ltd www.itgovernanceusa.com PLEASE NOTE THAT ALL DELEGATES IN THE TELECONFERENCE ARE MUTED ON JOINING AND WILL AUTOMATICALLY BE UNMUTED FOR THE START OF THE Q&A SESSION
  • 2. Introduction About Alan Calder… • Acknowledged international cybersecurity expert • Leading author on information security and IT governance issues • Led the world’s first successful implementation of ISO 27001 (then BS 7799) • Consultant on cybersecurity and IT governance strategies globally, including across the USA 2 © IT Governance Ltd 2015
  • 3. Agenda • The current cyber threat – Breaking down recent high- profile data breaches • Current legislation – Reviewing the patchwork of state data breach notification laws • Proposed US legislation – Learn about President Obama's proposed data breach notification law • International standard – Discover how the cybersecurity standard, ISO 27001, will help get your business cyber secure 3 © IT Governance Ltd 2015
  • 4. 4 © IT Governance Ltd 2015 Current cyber threat
  • 5. The current cyber threat Health care and business industries suffered most breaches in 2014 5 © IT Governance Ltd 2015 783US data breach incidents in 2014 348.16 million US records compromised 88% believe cyber attacks are among the three biggest threats facing organizations
  • 6. The current cyber threat 6
  • 7. The changing threat landscape • 87% of iPhone and 97% of Android top 100 Apps have been hacked • 100% of companies experience virus attacks, and 97% have suffered malware attacks • Every day, 156 million phishing emails are sent • 15 million make it through spam filters • The average global cost for each stolen record is $145 – in the USA it is $201 7 © IT Governance Ltd 2015
  • 8. Why did they fail to avoid a breach? 8 © IT Governance Ltd 2015 Root cause of data breaches The changing threat landscape
  • 9. Case study – Target Data breach • November/December 2013 • Hackers logged into the retailer’s network using credentials stolen from heating and ventilation firm Fazio Mechanical Services, which they stole through a sophisticated phishing attack • Hackers were able to upload malware programs onto Target’s POS systems and remain undetected • 110 million customers had their card data or personal information stolen 9 © IT Governance Ltd 2015
  • 10. Case study – Target Repercussions • Target profits for the first six months of the fiscal year were down 41% • Costs associated are estimated to have reached $148 million • CEO Gregg Steinhafel and CIO Beth Jacob resign What could Target have done differently? • Properly secure third-party access to its network • Segment network so third parties could not access payment systems/sensitive information • Regular testing of their software to identify any vulnerabilities early on 10 © IT Governance Ltd 2015
  • 11. Case study – Home Depot 11 © IT Governance Ltd 2015 Data breach • September 2014 • Hackers used third-party credentials to break into network and installed POS malware through unpatched vulnerability • Breach involved 56 million payment cards and 53 million customer email addresses • Home Depot now facing at least 44 lawsuits • Spending to deal with the breach has exceeded $43 million
  • 12. Case study – Home Depot 12 © IT Governance Ltd 2015 What did Home Depot lack? • The right attitude towards cybersecurity – When employees asked for security training, management response was: “We sell hammers” • Up-to-date software – Allegedly used outdated Symantec antivirus software to protect its network • Rigorous vetting of employees – Hired a computer engineer in 2012 who had been in prison for disabling computers at previous company
  • 13. Case study – Sony Pictures Data breach • November 2014 • Hackers infiltrate Sony’s corporate computer network • Torrents of unreleased Sony Pictures films appear online • Personal information about employees (families, emails, salaries, etc.) is leaked • Plaintext passwords are leaked online, along with other credential data • Huge number of marketing slide decks are leaked • Sony staff are kept from using computers for days • Sony postpones release of upcoming film The Interview 13 © IT Governance Ltd 2015
  • 14. Case study – Sony Pictures Repercussions • North Korea blamed, causing tension between the two nations • Ex-employees seek to combine class action lawsuits against Sony • Costs reach $100 million How did the breach get so bad? • Executives ignored ransom emails, treated as spam • Failed to acknowledge breach until one week later • General lax approach to online security – April 2011 - Sony’s PlayStation network hacked and 76 million gamers’ accounts compromised – Inappropriate spending? $250m budget still couldn’t keep them cyber secure 14 © IT Governance Ltd 2015
  • 15. Small companies are at risk too • Cyber criminals target indiscriminately • 60% of breached small organizations close down within six months • Often lack effective internal security practices • No dedicated IT security and support • Passwords, system access easily compromised • Out-of-date server hardware and software • Websites are built on common, open-source frameworks – weaknesses easily exploited 15 © IT Governance Ltd 2015
  • 16. What is the board told? • 32.5% of boards do not receive any information about their cybersecurity posture and activities • 38% of the remainder receive reports only annually • 29% of IT teams don’t report breaches for fear of retribution 16 © IT Governance Ltd 2014
  • 17. Cybersecurity skills shortage Shortage • 209,000 unfilled cybersecurity positions in US • 74% up on last five years ISACA report • 90% believe there is a shortage • 41% expect difficulties finding skilled candidates • 58% plan to increase staff training Companies should be looking for • Industry-recognized qualifications (IBITGQ) 17 © IT Governance Ltd 2015
  • 19. Data breach notification laws 19 © IT Governance Ltd 2015 Consumer data is currently protected by a patchwork of state legislation More information: www.itgovernanceusa.com/data-breach- notification-laws.aspx
  • 20. Industry-specific laws • FISMA – requires federal agencies to implement appropriate information security programs • HIPAA – aims to protect health care information • SOX – improves accuracy and reliability of financial disclosures 20 © IT Governance Ltd 2015
  • 21. Costs of a data breach in America 21 © IT Governance Ltd 2015 • Data breach notification cost = $509,237 • Post-data breach costs = $1,599,996 • Lost business cost = $3,324,959 - Ponemon Institute Cost of Data Breaches Report 2014
  • 22. Proposed US data breach notification legislation 22
  • 23. Personal Data Notification and Protection Act 23 © IT Governance Ltd 2014 • Single, strong, national standard • Notify individuals within 30 days of data breach • Punishment could be up to 10 years in prison
  • 24. Reducing the cost of a breach • A strong security posture • An effective incident response plan • A CISO appointment • Implementing industry standards 24 © IT Governance Ltd 2015
  • 25. International Standards 25 © IT Governance Ltd 2014
  • 26. ISO 27001 – the cybersecurity standard • ISO 27001 – a globally recognized standard that provides a best-practice framework for addressing the entire range of cyber risks – Encompasses people, processes, and technology – Systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organization's information security to achieve business objectives 26 © IT Governance Ltd 2015
  • 27. Key elements of implementing ISO 27001 • Determine the scope of the ISMS • Consider the context of the organization and interested parties • Appoint a senior individual responsible for information security • Conduct a risk assessment – identify risks, threats, and vulnerabilities • Appoint risk owners for each of the identified risks • Implement appropriate policies and procedures • Conduct staff training • Conduct an internal audit • Implement continual improvement of the ISMS 27 © IT Governance Ltd 2015
  • 28. How will ISO 27001 benefit your business? • Increased/appropriate level of information security – Systematic approach to risks – Informed decisions on security investments: cost-effective security • Better work practices that support business goals • Good marketing opportunities • Credibility with staff, customers, and partner organizations • Due diligence • Compliance with corporate governance requirements – Appropriate action to comply with law – Manage business risks – Industry best-practice security – Internationally recognized good security practice 28 © IT Governance Ltd 2015
  • 29. Benefits of ISO 27001 registration • Assurance to customers, employees, investors – their data is safe • Credibility and confidence • Internationally recognized • Shows that you have considered all of the information security-associated risks • Notably fulfilling fiduciary responsibilities • Supports your adherence to multiple compliance requirements 29 © IT Governance Ltd 2015
  • 30. ISO 27001 in the US 30 © IT Governance Ltd 2015 Number of ISO 27001-registered organizations in America* 36% Between 2012 and 2013 the number of ISO 27001-registered organizations jumped
  • 31. Why some of the world’s most valuable brands pursue ISO 27001 registration 31 © IT Governance Ltd 2015 Google: “This certification validates what I already knew…that the technology, process and infrastructure offers good security and protection for the data that I store in Google Apps” Amazon: “The certification confirms our longstanding commitment to the security of our services to our customers.” Microsoft: “…provides external validation that our approach to managing security risk in a global organization is comprehensive and effective, which is important for our business and consumer customers.”
  • 32. Fixed-priced, packaged solutions You deliver the project independently You resource the project, calling on specialist tools and courses to aid efficiency and accelerate implementation Standards and books Software and documentation templates Training Mentor and coach IT Governance removes all the pain, delivering a registration- ready ISMS, aligned with ISO 27001 You resource the project, use tools and courses and benefit from the expert’s know-how You own and are in control of the project, receiving hands- on guidance from us You provide input $659 $3,160 $6,800 $16,700 $14,995 From $8,500 $7,650 Find out more: www.itgovernanceusa.com/iso27001-solutions.aspx
  • 34. IT Governance • Helped over 150 organizations achieve ISO 27001 registration worldwide • 15+ years’ experience • Highly regarded within the industry • Unique offering of tools, training, and consultancy unavailable elsewhere 34 © IT Governance Ltd 2015