SlideShare una empresa de Scribd logo

Insights into cyber security and risk

EY
EY
Empresariales
1 de 16
Descargar para leer sin conexión
1 Cyber insurance, security and data integrity insights
2 Executive summary: insights into cybersecurity and risk Businesses must take a As cyber threats have become more pervasive, persistent and sophisticated, information security has become a business imperative for all industries. Unlike companies in other sectors, however, insurers must gain a deeper understanding of cyber threats as they develop cyber liability policies. These products are evolving to include not just technology companies, but all organizations that collect, store and process data from their customers. When it comes to information security, insurers must stay ahead of the ever shifting cyber threats by maintaining the triad of confidentiality, integrity and availability of systems and data. No one escapes cyber risk. Every company is vulnerable to cyber threats. In the vibrant global cyber insurance market of the future, risk management of a data breach must be built into policy at the board level, and not just a concern of the IT departments. This will give the reinsurance industry and capital markets confidence, and confirm to regulators and rating agencies that enterprise risk management (ERM) has been included in cyber liability coverage. proactive approach to cybersecurity rather than waiting for a breach to occur and then acting on it.
3 Key actions for insurers to take To achieve Cybersecurity, insurers must: To mitigate cyber risks, insurers must: • Develop and implement a long-term, enterprise-wide security program that addresses processes, controls, organization and governance, as well as reporting, metrics, privacy and data protection • Invest in cybersecurity and do a better job of articulating and demonstrating the value proposition • Establish a framework of continuous improvement in analytics and reporting, people, processes and technology • Design and execute solutions to measure, monitor and report on the effectiveness of security programs • Refine strategies based on changing threats, risks and business imperatives • Integrate cyber risks into a broader enterprise risk management approach, including risk modeling and transfer • Gain specific understanding of risks related to data breaches, supply chains, emerging digital technologies and rapid-growth markets • Track and monitor cyber liability regulation and rating issues and developments • Accept that all insured infrastructure is a target, with the highest value assets the most frequent targets • Remain alert to changing trends and emerging threats within the market and ensure that policy terms and conditions do not increase exposure • Embrace a cyber risk center of excellence approach that extends across customer, risk-centric and financial activities
Achieving cybersecurity 4 Emerging cyber threats Financial institutions have developed applications for mobile payment and other transactions. While these applications represent innovation, the institutions never planned on supporting mobile banking. Consequently, digital exchanges via the mobile transaction network are at a higher risk of compromise and/or manipulation by exploiters with increasingly sophisticated tools and skills. Moreover, infrastructure and storage outsourcing efforts supporting these applications put organizations further at risk as cloud service providers have different security mechanisms. Other challenges (and reasons for concern) for insurers: • There is a large gap between the nature of new threats and the capabilities available to detect attacks, monitor (and stop) unauthorized exfiltration and secure information. • Few insurers have direct insights into the cyber liabilities surrounding intangible digital assets. • Many do not have the tools to provide the direct real-time awareness necessary to calculate risks to insured digital assets stored by cloud service providers or enterprise networks. • There is increased awareness that companies should be accountable for private records and the security of data collected from their customers. • Insurers should expect that insured infrastructure will be compromised at some point. The more important and valuable the data assets are (IP, customer and supplier base, etc.), the more likely a compromise will occur. As exposure has evolved, so have policies. Since exposure exists for any organization that handles private information, insurance companies have been tasked with creating a new type of policy. The rapid adoption of mobile and digital devices in emerging markets is fostering new product development, along with new security and privacy measures. Research shows: • Nearly 95% of all enterprise networks have been compromised by external attackers . • Only 3% of organizations felt safe against insider threats . • Hundreds of millions of consumers have had their identity information compromised. • The financial and reputational losses to businesses and shareholders stretching into the tens of billions of dollars annually.
5 Achieving cybersecurity Maintains the accuracy and consistency of systems and data over the entire lifecycle – the most critical pillar but a gaping hole today Pillars of information security Security model Availability Confidentiality Integrity Prevents the disclosure of information to unauthorized individuals or systems Makes sure that computing systems, security controls and communication channels are functioning correctly
6 Achieving cybersecurity Data Integrity What it is: Data integrity is the ability to independently prove what happened in a digital infrastructure, determine the impact of a security incident and distribute the liability for a data breach. This proof is currently hard to obtain from internal systems, and it becomes increasingly complicated with organizational reliance on outsourced cloud infrastructure and “trusted” administrators. New methods are needed to definitely identify the cause of compromise, the assets affected, when the compromise occurred and if insured assets were exposed outside the organization. Why it matters: • It’s a prerequisite for ensuring confidentiality. • Without it, encryption is worse than useless, bringing a false sense of security that can lead to a breach. • It brings auditability and transparency of evidence to governance frameworks (for both public and private sectors). Data integrity enables an independent audit of digital assets prior to a data breach and clearer visibility into impacts when breaches occur.
Achieving cybersecurity 7 Getting to data integrity: keyless signature infrastructure Most breaches today go unnoticed until long after they occur and the damage has been done. Active integrity involves continuous verification of the integrity of data in storage using keyless signatures. A disruptive new technology standard, keyless signature infrastructures (KSI) can effectively address some cyber liability issues by enabling mutual auditability of information systems add clearer visibility into the cause of a breach incident. Further, KSI mitigates the risk of breach escalation in real time and provides indemnification against subrogation and other legal claims. How KSIs work: • Unlike digital certificates, keyless signatures never expire. • People are not required in the signing process. • Use of keyless signatures strengthens legal non-repudiation for data at rest. • There are no keys to be compromised and/or keys to revoke. • During a breach, active integrity can be provided with cyber alarms and correlated to other network events by auditors, network operations centers and security operations centers — delivering real-time, continuous monitoring and verification of data signed with keyless signatures. Keyless signatures change the security paradigm by ensuring visibility into the cause of breaches. A “managed security service” resulting from the implementation of KSI, marks a new era for insurers. 10101010101 01010101010 10101010101 01010101010 10101010101 01010101010 + = Keyless Vignature 10101010101101 01010101010010 10101010101 01010101010 10101010101 01010101010 Electronic Gata Signed Hlectronic Gata 10 2009-009--01-21 16::39:02 2009-0 01-21 16:3 39:0 02 10 6 suporte6 pam_unix(cron:session): session closed for user root 11 2009-009-9-01-21 17::09:03 2009-0 01-21 17:09 09:0 03 10 6 suporte6 pam_unix(cron:session): session opened for user root by (uid=0) 12 2009-009-9-01-21 17::09:15 2009-0 01-21 17:09 09:1 15 9 6 suporte6 (root) CMD ([-x /usr/lib/php5/maxlifetime ] [-d /var/lib/php5 ] find /var/lib/php5/ -type… 13 2009-009-9-01-21 17:09:17 2009-01-21 17:09 09:1 17 10 6 suporte6 pam_unix(cron:session):session closed for user root 14 2009-009--01-21 17:Each 12:03 record 2009-is 01-21 17:1 12:0 03 10 5 suporte6 mauricio: TTY=pts/1 ; PWD=/etc/rsyslog.d ; USER=root ; COMMAND=/usr/bin/killall kmysqladmin 15 20 2009-009-0 01- 21 17:signed 17:02 by 2009-01-keyless 21 17: 17:0 02 10 6 suporte6 pam_unix(cron:session): session opened for user root by (uid=0) 16 20 2009-009-01- 21 17:17:03 signature 2009-01-21 17:17:0 03 9 6 suporte6 (root) CMD ( cd/ run-parts –report /etc/cron.hourly) 17 20 2009-009-01- 21 17:17:03 2009-01- 21 17:17:0 03 10 6 suporte6 pam_unix(cron:session): session closed for user root 18 20 2009-009-01- 21 17:39:01 2009-01-21 17:39:0 01 10 6 suporte6 pam_unix(cron:session): session opened for user root by (uid=0) 19 2009-01-21 17:39:01 2009-01-21 17:39:01 9 6 suporte6 (root) CMD ([-x /usr/lib/php5/maxlifetime ] [-d /var/lib/php5 ] find /var/lib/php5/ -type… 20 2009-01-21 18:09:01 2009-01-21 18:09:01 9 6 suporte6 (root) CMD ([-x /usr/lib/php5/maxlifetime ] [-d /var/lib/php5 ] find /var/lib/php5/ -type… 21 2009-01-21 18:09:01 2009-01-21 18:09:01 10 6 suporte6 pam_unix(cron:session):session closed for user root 22 2009-01-21 18:09:01 2009-01-21 18:09:01 10 5 suporte6 mauricio: TTY=pts/1 ; PWD=/etc/rsyslog.d ; USER=root ; COMMAND=/usr/bin/killall kmysqladmin 23 2009-01-21 18:17:01 2009-01-21 18:17:01 10 6 suporte6 pam_unix(cron:session): session opened for user root by (uid=0) 24 2009-01-21 18:17:01 2009-01-21 18:17:01 9 6 suporte6 (root) CMD ( cd/ run-parts –report /etc/cron.hourly) 25 2009-01-21 18:17:01 2009-01-21 18:17:01 10 6 suporte6 pam_unix(cron:session): session closed for user root 26 2009-01-21 18:39:01 2009-01-21 18:39:01 10 6 suporte6 pam_unix(cron:session): session opened for user root by (uid=0) 27 2009-01-21 18:39:01 2009-01-21 18:39:01 9 6 suporte6 (root) CMD ([-x /usr/lib/php5/maxlifetime ] [-d /var/lib/php5 ] find /var/lib/php5/ -type
8 Achieving cybersecurity KSI in action Estonia: NATO headquarters for Cybersecurity Estonia solved the data integrity issue following a disabling cyber attack in 2007. By integrating KSI into networks, every component, configuration and digital asset can be tagged, tracked and located with real-time verification — no matter where that asset is transmitted or stored. With real-time awareness, incident response, data loss prevention, investigation and/or network resilience, it is now possible to detect and react to any misconfiguration, network, component or application failure in the country. It has irrefutable transparent evidence to independently verify and enable trust in transactions and interactions on their networks. No keys or encryption — just mathematical proof of everything that happened.
9 Achieving cybersecurity Big data security challenges In the past, large financial risk models and risk-scenario simulations have taken days to run, slowing the delivery of urgently needed information to the C-suite. Running models in the cloud across multiple processors, where the modeling software can process successfully across multiple cores, means large models can now be run in a matter of minutes. But once the model data enters the cloud, can it be trusted? Machine-to-machine and autonomous sensor data being managed by machines assumes the security protocols and handling of machine-generated data are rock solid and invulnerable to compromise. That’s a dangerous assumption. Real-time, continuous integrity monitoring and tamper detection capabilities — like those enabled by KSI — are necessary to protect the big data repositories that make up the cloud. Further, KSI allows companies to manage big data through four dimensions: KSI and emerging data integrity standards will change the perception that data in the cloud is less secure than in corporate data centers. • Velocity • Variety • Volume • Veracity
10 Achieving cybersecurity Innovation through analytics: the time is now Leading insurers are changing Insurance master databases are one of the biggest sets of data in any sector and are growing exponentially — thanks to telematics, social media, unstructured email data and the like. Big data will undoubtedly reshape the insurance industry. For years, the industry has had big data but did not know it or use it. The wake-up call is here, and it is time for re-evaluating and re-tooling analytical capabilities. More predictive modeling Better forecasting through deeper in-depth statistical analysis across the enterprise Moving beyond a simple one-on-one relationship of server to data storage Those are the capabilities innovation through analytics can enable and how data can become a single holistic global and enterprise resource. their vision to a “management-by- data-analytics” approach to customers, risk assessment and financial analysis.
Mitigating cyber risk 11 Cyber risk in the context of ERM Insurers manage many risks aligned to their risk profiles and appetites. Visionaries and early adopters do so dynamically by use of mathematics (stochastically or actuarially) and simulations for the future based on the historical loss data in order to correlate all the risks of the enterprise into one holistic view. Factors to consider include: Cyber risk. Operational risk affects every organization on an equal basis and is often quantified as a percentage of gross written premiums. Cyber risks are no different from any other risk in terms of risk management and transfer Risk mitigation. Insurance and reinsurance are not alternatives to ERM. Risk transfer programs should be used to address structural residual risk, and risk management best practices can ease the process of finding the right cover at the right price — with reinsurance optimization. Such an approach must be applied to cyber risk. Risk modeling. Dynamic risk modeling can enhance effective risk management best practices, modeling the likelihood of small claims from data breaches, as well as the impact of long-tail or “black swan” events. Early adopters are also experimenting with other risk transfer mechanisms include cyber captives, special-purpose vehicles (SPVs) and sidecars. We are early in a long-term and necessary evolution — where cyber risk can and must be managed within the broader context of ERM. Cyber risk must not be viewed as separate from other types of risks. Dynamic risk modeling tools are necessary to gain detailed visibility into value at risk.
12 Mitigating cyber risk Security issues affecting reinsurers As the stability mechanism for solvency in the insurance industry and the link to the capital markets and pension funds, the reinsurance industry must also be focused on cyber risks. Emerging technology threat: the industry must model cyber risks in correlation to other risks, including in the solvency, risk-based capital arena with long-tail exposure reduction. An incentive to invest: it is difficult for governments to determine if a cyber attack is an attack on a company or on a country. New mandatory data breach laws will force organizations to report data breaches within a specified period or face heavy fines (up to 10% of gross annual income). Ignorance that a data breach occurred is not an acceptable excuse. Cyber catastrophe models and databases: nearly 60 insurers write some form of cyber insurance coverage outside of errors and omissions insurance (EO). The reinsurance industry needs to look at the effect of large aggregated cyber attacks that can affect the capital and stability of the risk industry. Cyber attacks and data breaches are black-swan events — not unlike natural disasters — that will: • Help create cyber XL rates (excess of loss) for reinsurance to move away from quota share reinsurance • Cause the cyber reinsurance industry to mature in the same way it did for natural catastrophe lines • Include legal expenses, as these are particularly perilous to solvency and to the proper reserving of claims (the ability to pay) over a period Reinsurers need to understand cyber risk independently of the insurer to create the right protection mechanisms, cyber models and rating bands.
13 Mitigating cyber risk Supply chain risk Cyber liability regulation and rating Recent natural catastrophe events have shown what can happen to the global supply chain in terms of disruption. A severe cyber-attack would affect the global supply chain, especially around commercial and industrial internet usage. The insurance industry knows that the outsource service provider is the main cause of supply chain disruption, which often happens simultaneously when increasing weather disruption brings cyber and climate risks together in one event. When service providers outsource to each other, it sends a red alert to the industry. Data integrity needs to be embedded in the enterprise, as well as with IT vendors they outsource to and those outsourcers in turn engage. Rating agencies can have an economic effect on countries and corporations by making rating changes based on an event. The rating of insurers is also at risk if they do not provide mitigation advice to customers. They may struggle to get reinsurance capacity, expose themselves to more risk and lose access to “A”-rated capital. It is in everyone’s interest in the regulatory and rating space to understand the standards and value that they bring to the table. Currently, rating agencies view cyber risk as a primary threat to solvency because of the significant, rapid and unexpected impact of an event and, in some cases, the ability to react to that event. For natural catastrophes, rating agencies look at the use of catastrophe event models that are created by third-party vendors and rely on vendor research and data accuracy. However, in the case of cyber risk, the catastrophe is the data itself. That requires a broader rating approach — for example, with a Technology, in conjunction with cyber attacks data-scoring rating mechanism added to overall ERM ratings. and service providers, makes up the majority of all supply chain disruptions. The speed of regulatory change in data breach reporting will lead to increased cyber liability coverage and even mandatory insurance in some cases.
Mitigating cyber risk 14 Best practices and the center of excellence Cyber risk leaders in insurance will likely embrace a center of excellence across customer, risk-centric and financial activities, thereby linking security analytics and big data with fraud investigations. This will further the trend toward intelligence-driven security plans in order to protect digital information assets. The Center of Excellence for Insurance Big Data Security, Technology Governance and Compliance can help you create a holistic, technology-enabled, business-driven strategy. Customer Risk centric Financial Need: trust Need: knowledge Need: transparency • Distribution channel cross sell/up sell • Underwriting • Rating and regulation • Customer lead identifi cation • Product design and innovation • Asset liability matching • Marketing campaign analysis • Pricing and deductibles • Reinsurance optimization • Segmentation • Reinsurance strategy • Portfolio and asset optimization • Know thy customer (KYC) • Telematics M2M • Risk-based capital pricing • Lifetime value • Catastrophe models • Financial modelling • Retention and lapse • Reserving and claims • Mac economics • Fraud, SIU and forensics • Embedded value • subrogation/recovery
15 Mitigating cyber risk How EY assists with effective cyber risk management EY’s information security services help our clients to assess their security strategies, processes and infrastructure to manage risk and enable compliance with applicable laws and regulations. This includes testing for security exposures and business risks created by vulnerabilities or inadequate systems, applications and network devices. Leading practices should include: • A pragmatic, risk-based information security strategy that integrates solutions to address business needs, compliance requirements and ERM objectives • Listening to what is going in the market, understanding security information trends and threats, and adjusting the risk assessment accordingly • Continually reassessing new technologies and the threat landscape to confirm that focus is on the right priorities • Executive and board support that leverages the expertise of partners and vendors and defines which security functions sit in-house instead of outsourced and in the cloud • Assurance that information security is an integral part of the risk management function, not a stand-alone unit that fails to involve the business in the process
Learn more Key Contacts: Shaun Crawford Global Insurance Leader scrawford2@uk.ey.com David Piesse International Insurance Society (IIS) Ambassador for Asia Pacific and Insurance Lead at Guardtime david.piesse@guardtime.com Mitigating cyber risk for insurers Part 2: Insights into cyber security and risk — 2014 For insights into cybersecurity — download Part 1: Cyber insurance, security and data integrity For insights mitigating cyber risk — download Part 2: Mitigating cyber risk for insurers EY.com/insurance/cyber EY | Assurance | Tax | Transactions | Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst Young Global Limited, each of which is a separate legal entity. Ernst Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. © 2014 EYGM Limited. All Rights Reserved. EYG no: EG0204 1408-1304669 NY ED none This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.

Recomendados

Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 

Recomendados

Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 Erick Kish, U.S. Commercial Service
 
Cybersecurity Employee Training
Cybersecurity Employee TrainingCybersecurity Employee Training
Cybersecurity Employee TrainingPaige Rasid
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Dragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos S4x20: How to Build an OT Security Operations Center
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity AwarenessJoshuaWisniewski3
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilienceChristophe Foulon, CISSP
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsEnterprise Management Associates
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 
Physical security
Physical securityPhysical security
Physical securityTariq Mahmood
 
Security model-of-sip-d2-05 at kishore
Security model-of-sip-d2-05 at kishoreSecurity model-of-sip-d2-05 at kishore
Security model-of-sip-d2-05 at kishoreAT Kishore
 
KIWI.KI - The secure infrastructure for a keyless life
KIWI.KI - The secure infrastructure for a keyless lifeKIWI.KI - The secure infrastructure for a keyless life
KIWI.KI - The secure infrastructure for a keyless lifeförderbar GmbH Die Fördermittelmanufaktur
 

Más contenido relacionado

La actualidad más candente

Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Sqrrl
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?Jonathan Sinclair
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsEnterprise Management Associates
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationPriyanka Aash
 

La actualidad más candente (20)

Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Cybersecurity Awareness
Cybersecurity AwarenessCybersecurity Awareness
Cybersecurity Awareness
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Understanding cyber resilience
Understanding cyber resilienceUnderstanding cyber resilience
Understanding cyber resilience
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-Tools
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity CollaborationIntegrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
 
Physical security
Physical securityPhysical security
Physical security
 

Destacado

Security model-of-sip-d2-05 at kishore
Security model-of-sip-d2-05 at kishoreSecurity model-of-sip-d2-05 at kishore
Security model-of-sip-d2-05 at kishoreAT Kishore
 
Digital information security
Digital information securityDigital information security
Digital information securitySayed Ahmad
 
Guard time connect_estonia 21.03.2012
Guard time connect_estonia 21.03.2012Guard time connect_estonia 21.03.2012
Guard time connect_estonia 21.03.2012connectestonia
 
AAA Innovation Case Competition
AAA Innovation Case CompetitionAAA Innovation Case Competition
AAA Innovation Case CompetitionChristian Cannon
 
Cyber liability insurance and your security program
Cyber liability insurance and your security programCyber liability insurance and your security program
Cyber liability insurance and your security programScott Takaoka
 
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditCyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditNationalUnderwriter
 
Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Martin Ruubel
 
EY Global Capital Confidence Barometer (12th Edition)
EY Global Capital Confidence Barometer (12th Edition)EY Global Capital Confidence Barometer (12th Edition)
EY Global Capital Confidence Barometer (12th Edition)EY
 
EY Global Insurance CFO Survey
EY Global Insurance CFO SurveyEY Global Insurance CFO Survey
EY Global Insurance CFO SurveyEY
 
Insights on it risks evolving it landscape
Insights on it risks evolving it landscapeInsights on it risks evolving it landscape
Insights on it risks evolving it landscapeVladimir Matviychuk
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DaySymantec
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber SecurityJohn Gilligan
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsBenjamin Rohé
 
GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017isc2-hellenic
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
IoT End-to-End Security Overview
IoT End-to-End Security OverviewIoT End-to-End Security Overview
IoT End-to-End Security OverviewAmazon Web Services
 

Destacado (20)

Security model-of-sip-d2-05 at kishore
Security model-of-sip-d2-05 at kishoreSecurity model-of-sip-d2-05 at kishore
Security model-of-sip-d2-05 at kishore
 
KIWI.KI - The secure infrastructure for a keyless life
KIWI.KI - The secure infrastructure for a keyless lifeKIWI.KI - The secure infrastructure for a keyless life
KIWI.KI - The secure infrastructure for a keyless life
 
Proov
ProovProov
Proov
 
Digital information security
Digital information securityDigital information security
Digital information security
 
Guard time connect_estonia 21.03.2012
Guard time connect_estonia 21.03.2012Guard time connect_estonia 21.03.2012
Guard time connect_estonia 21.03.2012
 
Ksi
KsiKsi
Ksi
 
AAA Innovation Case Competition
AAA Innovation Case CompetitionAAA Innovation Case Competition
AAA Innovation Case Competition
 
Cyber liability insurance and your security program
Cyber liability insurance and your security programCyber liability insurance and your security program
Cyber liability insurance and your security program
 
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditCyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
 
Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...Combating the enemy within – an elegant mathematical approach to insider thre...
Combating the enemy within – an elegant mathematical approach to insider thre...
 
EY Global Capital Confidence Barometer (12th Edition)
EY Global Capital Confidence Barometer (12th Edition)EY Global Capital Confidence Barometer (12th Edition)
EY Global Capital Confidence Barometer (12th Edition)
 
EY Global Insurance CFO Survey
EY Global Insurance CFO SurveyEY Global Insurance CFO Survey
EY Global Insurance CFO Survey
 
Insights on it risks evolving it landscape
Insights on it risks evolving it landscapeInsights on it risks evolving it landscape
Insights on it risks evolving it landscape
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
 
The Economics of Cyber Security
The Economics of Cyber SecurityThe Economics of Cyber Security
The Economics of Cyber Security
 
NATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-UpsNATO Cyber Security Conference: Creating IT-Security Start-Ups
NATO Cyber Security Conference: Creating IT-Security Start-Ups
 
GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017
 
Cia security model
Cia security modelCia security model
Cia security model
 
IoT End-to-End Security Overview
IoT End-to-End Security OverviewIoT End-to-End Security Overview
IoT End-to-End Security Overview
 

Similar a Insights into cyber security and risk

br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trendsChristopher Bennett
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Biznesa infrastruktūras un datu drošības juridiskie aspekti
Biznesa infrastruktūras un datu drošības juridiskie aspektiBiznesa infrastruktūras un datu drošības juridiskie aspekti
Biznesa infrastruktūras un datu drošības juridiskie aspektiebuc
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to itIT-Toolkits.org
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to itIT-Toolkits.org
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...Leif Davidsen
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkIOSR Journals
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
Security Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive ReportSecurity Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive ReportAccenture Technology
 
Cyber and information security operations and assurance
Cyber and information security operations and assurance Cyber and information security operations and assurance
Cyber and information security operations and assurance EyesOpen Association
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfDataSpace Academy
 

Similar a Insights into cyber security and risk (20)

br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trends
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Biznesa infrastruktūras un datu drošības juridiskie aspekti
Biznesa infrastruktūras un datu drošības juridiskie aspektiBiznesa infrastruktūras un datu drošības juridiskie aspekti
Biznesa infrastruktūras un datu drošības juridiskie aspekti
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to it
 
10 security problems unique to it
10 security problems unique to it10 security problems unique to it
10 security problems unique to it
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
Aggregation Platforms-White Paper
Aggregation Platforms-White PaperAggregation Platforms-White Paper
Aggregation Platforms-White Paper
 
6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins6 Ways to Fight the Data Loss Gremlins
6 Ways to Fight the Data Loss Gremlins
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
 
Security Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive ReportSecurity Implications of Accenture Technology Vision 2015 - Executive Report
Security Implications of Accenture Technology Vision 2015 - Executive Report
 
Cyber and information security operations and assurance
Cyber and information security operations and assurance Cyber and information security operations and assurance
Cyber and information security operations and assurance
 
Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)
 
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfCloud Security - Types, Common Threats & Tips To Mitigate.pdf
Cloud Security - Types, Common Threats & Tips To Mitigate.pdf
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 

Más de EY

EY Price Point Q3 2022
EY Price Point Q3 2022EY Price Point Q3 2022
EY Price Point Q3 2022EY
 
Quarterly analyst themes of oil and gas earnings, Q1 2022
Quarterly analyst themes of oil and gas earnings, Q1 2022Quarterly analyst themes of oil and gas earnings, Q1 2022
Quarterly analyst themes of oil and gas earnings, Q1 2022EY
 
EY Price Point: global oil and gas market outlook, Q2 | April 2022
EY Price Point: global oil and gas market outlook, Q2 | April 2022EY Price Point: global oil and gas market outlook, Q2 | April 2022
EY Price Point: global oil and gas market outlook, Q2 | April 2022EY
 
EY Price Point: global oil and gas market outlook
EY Price Point: global oil and gas market outlookEY Price Point: global oil and gas market outlook
EY Price Point: global oil and gas market outlookEY
 
EY Price Point: global oil and gas market outlook, Q2 April 2021
EY Price Point: global oil and gas market outlook, Q2 April 2021EY Price Point: global oil and gas market outlook, Q2 April 2021
EY Price Point: global oil and gas market outlook, Q2 April 2021EY
 
Tax Alerte - Principales dispositions loi de finances 2021
Tax Alerte - Principales dispositions loi de finances 2021Tax Alerte - Principales dispositions loi de finances 2021
Tax Alerte - Principales dispositions loi de finances 2021EY
 
EY Price Point: global oil and gas market outlook
EY Price Point: global oil and gas market outlookEY Price Point: global oil and gas market outlook
EY Price Point: global oil and gas market outlookEY
 
Tax Alerte - prix de transfert - PLF 2021
Tax Alerte - prix de transfert - PLF 2021Tax Alerte - prix de transfert - PLF 2021
Tax Alerte - prix de transfert - PLF 2021EY
 
EY Price Point: global oil and gas market outlook (Q4, October 2020)
EY Price Point: global oil and gas market outlook (Q4, October 2020)EY Price Point: global oil and gas market outlook (Q4, October 2020)
EY Price Point: global oil and gas market outlook (Q4, October 2020)EY
 
EY Price Point: global oil and gas market outlook
EY Price Point: global oil and gas market outlookEY Price Point: global oil and gas market outlook
EY Price Point: global oil and gas market outlookEY
 
Zahl der Gewinnwarnungen steigt auf Rekordniveau
Zahl der Gewinnwarnungen steigt auf RekordniveauZahl der Gewinnwarnungen steigt auf Rekordniveau
Zahl der Gewinnwarnungen steigt auf RekordniveauEY
 
Versicherer rechnen mit weniger Neugeschäft
Versicherer rechnen mit weniger NeugeschäftVersicherer rechnen mit weniger Neugeschäft
Versicherer rechnen mit weniger NeugeschäftEY
 
Liquidity for advanced manufacturing and automotive sectors in the face of Co...
Liquidity for advanced manufacturing and automotive sectors in the face of Co...Liquidity for advanced manufacturing and automotive sectors in the face of Co...
Liquidity for advanced manufacturing and automotive sectors in the face of Co...EY
 
IBOR transition: Opportunities and challenges for the asset management industry
IBOR transition: Opportunities and challenges for the asset management industryIBOR transition: Opportunities and challenges for the asset management industry
IBOR transition: Opportunities and challenges for the asset management industryEY
 
Fusionen und Übernahmen dürften nach der Krise zunehmen
Fusionen und Übernahmen dürften nach der Krise zunehmenFusionen und Übernahmen dürften nach der Krise zunehmen
Fusionen und Übernahmen dürften nach der Krise zunehmenEY
 
Start-ups: Absturz nach dem Boom?
Start-ups: Absturz nach dem Boom?Start-ups: Absturz nach dem Boom?
Start-ups: Absturz nach dem Boom?EY
 
EY Price Point: global oil and gas market outlook, Q2, April 2020
EY Price Point: global oil and gas market outlook, Q2, April 2020EY Price Point: global oil and gas market outlook, Q2, April 2020
EY Price Point: global oil and gas market outlook, Q2, April 2020EY
 
Riding the crest of digital health in APAC
Riding the crest of digital health in APACRiding the crest of digital health in APAC
Riding the crest of digital health in APACEY
 
EY Chemical Market Outlook - February 2020
EY Chemical Market Outlook - February 2020EY Chemical Market Outlook - February 2020
EY Chemical Market Outlook - February 2020EY
 
Jobmotor Mittelstand gerät ins Stocken
Jobmotor Mittelstand gerät ins Stocken Jobmotor Mittelstand gerät ins Stocken
Jobmotor Mittelstand gerät ins Stocken EY
 

Más de EY (20)

EY Price Point Q3 2022
EY Price Point Q3 2022EY Price Point Q3 2022
EY Price Point Q3 2022
 
Quarterly analyst themes of oil and gas earnings, Q1 2022
Quarterly analyst themes of oil and gas earnings, Q1 2022Quarterly analyst themes of oil and gas earnings, Q1 2022
Quarterly analyst themes of oil and gas earnings, Q1 2022
 
EY Price Point: global oil and gas market outlook, Q2 | April 2022
EY Price Point: global oil and gas market outlook, Q2 | April 2022EY Price Point: global oil and gas market outlook, Q2 | April 2022
EY Price Point: global oil and gas market outlook, Q2 | April 2022
 
EY Price Point: global oil and gas market outlook
EY Price Point: global oil and gas market outlookEY Price Point: global oil and gas market outlook
EY Price Point: global oil and gas market outlook
 
EY Price Point: global oil and gas market outlook, Q2 April 2021
EY Price Point: global oil and gas market outlook, Q2 April 2021EY Price Point: global oil and gas market outlook, Q2 April 2021
EY Price Point: global oil and gas market outlook, Q2 April 2021
 
Tax Alerte - Principales dispositions loi de finances 2021
Tax Alerte - Principales dispositions loi de finances 2021Tax Alerte - Principales dispositions loi de finances 2021
Tax Alerte - Principales dispositions loi de finances 2021
 
EY Price Point: global oil and gas market outlook
EY Price Point: global oil and gas market outlookEY Price Point: global oil and gas market outlook
EY Price Point: global oil and gas market outlook
 
Tax Alerte - prix de transfert - PLF 2021
Tax Alerte - prix de transfert - PLF 2021Tax Alerte - prix de transfert - PLF 2021
Tax Alerte - prix de transfert - PLF 2021
 
EY Price Point: global oil and gas market outlook (Q4, October 2020)
EY Price Point: global oil and gas market outlook (Q4, October 2020)EY Price Point: global oil and gas market outlook (Q4, October 2020)
EY Price Point: global oil and gas market outlook (Q4, October 2020)
 
EY Price Point: global oil and gas market outlook
EY Price Point: global oil and gas market outlookEY Price Point: global oil and gas market outlook
EY Price Point: global oil and gas market outlook
 
Zahl der Gewinnwarnungen steigt auf Rekordniveau
Zahl der Gewinnwarnungen steigt auf RekordniveauZahl der Gewinnwarnungen steigt auf Rekordniveau
Zahl der Gewinnwarnungen steigt auf Rekordniveau
 
Versicherer rechnen mit weniger Neugeschäft
Versicherer rechnen mit weniger NeugeschäftVersicherer rechnen mit weniger Neugeschäft
Versicherer rechnen mit weniger Neugeschäft
 
Liquidity for advanced manufacturing and automotive sectors in the face of Co...
Liquidity for advanced manufacturing and automotive sectors in the face of Co...Liquidity for advanced manufacturing and automotive sectors in the face of Co...
Liquidity for advanced manufacturing and automotive sectors in the face of Co...
 
IBOR transition: Opportunities and challenges for the asset management industry
IBOR transition: Opportunities and challenges for the asset management industryIBOR transition: Opportunities and challenges for the asset management industry
IBOR transition: Opportunities and challenges for the asset management industry
 
Fusionen und Übernahmen dürften nach der Krise zunehmen
Fusionen und Übernahmen dürften nach der Krise zunehmenFusionen und Übernahmen dürften nach der Krise zunehmen
Fusionen und Übernahmen dürften nach der Krise zunehmen
 
Start-ups: Absturz nach dem Boom?
Start-ups: Absturz nach dem Boom?Start-ups: Absturz nach dem Boom?
Start-ups: Absturz nach dem Boom?
 
EY Price Point: global oil and gas market outlook, Q2, April 2020
EY Price Point: global oil and gas market outlook, Q2, April 2020EY Price Point: global oil and gas market outlook, Q2, April 2020
EY Price Point: global oil and gas market outlook, Q2, April 2020
 
Riding the crest of digital health in APAC
Riding the crest of digital health in APACRiding the crest of digital health in APAC
Riding the crest of digital health in APAC
 
EY Chemical Market Outlook - February 2020
EY Chemical Market Outlook - February 2020EY Chemical Market Outlook - February 2020
EY Chemical Market Outlook - February 2020
 
Jobmotor Mittelstand gerät ins Stocken
Jobmotor Mittelstand gerät ins Stocken Jobmotor Mittelstand gerät ins Stocken
Jobmotor Mittelstand gerät ins Stocken
 

Último

8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024Matteo Carbone
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadAyesha Khan
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / NcrCall Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncrdollysharma2066
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 

Último (20)

8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / NcrCall Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 

Insights into cyber security and risk

  • 1. 1 Cyber insurance, security and data integrity insights
  • 2. 2 Executive summary: insights into cybersecurity and risk Businesses must take a As cyber threats have become more pervasive, persistent and sophisticated, information security has become a business imperative for all industries. Unlike companies in other sectors, however, insurers must gain a deeper understanding of cyber threats as they develop cyber liability policies. These products are evolving to include not just technology companies, but all organizations that collect, store and process data from their customers. When it comes to information security, insurers must stay ahead of the ever shifting cyber threats by maintaining the triad of confidentiality, integrity and availability of systems and data. No one escapes cyber risk. Every company is vulnerable to cyber threats. In the vibrant global cyber insurance market of the future, risk management of a data breach must be built into policy at the board level, and not just a concern of the IT departments. This will give the reinsurance industry and capital markets confidence, and confirm to regulators and rating agencies that enterprise risk management (ERM) has been included in cyber liability coverage. proactive approach to cybersecurity rather than waiting for a breach to occur and then acting on it.
  • 3. 3 Key actions for insurers to take To achieve Cybersecurity, insurers must: To mitigate cyber risks, insurers must: • Develop and implement a long-term, enterprise-wide security program that addresses processes, controls, organization and governance, as well as reporting, metrics, privacy and data protection • Invest in cybersecurity and do a better job of articulating and demonstrating the value proposition • Establish a framework of continuous improvement in analytics and reporting, people, processes and technology • Design and execute solutions to measure, monitor and report on the effectiveness of security programs • Refine strategies based on changing threats, risks and business imperatives • Integrate cyber risks into a broader enterprise risk management approach, including risk modeling and transfer • Gain specific understanding of risks related to data breaches, supply chains, emerging digital technologies and rapid-growth markets • Track and monitor cyber liability regulation and rating issues and developments • Accept that all insured infrastructure is a target, with the highest value assets the most frequent targets • Remain alert to changing trends and emerging threats within the market and ensure that policy terms and conditions do not increase exposure • Embrace a cyber risk center of excellence approach that extends across customer, risk-centric and financial activities
  • 4. Achieving cybersecurity 4 Emerging cyber threats Financial institutions have developed applications for mobile payment and other transactions. While these applications represent innovation, the institutions never planned on supporting mobile banking. Consequently, digital exchanges via the mobile transaction network are at a higher risk of compromise and/or manipulation by exploiters with increasingly sophisticated tools and skills. Moreover, infrastructure and storage outsourcing efforts supporting these applications put organizations further at risk as cloud service providers have different security mechanisms. Other challenges (and reasons for concern) for insurers: • There is a large gap between the nature of new threats and the capabilities available to detect attacks, monitor (and stop) unauthorized exfiltration and secure information. • Few insurers have direct insights into the cyber liabilities surrounding intangible digital assets. • Many do not have the tools to provide the direct real-time awareness necessary to calculate risks to insured digital assets stored by cloud service providers or enterprise networks. • There is increased awareness that companies should be accountable for private records and the security of data collected from their customers. • Insurers should expect that insured infrastructure will be compromised at some point. The more important and valuable the data assets are (IP, customer and supplier base, etc.), the more likely a compromise will occur. As exposure has evolved, so have policies. Since exposure exists for any organization that handles private information, insurance companies have been tasked with creating a new type of policy. The rapid adoption of mobile and digital devices in emerging markets is fostering new product development, along with new security and privacy measures. Research shows: • Nearly 95% of all enterprise networks have been compromised by external attackers . • Only 3% of organizations felt safe against insider threats . • Hundreds of millions of consumers have had their identity information compromised. • The financial and reputational losses to businesses and shareholders stretching into the tens of billions of dollars annually.
  • 5. 5 Achieving cybersecurity Maintains the accuracy and consistency of systems and data over the entire lifecycle – the most critical pillar but a gaping hole today Pillars of information security Security model Availability Confidentiality Integrity Prevents the disclosure of information to unauthorized individuals or systems Makes sure that computing systems, security controls and communication channels are functioning correctly
  • 6. 6 Achieving cybersecurity Data Integrity What it is: Data integrity is the ability to independently prove what happened in a digital infrastructure, determine the impact of a security incident and distribute the liability for a data breach. This proof is currently hard to obtain from internal systems, and it becomes increasingly complicated with organizational reliance on outsourced cloud infrastructure and “trusted” administrators. New methods are needed to definitely identify the cause of compromise, the assets affected, when the compromise occurred and if insured assets were exposed outside the organization. Why it matters: • It’s a prerequisite for ensuring confidentiality. • Without it, encryption is worse than useless, bringing a false sense of security that can lead to a breach. • It brings auditability and transparency of evidence to governance frameworks (for both public and private sectors). Data integrity enables an independent audit of digital assets prior to a data breach and clearer visibility into impacts when breaches occur.
  • 7. Achieving cybersecurity 7 Getting to data integrity: keyless signature infrastructure Most breaches today go unnoticed until long after they occur and the damage has been done. Active integrity involves continuous verification of the integrity of data in storage using keyless signatures. A disruptive new technology standard, keyless signature infrastructures (KSI) can effectively address some cyber liability issues by enabling mutual auditability of information systems add clearer visibility into the cause of a breach incident. Further, KSI mitigates the risk of breach escalation in real time and provides indemnification against subrogation and other legal claims. How KSIs work: • Unlike digital certificates, keyless signatures never expire. • People are not required in the signing process. • Use of keyless signatures strengthens legal non-repudiation for data at rest. • There are no keys to be compromised and/or keys to revoke. • During a breach, active integrity can be provided with cyber alarms and correlated to other network events by auditors, network operations centers and security operations centers — delivering real-time, continuous monitoring and verification of data signed with keyless signatures. Keyless signatures change the security paradigm by ensuring visibility into the cause of breaches. A “managed security service” resulting from the implementation of KSI, marks a new era for insurers. 10101010101 01010101010 10101010101 01010101010 10101010101 01010101010 + = Keyless Vignature 10101010101101 01010101010010 10101010101 01010101010 10101010101 01010101010 Electronic Gata Signed Hlectronic Gata 10 2009-009--01-21 16::39:02 2009-0 01-21 16:3 39:0 02 10 6 suporte6 pam_unix(cron:session): session closed for user root 11 2009-009-9-01-21 17::09:03 2009-0 01-21 17:09 09:0 03 10 6 suporte6 pam_unix(cron:session): session opened for user root by (uid=0) 12 2009-009-9-01-21 17::09:15 2009-0 01-21 17:09 09:1 15 9 6 suporte6 (root) CMD ([-x /usr/lib/php5/maxlifetime ] [-d /var/lib/php5 ] find /var/lib/php5/ -type… 13 2009-009-9-01-21 17:09:17 2009-01-21 17:09 09:1 17 10 6 suporte6 pam_unix(cron:session):session closed for user root 14 2009-009--01-21 17:Each 12:03 record 2009-is 01-21 17:1 12:0 03 10 5 suporte6 mauricio: TTY=pts/1 ; PWD=/etc/rsyslog.d ; USER=root ; COMMAND=/usr/bin/killall kmysqladmin 15 20 2009-009-0 01- 21 17:signed 17:02 by 2009-01-keyless 21 17: 17:0 02 10 6 suporte6 pam_unix(cron:session): session opened for user root by (uid=0) 16 20 2009-009-01- 21 17:17:03 signature 2009-01-21 17:17:0 03 9 6 suporte6 (root) CMD ( cd/ run-parts –report /etc/cron.hourly) 17 20 2009-009-01- 21 17:17:03 2009-01- 21 17:17:0 03 10 6 suporte6 pam_unix(cron:session): session closed for user root 18 20 2009-009-01- 21 17:39:01 2009-01-21 17:39:0 01 10 6 suporte6 pam_unix(cron:session): session opened for user root by (uid=0) 19 2009-01-21 17:39:01 2009-01-21 17:39:01 9 6 suporte6 (root) CMD ([-x /usr/lib/php5/maxlifetime ] [-d /var/lib/php5 ] find /var/lib/php5/ -type… 20 2009-01-21 18:09:01 2009-01-21 18:09:01 9 6 suporte6 (root) CMD ([-x /usr/lib/php5/maxlifetime ] [-d /var/lib/php5 ] find /var/lib/php5/ -type… 21 2009-01-21 18:09:01 2009-01-21 18:09:01 10 6 suporte6 pam_unix(cron:session):session closed for user root 22 2009-01-21 18:09:01 2009-01-21 18:09:01 10 5 suporte6 mauricio: TTY=pts/1 ; PWD=/etc/rsyslog.d ; USER=root ; COMMAND=/usr/bin/killall kmysqladmin 23 2009-01-21 18:17:01 2009-01-21 18:17:01 10 6 suporte6 pam_unix(cron:session): session opened for user root by (uid=0) 24 2009-01-21 18:17:01 2009-01-21 18:17:01 9 6 suporte6 (root) CMD ( cd/ run-parts –report /etc/cron.hourly) 25 2009-01-21 18:17:01 2009-01-21 18:17:01 10 6 suporte6 pam_unix(cron:session): session closed for user root 26 2009-01-21 18:39:01 2009-01-21 18:39:01 10 6 suporte6 pam_unix(cron:session): session opened for user root by (uid=0) 27 2009-01-21 18:39:01 2009-01-21 18:39:01 9 6 suporte6 (root) CMD ([-x /usr/lib/php5/maxlifetime ] [-d /var/lib/php5 ] find /var/lib/php5/ -type
  • 8. 8 Achieving cybersecurity KSI in action Estonia: NATO headquarters for Cybersecurity Estonia solved the data integrity issue following a disabling cyber attack in 2007. By integrating KSI into networks, every component, configuration and digital asset can be tagged, tracked and located with real-time verification — no matter where that asset is transmitted or stored. With real-time awareness, incident response, data loss prevention, investigation and/or network resilience, it is now possible to detect and react to any misconfiguration, network, component or application failure in the country. It has irrefutable transparent evidence to independently verify and enable trust in transactions and interactions on their networks. No keys or encryption — just mathematical proof of everything that happened.
  • 9. 9 Achieving cybersecurity Big data security challenges In the past, large financial risk models and risk-scenario simulations have taken days to run, slowing the delivery of urgently needed information to the C-suite. Running models in the cloud across multiple processors, where the modeling software can process successfully across multiple cores, means large models can now be run in a matter of minutes. But once the model data enters the cloud, can it be trusted? Machine-to-machine and autonomous sensor data being managed by machines assumes the security protocols and handling of machine-generated data are rock solid and invulnerable to compromise. That’s a dangerous assumption. Real-time, continuous integrity monitoring and tamper detection capabilities — like those enabled by KSI — are necessary to protect the big data repositories that make up the cloud. Further, KSI allows companies to manage big data through four dimensions: KSI and emerging data integrity standards will change the perception that data in the cloud is less secure than in corporate data centers. • Velocity • Variety • Volume • Veracity
  • 10. 10 Achieving cybersecurity Innovation through analytics: the time is now Leading insurers are changing Insurance master databases are one of the biggest sets of data in any sector and are growing exponentially — thanks to telematics, social media, unstructured email data and the like. Big data will undoubtedly reshape the insurance industry. For years, the industry has had big data but did not know it or use it. The wake-up call is here, and it is time for re-evaluating and re-tooling analytical capabilities. More predictive modeling Better forecasting through deeper in-depth statistical analysis across the enterprise Moving beyond a simple one-on-one relationship of server to data storage Those are the capabilities innovation through analytics can enable and how data can become a single holistic global and enterprise resource. their vision to a “management-by- data-analytics” approach to customers, risk assessment and financial analysis.
  • 11. Mitigating cyber risk 11 Cyber risk in the context of ERM Insurers manage many risks aligned to their risk profiles and appetites. Visionaries and early adopters do so dynamically by use of mathematics (stochastically or actuarially) and simulations for the future based on the historical loss data in order to correlate all the risks of the enterprise into one holistic view. Factors to consider include: Cyber risk. Operational risk affects every organization on an equal basis and is often quantified as a percentage of gross written premiums. Cyber risks are no different from any other risk in terms of risk management and transfer Risk mitigation. Insurance and reinsurance are not alternatives to ERM. Risk transfer programs should be used to address structural residual risk, and risk management best practices can ease the process of finding the right cover at the right price — with reinsurance optimization. Such an approach must be applied to cyber risk. Risk modeling. Dynamic risk modeling can enhance effective risk management best practices, modeling the likelihood of small claims from data breaches, as well as the impact of long-tail or “black swan” events. Early adopters are also experimenting with other risk transfer mechanisms include cyber captives, special-purpose vehicles (SPVs) and sidecars. We are early in a long-term and necessary evolution — where cyber risk can and must be managed within the broader context of ERM. Cyber risk must not be viewed as separate from other types of risks. Dynamic risk modeling tools are necessary to gain detailed visibility into value at risk.
  • 12. 12 Mitigating cyber risk Security issues affecting reinsurers As the stability mechanism for solvency in the insurance industry and the link to the capital markets and pension funds, the reinsurance industry must also be focused on cyber risks. Emerging technology threat: the industry must model cyber risks in correlation to other risks, including in the solvency, risk-based capital arena with long-tail exposure reduction. An incentive to invest: it is difficult for governments to determine if a cyber attack is an attack on a company or on a country. New mandatory data breach laws will force organizations to report data breaches within a specified period or face heavy fines (up to 10% of gross annual income). Ignorance that a data breach occurred is not an acceptable excuse. Cyber catastrophe models and databases: nearly 60 insurers write some form of cyber insurance coverage outside of errors and omissions insurance (EO). The reinsurance industry needs to look at the effect of large aggregated cyber attacks that can affect the capital and stability of the risk industry. Cyber attacks and data breaches are black-swan events — not unlike natural disasters — that will: • Help create cyber XL rates (excess of loss) for reinsurance to move away from quota share reinsurance • Cause the cyber reinsurance industry to mature in the same way it did for natural catastrophe lines • Include legal expenses, as these are particularly perilous to solvency and to the proper reserving of claims (the ability to pay) over a period Reinsurers need to understand cyber risk independently of the insurer to create the right protection mechanisms, cyber models and rating bands.
  • 13. 13 Mitigating cyber risk Supply chain risk Cyber liability regulation and rating Recent natural catastrophe events have shown what can happen to the global supply chain in terms of disruption. A severe cyber-attack would affect the global supply chain, especially around commercial and industrial internet usage. The insurance industry knows that the outsource service provider is the main cause of supply chain disruption, which often happens simultaneously when increasing weather disruption brings cyber and climate risks together in one event. When service providers outsource to each other, it sends a red alert to the industry. Data integrity needs to be embedded in the enterprise, as well as with IT vendors they outsource to and those outsourcers in turn engage. Rating agencies can have an economic effect on countries and corporations by making rating changes based on an event. The rating of insurers is also at risk if they do not provide mitigation advice to customers. They may struggle to get reinsurance capacity, expose themselves to more risk and lose access to “A”-rated capital. It is in everyone’s interest in the regulatory and rating space to understand the standards and value that they bring to the table. Currently, rating agencies view cyber risk as a primary threat to solvency because of the significant, rapid and unexpected impact of an event and, in some cases, the ability to react to that event. For natural catastrophes, rating agencies look at the use of catastrophe event models that are created by third-party vendors and rely on vendor research and data accuracy. However, in the case of cyber risk, the catastrophe is the data itself. That requires a broader rating approach — for example, with a Technology, in conjunction with cyber attacks data-scoring rating mechanism added to overall ERM ratings. and service providers, makes up the majority of all supply chain disruptions. The speed of regulatory change in data breach reporting will lead to increased cyber liability coverage and even mandatory insurance in some cases.
  • 14. Mitigating cyber risk 14 Best practices and the center of excellence Cyber risk leaders in insurance will likely embrace a center of excellence across customer, risk-centric and financial activities, thereby linking security analytics and big data with fraud investigations. This will further the trend toward intelligence-driven security plans in order to protect digital information assets. The Center of Excellence for Insurance Big Data Security, Technology Governance and Compliance can help you create a holistic, technology-enabled, business-driven strategy. Customer Risk centric Financial Need: trust Need: knowledge Need: transparency • Distribution channel cross sell/up sell • Underwriting • Rating and regulation • Customer lead identifi cation • Product design and innovation • Asset liability matching • Marketing campaign analysis • Pricing and deductibles • Reinsurance optimization • Segmentation • Reinsurance strategy • Portfolio and asset optimization • Know thy customer (KYC) • Telematics M2M • Risk-based capital pricing • Lifetime value • Catastrophe models • Financial modelling • Retention and lapse • Reserving and claims • Mac economics • Fraud, SIU and forensics • Embedded value • subrogation/recovery
  • 15. 15 Mitigating cyber risk How EY assists with effective cyber risk management EY’s information security services help our clients to assess their security strategies, processes and infrastructure to manage risk and enable compliance with applicable laws and regulations. This includes testing for security exposures and business risks created by vulnerabilities or inadequate systems, applications and network devices. Leading practices should include: • A pragmatic, risk-based information security strategy that integrates solutions to address business needs, compliance requirements and ERM objectives • Listening to what is going in the market, understanding security information trends and threats, and adjusting the risk assessment accordingly • Continually reassessing new technologies and the threat landscape to confirm that focus is on the right priorities • Executive and board support that leverages the expertise of partners and vendors and defines which security functions sit in-house instead of outsourced and in the cloud • Assurance that information security is an integral part of the risk management function, not a stand-alone unit that fails to involve the business in the process
  • 16. Learn more Key Contacts: Shaun Crawford Global Insurance Leader scrawford2@uk.ey.com David Piesse International Insurance Society (IIS) Ambassador for Asia Pacific and Insurance Lead at Guardtime david.piesse@guardtime.com Mitigating cyber risk for insurers Part 2: Insights into cyber security and risk — 2014 For insights into cybersecurity — download Part 1: Cyber insurance, security and data integrity For insights mitigating cyber risk — download Part 2: Mitigating cyber risk for insurers EY.com/insurance/cyber EY | Assurance | Tax | Transactions | Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst Young Global Limited, each of which is a separate legal entity. Ernst Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. © 2014 EYGM Limited. All Rights Reserved. EYG no: EG0204 1408-1304669 NY ED none This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.