can cyber insurance enforce change in enterprise grc
TRANSCRIPT
A Silver Bullet Solution or a Risk
CYBER INSURANCE
Kollam, Aug 19, 2016
We Are
A Reality Check On The Past Present & Future of National Security & Cybersecurity
.in
Kollam, Aug 19, 2016
Can Cyber Insurance enforce change in the cybersecurity DNA of organizations?
Kollam, Aug 19, 2016
In India – IT Act asks for “reasonable security”
PSUs, Enterprises seek - ISO27001, - PCI-DSS, - ISO22301, - Guidelines from RBI, SEBI, IDRBT
Kollam, Aug 19, 2016
The Risks are many too…
RansomwareBusiness Email CompromiseInsider ThreatEspionageAPT etc
Kollam, Aug 19, 2016
Some Cyber Insurance “Issues”
SONY – claim by movie producer after 2 years
TARGET – ongoing litigation
Kollam, Aug 19, 2016
•What will a policy cover • ISMS, BCP, IAM, Devices, Insider threat, IP, Server,
Endpoints, Mistakes, Accidents, Disasters, Ransomware, Spam, Malware, Change Management, Database, Phishing, Whaling, Spear Phishing …
• If the organization has an ISMS is it SECURE• Does ISMS include ransomware, or, Phishing include
whaling etc•Who will assess the incident – is assessor qualified•Organization has to make public announcement and lodge a formal complaint
Kollam, Aug 19, 2016
Cyber Insurance Brings Promise of lowering the risk
Kollam, Aug 19, 2016
How can Insurance enforce Security ?
Kollam, Aug 19, 2016
- Organization HAS to have effective controls
- Security has to be “in the spirit and DNA”
- Management has to assume full responsibility
- Governance and traceability- Common and automated
platforms that are prescribed by Insurer
Kollam, Aug 19, 2016
- While Insurance will de-risk an individual or an organization
- INSURANCE IS A RISK TOO
Kollam, Aug 19, 2016
Decide wisely• You are ISO27001 certified – does this make you a good
candidate for insurance• Will the assessor be willing to accept your security
status / control design and effectiveness and settle your claim
• Think far and wide when you buy• Discuss common ground for assessment with your insurer• Assess your insurers maturity while the insurer assesses
yours• Optimize your controls system to align with insurance
needs
Kollam, Aug 19, 2016
Kollam, Aug 19, 2016
A Br
ief I
ntro
duct
ion
Dinesh O BarejaCISA, CISM, ITIL, ISMS, Cert ERM, Cert IPR
• Principal Advisor – Pyramid Cyber Security & Forensic Pvt Ltd• Co-Founder – Open Security Alliance , IndiaWatch, Indian Honeynet
Project,• Ex Cyber Surveillance Advisor – CDRC (Jharkhand Police – Special Branch)
Enterprise & Government Policy Development; Cyber Security Strategy, Design, Architecture; Current State Security Assessment, Audit & Optimization; Governance, Risk Management;.. etc
ABOUT ME
Kollam, Aug 19, 2016
Who
professional infosec expertise and passion to demolish the hype and enable real-life balance in cybersecurity policy, strategy, training and operations at the national, enterprise or individual level – we bring the
A Reality Check On The Past Present & Future of National Security & Cybersecurity
ABO
UT
US
Wh
at
Whe
re
@bizspriteL: linkedin.com/in/dineshbareja +91.9769890505 dineshobareja dineshobareja infosecgallery.blgspot.com securambling.blogspot.com
.in
Kollam, Aug 19, 2016
BECA simple risk that compromises the integrity of emails being exchanged by you (?) internally or with a supplier or buyer. Leads to loss of money (payment) when the transaction is consummated!