© 2014 Global Knowledge Training LLC. All rights reserved.
INSERT PHOTO HERE
David [email protected]
Retired Army JAG Former legal advisor at NSA
and CYBERCOM Risk management and
cybersecurity consultant Licensed to practice law in NY,
CT, and CO Master’s degree in intellectual
property and IT law Speaker at security
conferences worldwide
© 2014 Global Knowledge Training LLC. All rights reserved.
Our Agenda
State of security– Recent breaches– The problem– Common security implementations– Cost of breach
How to lower risk, reduce or eliminate liability, and protect reputation– Leadership– Risk assessment– Policy– Training
© 2014 Global Knowledge Training LLC. All rights reserved.
State of Security
The Global State of Information Security® Survey 2014 shows that:
“While many organisations have raised the bar on security, their adversaries are continuing to outpace them. Detected security incidents have increased—and so has the cost of breaches.” (PWC)www.secureworldexpo.com
© 2014 Global Knowledge Training LLC. All rights reserved.
The Problem
According to “Cyber Security Risk: Perception vs. Reality in Corporate America” (Wired, March 2014):73% of North American execs are confident in their
company’s securityMajority of survey respondents believe their orgs will
perform better or the same compared to last 12 monthsMost C-levels feel very optimistic about readiness72% of survey respondents feel safe from IT threatsNearly 60% of respondents were CIOs, CISOs, VPs, or
directors
© 2014 Global Knowledge Training LLC. All rights reserved.
The Problem
According to “Cyber Security Risk: Perception vs. Reality in Corporate America” (Wired, March 2014):Optimism bias leads to false confidence in securityBusiness leaders simply do not understand
cybersecurity risk
© 2014 Global Knowledge Training LLC. All rights reserved.
Recent Breaches
© 2014 Global Knowledge Training LLC. All rights reserved.
Common Security Implementations
www.eppgroup.eu
© 2014 Global Knowledge Training LLC. All rights reserved.
Common Security Implementations
en.wikipedia.org webpage.pace.edu
© 2014 Global Knowledge Training LLC. All rights reserved.
Common Security Implementations
Mark Popolano, CIO of ProSight Specialty Insurance, regarding risks vs. costs:
“If you want to spend an infinite amount of money on security, you can … but the government does, and they’re not 100% foolproof.” (Bree Fowler, AP)
© 2014 Global Knowledge Training LLC. All rights reserved.
Common Security Implementations
Is there a single standard, piece of hardware, software, or technique that will keep your organization from being breached?
Is there a combination of the above that will keep you secure?
© 2014 Global Knowledge Training LLC. All rights reserved.
Common Security Implementations
Questions rephrased:
www.chronicle.su
© 2014 Global Knowledge Training LLC. All rights reserved.
Cost of a Breach
Loss of:– Time– Money– Reputation– Revenue
© 2014 Global Knowledge Training LLC. All rights reserved.
Cost of a Breach
© 2014 Global Knowledge Training LLC. All rights reserved.
Cost of a Breach
“In 2013, an annual investigative report on data security by Verizon found 88% of the attacks initiated against financial services companies were successful in less than a day.” (2013 Verizon Data Breach Report – DBIR)
© 2014 Global Knowledge Training LLC. All rights reserved.
Cost of a Breach
“For publicly traded companies like Target and Neiman Marcus, there is an additional obligation to disclose material information to shareholders in a timely manner. For any retailer, a cyberattack may drive customers away and affect income through increased expenses for stronger computer security, providing identity theft protection to affected customers, and refunding of any fraudulent charges.” (“Adding Up the Costs of Data Breaches,” By Peter J. Henning )
© 2014 Global Knowledge Training LLC. All rights reserved.
Lower Risk, Reduce or Eliminate Liability, and Protect Reputation
What can you do?As a business leader what is your responsibility?What constitutes due diligence when it comes to
cybersecurity?
© 2014 Global Knowledge Training LLC. All rights reserved.
informationsecurity.saiglobal.com
© 2014 Global Knowledge Training LLC. All rights reserved.
© 2014 Global Knowledge Training LLC. All rights reserved.
Leadership
Remember the statistic? 73% of executives believe their security is good and nothing will happen!
This attitude trickles down to the workforce and suddenly all become lackadaisical.
voodoogamer.wordpress.com
© 2014 Global Knowledge Training LLC. All rights reserved.
Risk Assessment
What is it?What does it do?How do you do it?What is the goal?
© 2014 Global Knowledge Training LLC. All rights reserved.
Risk Assessment
innovis.cpsc.ucalgary.ca
© 2014 Global Knowledge Training LLC. All rights reserved.
Policy
Why?What?How?
www.satking.com.au
© 2014 Global Knowledge Training LLC. All rights reserved.
Training
Why?How?How often?Who?
web.securityinnovation.com
© 2014 Global Knowledge Training LLC. All rights reserved.
Call to Action
Perform a risk assessment or hire someone to do itWrite and implement policies or hire someone to do itTrain the workforce and implement a program or hire
someone to do it
© 2014 Global Knowledge Training LLC. All rights reserved.
David Willson, Esq.CISSP, Security +
Titan Info Security Group,OnlineIntell, LLC, and
Azorian Cyber Security719-648-4176
Questions?
© 2014 Global Knowledge Training LLC. All rights reserved.
Learn More
Recommended Global Knowledge Courses
Cyber Security Compliance & Mobility Course (CSCMC)
Request an On-Site Delivery We can tailor our courses to meet
your needs We can deliver them in a private
setting
Visit Our Knowledge Center Assessments Blog Case Studies Demos Lab Topologies Special Reports Twitter Videos Webinars White Papers
Thank You for Attending
For more information contact us at:
www.globalknowledge.com | 1-800-COURSES | [email protected]