why your company should have a risk management program

Why Your Company Should Have a Risk

Management ProgramDavid Willson

[email protected]

© 2014 Global Knowledge Training LLC. All rights reserved.

INSERT PHOTO HERE

David [email protected]

Retired Army JAG Former legal advisor at NSA

and CYBERCOM Risk management and

cybersecurity consultant Licensed to practice law in NY,

CT, and CO Master’s degree in intellectual

property and IT law Speaker at security

conferences worldwide


Our Agenda

State of security– Recent breaches– The problem– Common security implementations– Cost of breach

How to lower risk, reduce or eliminate liability, and protect reputation– Leadership– Risk assessment– Policy– Training


State of Security

The Global State of Information Security® Survey 2014 shows that:

“While many organisations have raised the bar on security, their adversaries are continuing to outpace them. Detected security incidents have increased—and so has the cost of breaches.” (PWC)www.secureworldexpo.com


The Problem

According to “Cyber Security Risk: Perception vs. Reality in Corporate America” (Wired, March 2014):73% of North American execs are confident in their

company’s securityMajority of survey respondents believe their orgs will

perform better or the same compared to last 12 monthsMost C-levels feel very optimistic about readiness72% of survey respondents feel safe from IT threatsNearly 60% of respondents were CIOs, CISOs, VPs, or

directors


The Problem

According to “Cyber Security Risk: Perception vs. Reality in Corporate America” (Wired, March 2014):Optimism bias leads to false confidence in securityBusiness leaders simply do not understand

cybersecurity risk


Recent Breaches


Common Security Implementations

www.eppgroup.eu



en.wikipedia.org webpage.pace.edu



Mark Popolano, CIO of ProSight Specialty Insurance, regarding risks vs. costs:

“If you want to spend an infinite amount of money on security, you can … but the government does, and they’re not 100% foolproof.” (Bree Fowler, AP)



Is there a single standard, piece of hardware, software, or technique that will keep your organization from being breached?

Is there a combination of the above that will keep you secure?



Questions rephrased:

www.chronicle.su


Cost of a Breach

Loss of:– Time– Money– Reputation– Revenue


Cost of a Breach


Cost of a Breach

“In 2013, an annual investigative report on data security by Verizon found 88% of the attacks initiated against financial services companies were successful in less than a day.” (2013 Verizon Data Breach Report – DBIR)


Cost of a Breach

“For publicly traded companies like Target and Neiman Marcus, there is an additional obligation to disclose material information to shareholders in a timely manner. For any retailer, a cyberattack may drive customers away and affect income through increased expenses for stronger computer security, providing identity theft protection to affected customers, and refunding of any fraudulent charges.” (“Adding Up the Costs of Data Breaches,” By Peter J. Henning )


Lower Risk, Reduce or Eliminate Liability, and Protect Reputation

What can you do?As a business leader what is your responsibility?What constitutes due diligence when it comes to

cybersecurity?


informationsecurity.saiglobal.com


Leadership

Remember the statistic? 73% of executives believe their security is good and nothing will happen!

This attitude trickles down to the workforce and suddenly all become lackadaisical.

voodoogamer.wordpress.com


Risk Assessment

What is it?What does it do?How do you do it?What is the goal?


Risk Assessment

innovis.cpsc.ucalgary.ca


Policy

Why?What?How?

www.satking.com.au


Training

Why?How?How often?Who?

web.securityinnovation.com


Call to Action

Perform a risk assessment or hire someone to do itWrite and implement policies or hire someone to do itTrain the workforce and implement a program or hire

someone to do it


David Willson, Esq.CISSP, Security +

Titan Info Security Group,OnlineIntell, LLC, and

Azorian Cyber Security719-648-4176

[email protected]

Questions?

http://www.azoriancybersecurity.com/


Learn More

Recommended Global Knowledge Courses

Cyber Security Compliance & Mobility Course (CSCMC)

Request an On-Site Delivery We can tailor our courses to meet

your needs We can deliver them in a private

setting

Visit Our Knowledge Center Assessments Blog Case Studies Demos Lab Topologies Special Reports Twitter Videos Webinars White Papers

Thank You for Attending

For more information contact us at:

www.globalknowledge.com | 1-800-COURSES | [email protected]

why your company should have a risk management program

Technology

global knowledge training

data security

cyber security risk

security conferences

security business leaders

stronger computer security

detected security incidents

cybersecurity risk