More Related Content More from Global Knowledge Training (20) Why Your Company Should Have a Risk Management Program2. © 2014 Global Knowledge Training LLC. All rights reserved.
INSERT PHOTO
HERE
David Willson
david@azoriancybersecurity.com
Retired Army JAG
Former legal advisor at NSA
and CYBERCOM
Risk management and
cybersecurity consultant
Licensed to practice law in NY,
CT, and CO
Master’s degree in intellectual
property and IT law
Speaker at security
conferences worldwide
3. © 2014 Global Knowledge Training LLC. All rights reserved.
Our Agenda
State of security
– Recent breaches
– The problem
– Common security implementations
– Cost of breach
How to lower risk, reduce or eliminate liability, and
protect reputation
– Leadership
– Risk assessment
– Policy
– Training
4. © 2014 Global Knowledge Training LLC. All rights reserved.
State of Security
The Global State of Information
Security® Survey 2014 shows that:
“While many organisations have
raised the bar on security, their
adversaries are continuing to
outpace them. Detected security
incidents have increased—and so
has the cost of breaches.” (PWC)www.secureworldexpo.com
5. © 2014 Global Knowledge Training LLC. All rights reserved.
The Problem
According to “Cyber Security Risk: Perception vs. Reality
in Corporate America” (Wired, March 2014):
73% of North American execs are confident in their
company’s security
Majority of survey respondents believe their orgs will
perform better or the same compared to last 12 months
Most C-levels feel very optimistic about readiness
72% of survey respondents feel safe from IT threats
Nearly 60% of respondents were CIOs, CISOs, VPs, or
directors
6. © 2014 Global Knowledge Training LLC. All rights reserved.
The Problem
According to “Cyber Security Risk: Perception vs. Reality
in Corporate America” (Wired, March 2014):
Optimism bias leads to false confidence in security
Business leaders simply do not understand
cybersecurity risk
7. © 2014 Global Knowledge Training LLC. All rights reserved.
Recent Breaches
8. © 2014 Global Knowledge Training LLC. All rights reserved.
Common Security Implementations
www.eppgroup.eu
9. © 2014 Global Knowledge Training LLC. All rights reserved.
Common Security Implementations
en.wikipedia.org webpage.pace.edu
10. © 2014 Global Knowledge Training LLC. All rights reserved.
Common Security Implementations
Mark Popolano, CIO of ProSight Specialty Insurance,
regarding risks vs. costs:
“If you want to spend an infinite amount of money on
security, you can … but the government does, and they’re
not 100% foolproof.” (Bree Fowler, AP)
11. © 2014 Global Knowledge Training LLC. All rights reserved.
Common Security Implementations
Is there a single standard, piece of hardware, software,
or technique that will keep your organization from being
breached?
Is there a combination of the above that will keep you
secure?
12. © 2014 Global Knowledge Training LLC. All rights reserved.
Common Security Implementations
Questions rephrased:
www.chronicle.su
13. © 2014 Global Knowledge Training LLC. All rights reserved.
Cost of a Breach
Loss of:
– Time
– Money
– Reputation
– Revenue
14. © 2014 Global Knowledge Training LLC. All rights reserved.
Cost of a Breach
15. © 2014 Global Knowledge Training LLC. All rights reserved.
Cost of a Breach
“In 2013, an annual investigative report on data security
by Verizon found 88% of the attacks initiated against
financial services companies were successful in less than
a day.” (2013 Verizon Data Breach Report – DBIR)
16. © 2014 Global Knowledge Training LLC. All rights reserved.
Cost of a Breach
“For publicly traded companies like Target and Neiman
Marcus, there is an additional obligation to disclose
material information to shareholders in a timely manner.
For any retailer, a cyberattack may drive customers away
and affect income through increased expenses for
stronger computer security, providing identity theft
protection to affected customers, and refunding of any
fraudulent charges.” (“Adding Up the Costs of Data
Breaches,” By Peter J. Henning )
17. © 2014 Global Knowledge Training LLC. All rights reserved.
Lower Risk, Reduce or Eliminate Liability,
and Protect Reputation
What can you do?
As a business leader what is your responsibility?
What constitutes due diligence when it comes to
cybersecurity?
18. © 2014 Global Knowledge Training LLC. All rights reserved.
informationsecurity.saiglobal.com
20. © 2014 Global Knowledge Training LLC. All rights reserved.
Leadership
Remember the statistic? 73% of executives believe
their security is good and nothing will happen!
This attitude trickles down to the workforce and
suddenly all become lackadaisical.
voodoogamer.wordpress.com
21. © 2014 Global Knowledge Training LLC. All rights reserved.
Risk Assessment
What is it?
What does it do?
How do you do it?
What is the goal?
22. © 2014 Global Knowledge Training LLC. All rights reserved.
Risk Assessment
innovis.cpsc.ucalgary.ca
23. © 2014 Global Knowledge Training LLC. All rights reserved.
Policy
Why?
What?
How?
www.satking.com.au
24. © 2014 Global Knowledge Training LLC. All rights reserved.
Training
Why?
How?
How often?
Who?
web.securityinnovation.com
25. © 2014 Global Knowledge Training LLC. All rights reserved.
Call to Action
Perform a risk assessment or hire someone to do it
Write and implement policies or hire someone to do it
Train the workforce and implement a program or hire
someone to do it
26. © 2014 Global Knowledge Training LLC. All rights reserved.
David Willson, Esq.
CISSP, Security +
Titan Info Security Group,
OnlineIntell, LLC, and
Azorian Cyber Security
719-648-4176
david@azoriancybersecurity.com
www.azoriancybersecurity.com
Questions?
27. © 2014 Global Knowledge Training LLC. All rights reserved.
Learn More
Recommended Global Knowledge
Courses
Cyber Security Compliance &
Mobility Course (CSCMC)
Request an On-Site Delivery
We can tailor our courses to meet
your needs
We can deliver them in a private
setting
Visit Our Knowledge Center
Assessments
Blog
Case Studies
Demos
Lab Topologies
Special Reports
Twitter
Videos
Webinars
White Papers
28. Thank You for Attending
For more information contact us at:
www.globalknowledge.com | 1-800-COURSES | am_info@globalknowledge.com