SlideShare a Scribd company logo

Why Your Company Should Have a Risk Management Program

Download as PPTX, PDF
Global Knowledge Training
Global Knowledge Training

http://tinyurl.com/gkriskmgt Does your company have a risk management program? In this hour-long webinar, cybersecurity expert and Global Knowledge instructor David Willson will explain why you should. In light of recent breaches at Target, Nieman Marcus, Michaels, Yahoo, and a growing list of others, we're learning that FBI Director Mueller was right when he said getting breached is not a matter of if, but when. While having a risk management program may not prevent a breach, it can certainly lower the risk of one, ensure compliance, and reduce or even eliminate your liability if a breach does occur, enabling you to recover quickly and to protect your reputation. Beyond explaining the importance of a risk management program, David will tell you how to implement one, including conducting a basic risk assessment, policies you'll need, and training your workforce. ABOUT THE PRESENTER: David Willson, JD, LLM, CISSP, Security+, is the owner and president of Titan Info Security Group, LLC, and a retired Army JAG. While in the Army, he advised the DoD and NSA on computer network ops law, and he was the legal advisor to what is now CYBERCOM. A published author and active speaker, David is a licensed attorney in CO, NY, and CT. He is a VP of his local ISSA chapter and a member of InfraGard.

Technology
1 of 28
Why Your Company Should Have a Risk Management Program David Willson david@azoriancybersecurity.com
© 2014 Global Knowledge Training LLC. All rights reserved. INSERT PHOTO HERE David Willson david@azoriancybersecurity.com  Retired Army JAG  Former legal advisor at NSA and CYBERCOM  Risk management and cybersecurity consultant  Licensed to practice law in NY, CT, and CO  Master’s degree in intellectual property and IT law  Speaker at security conferences worldwide
© 2014 Global Knowledge Training LLC. All rights reserved. Our Agenda  State of security – Recent breaches – The problem – Common security implementations – Cost of breach  How to lower risk, reduce or eliminate liability, and protect reputation – Leadership – Risk assessment – Policy – Training
© 2014 Global Knowledge Training LLC. All rights reserved. State of Security The Global State of Information Security® Survey 2014 shows that: “While many organisations have raised the bar on security, their adversaries are continuing to outpace them. Detected security incidents have increased—and so has the cost of breaches.” (PWC)www.secureworldexpo.com
© 2014 Global Knowledge Training LLC. All rights reserved. The Problem According to “Cyber Security Risk: Perception vs. Reality in Corporate America” (Wired, March 2014):  73% of North American execs are confident in their company’s security  Majority of survey respondents believe their orgs will perform better or the same compared to last 12 months  Most C-levels feel very optimistic about readiness  72% of survey respondents feel safe from IT threats  Nearly 60% of respondents were CIOs, CISOs, VPs, or directors
© 2014 Global Knowledge Training LLC. All rights reserved. The Problem According to “Cyber Security Risk: Perception vs. Reality in Corporate America” (Wired, March 2014):  Optimism bias leads to false confidence in security  Business leaders simply do not understand cybersecurity risk
© 2014 Global Knowledge Training LLC. All rights reserved. Recent Breaches
© 2014 Global Knowledge Training LLC. All rights reserved. Common Security Implementations www.eppgroup.eu
© 2014 Global Knowledge Training LLC. All rights reserved. Common Security Implementations en.wikipedia.org webpage.pace.edu
© 2014 Global Knowledge Training LLC. All rights reserved. Common Security Implementations Mark Popolano, CIO of ProSight Specialty Insurance, regarding risks vs. costs: “If you want to spend an infinite amount of money on security, you can … but the government does, and they’re not 100% foolproof.” (Bree Fowler, AP)
© 2014 Global Knowledge Training LLC. All rights reserved. Common Security Implementations  Is there a single standard, piece of hardware, software, or technique that will keep your organization from being breached?  Is there a combination of the above that will keep you secure?
© 2014 Global Knowledge Training LLC. All rights reserved. Common Security Implementations  Questions rephrased: www.chronicle.su
© 2014 Global Knowledge Training LLC. All rights reserved. Cost of a Breach  Loss of: – Time – Money – Reputation – Revenue
© 2014 Global Knowledge Training LLC. All rights reserved. Cost of a Breach
© 2014 Global Knowledge Training LLC. All rights reserved. Cost of a Breach “In 2013, an annual investigative report on data security by Verizon found 88% of the attacks initiated against financial services companies were successful in less than a day.” (2013 Verizon Data Breach Report – DBIR)
© 2014 Global Knowledge Training LLC. All rights reserved. Cost of a Breach “For publicly traded companies like Target and Neiman Marcus, there is an additional obligation to disclose material information to shareholders in a timely manner. For any retailer, a cyberattack may drive customers away and affect income through increased expenses for stronger computer security, providing identity theft protection to affected customers, and refunding of any fraudulent charges.” (“Adding Up the Costs of Data Breaches,” By Peter J. Henning )
© 2014 Global Knowledge Training LLC. All rights reserved. Lower Risk, Reduce or Eliminate Liability, and Protect Reputation  What can you do?  As a business leader what is your responsibility?  What constitutes due diligence when it comes to cybersecurity?
© 2014 Global Knowledge Training LLC. All rights reserved. informationsecurity.saiglobal.com
© 2014 Global Knowledge Training LLC. All rights reserved.
© 2014 Global Knowledge Training LLC. All rights reserved. Leadership  Remember the statistic? 73% of executives believe their security is good and nothing will happen!  This attitude trickles down to the workforce and suddenly all become lackadaisical. voodoogamer.wordpress.com
© 2014 Global Knowledge Training LLC. All rights reserved. Risk Assessment  What is it?  What does it do?  How do you do it?  What is the goal?
© 2014 Global Knowledge Training LLC. All rights reserved. Risk Assessment innovis.cpsc.ucalgary.ca
© 2014 Global Knowledge Training LLC. All rights reserved. Policy  Why?  What?  How? www.satking.com.au
© 2014 Global Knowledge Training LLC. All rights reserved. Training  Why?  How?  How often?  Who? web.securityinnovation.com
© 2014 Global Knowledge Training LLC. All rights reserved. Call to Action  Perform a risk assessment or hire someone to do it  Write and implement policies or hire someone to do it  Train the workforce and implement a program or hire someone to do it
© 2014 Global Knowledge Training LLC. All rights reserved. David Willson, Esq. CISSP, Security + Titan Info Security Group, OnlineIntell, LLC, and Azorian Cyber Security 719-648-4176 david@azoriancybersecurity.com www.azoriancybersecurity.com Questions?
© 2014 Global Knowledge Training LLC. All rights reserved. Learn More Recommended Global Knowledge Courses  Cyber Security Compliance & Mobility Course (CSCMC) Request an On-Site Delivery  We can tailor our courses to meet your needs  We can deliver them in a private setting Visit Our Knowledge Center  Assessments  Blog  Case Studies  Demos  Lab Topologies  Special Reports  Twitter  Videos  Webinars  White Papers
Thank You for Attending For more information contact us at: www.globalknowledge.com | 1-800-COURSES | am_info@globalknowledge.com

Recommended

Hacking back in self defense
Hacking back in self defenseHacking back in self defense
Hacking back in self defense
David Willson, Attorney, CISSP, Security +
 
Taking Advantage of Microsoft PowerShell
Taking Advantage of Microsoft PowerShell Taking Advantage of Microsoft PowerShell
Taking Advantage of Microsoft PowerShell
Global Knowledge Training
 
PAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention EverywherePAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention Everywhere
Global Knowledge Training
 
The Basics of Computer Networking
The Basics of Computer NetworkingThe Basics of Computer Networking
The Basics of Computer Networking
Global Knowledge Training
 
How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10
Global Knowledge Training
 
Accelerating with Ansible
Accelerating with AnsibleAccelerating with Ansible
Accelerating with Ansible
Global Knowledge Training
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD Workforce
Global Knowledge Training
 
How to Maximize Your Training Budget
How to Maximize Your Training BudgetHow to Maximize Your Training Budget
How to Maximize Your Training Budget
Global Knowledge Training
 

Recommended

Hacking back in self defense
Hacking back in self defenseHacking back in self defense
Hacking back in self defense
David Willson, Attorney, CISSP, Security +
 
Taking Advantage of Microsoft PowerShell
Taking Advantage of Microsoft PowerShell Taking Advantage of Microsoft PowerShell
Taking Advantage of Microsoft PowerShell
Global Knowledge Training
 
PAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention EverywherePAN-OS - Network Security/Prevention Everywhere
PAN-OS - Network Security/Prevention Everywhere
Global Knowledge Training
 
The Basics of Computer Networking
The Basics of Computer NetworkingThe Basics of Computer Networking
The Basics of Computer Networking
Global Knowledge Training
 
How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10How To Troubleshoot Group Policy in Windows 10
How To Troubleshoot Group Policy in Windows 10
Global Knowledge Training
 
Accelerating with Ansible
Accelerating with AnsibleAccelerating with Ansible
Accelerating with Ansible
Global Knowledge Training
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD Workforce
Global Knowledge Training
 
How to Maximize Your Training Budget
How to Maximize Your Training BudgetHow to Maximize Your Training Budget
How to Maximize Your Training Budget
Global Knowledge Training
 
Develop Your Skills with Unlimited Access to Red Hat Online Learning
Develop Your Skills with Unlimited Access to Red Hat Online LearningDevelop Your Skills with Unlimited Access to Red Hat Online Learning
Develop Your Skills with Unlimited Access to Red Hat Online Learning
Global Knowledge Training
 
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
Global Knowledge Training
 
What’s Next For Your Azure Certification Journey
What’s Next For Your Azure Certification JourneyWhat’s Next For Your Azure Certification Journey
What’s Next For Your Azure Certification Journey
Global Knowledge Training
 
Cisco's Intent-Based Networking and the Journey to Software Defined Networks
Cisco's Intent-Based Networking and the Journey to Software Defined NetworksCisco's Intent-Based Networking and the Journey to Software Defined Networks
Cisco's Intent-Based Networking and the Journey to Software Defined Networks
Global Knowledge Training
 
How to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity TeamHow to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity Team
Global Knowledge Training
 
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Global Knowledge Training
 
How to Build a Web Server with AWS Lambda
How to Build a Web Server with AWS LambdaHow to Build a Web Server with AWS Lambda
How to Build a Web Server with AWS Lambda
Global Knowledge Training
 
The Essence of DevOps: What it Can Mean for You and Your Organization
The Essence of DevOps: What it Can Mean for You and Your OrganizationThe Essence of DevOps: What it Can Mean for You and Your Organization
The Essence of DevOps: What it Can Mean for You and Your Organization
Global Knowledge Training
 
How to Migrate a Web App to AWS
How to Migrate a Web App to AWSHow to Migrate a Web App to AWS
How to Migrate a Web App to AWS
Global Knowledge Training
 
How to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your OrganizationHow to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your Organization
Global Knowledge Training
 
What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?
Global Knowledge Training
 
How the Channel Can Break Down the Barriers to Cloud Success
How the Channel Can Break Down the Barriers to Cloud Success How the Channel Can Break Down the Barriers to Cloud Success
How the Channel Can Break Down the Barriers to Cloud Success
Global Knowledge Training
 
How to Avoid Cloud Migration Pitfalls
How to Avoid Cloud Migration PitfallsHow to Avoid Cloud Migration Pitfalls
How to Avoid Cloud Migration Pitfalls
Global Knowledge Training
 
Tackling 5 Taboo Topics in Cybersecurity People Management
Tackling 5 Taboo Topics in Cybersecurity People ManagementTackling 5 Taboo Topics in Cybersecurity People Management
Tackling 5 Taboo Topics in Cybersecurity People Management
Global Knowledge Training
 
Using Apache Spark with IBM SPSS Modeler
Using Apache Spark with IBM SPSS ModelerUsing Apache Spark with IBM SPSS Modeler
Using Apache Spark with IBM SPSS Modeler
Global Knowledge Training
 
How the New PMP Exam and PDU Structure Impacts You
How the New PMP Exam and PDU Structure Impacts YouHow the New PMP Exam and PDU Structure Impacts You
How the New PMP Exam and PDU Structure Impacts You
Global Knowledge Training
 
The Unpleasant Truths of Modern Business Cybersecurity
The Unpleasant Truths of Modern Business CybersecurityThe Unpleasant Truths of Modern Business Cybersecurity
The Unpleasant Truths of Modern Business Cybersecurity
Global Knowledge Training
 
What's New in Windows 10
What's New in Windows 10What's New in Windows 10
What's New in Windows 10
Global Knowledge Training
 
Aligning IT and Business for Better Results
Aligning IT and Business for Better ResultsAligning IT and Business for Better Results
Aligning IT and Business for Better Results
Global Knowledge Training
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
Global Knowledge Training
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Zilliz
 

More Related Content

More from Global Knowledge Training

How to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity TeamHow to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity Team
Global Knowledge Training
 
How to Migrate a Web App to AWS
How to Migrate a Web App to AWSHow to Migrate a Web App to AWS
How to Migrate a Web App to AWS
Global Knowledge Training
 
How to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your OrganizationHow to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your Organization
Global Knowledge Training
 
How the New PMP Exam and PDU Structure Impacts You
How the New PMP Exam and PDU Structure Impacts YouHow the New PMP Exam and PDU Structure Impacts You
How the New PMP Exam and PDU Structure Impacts You
Global Knowledge Training
 
The Unpleasant Truths of Modern Business Cybersecurity
The Unpleasant Truths of Modern Business CybersecurityThe Unpleasant Truths of Modern Business Cybersecurity
The Unpleasant Truths of Modern Business Cybersecurity
Global Knowledge Training
 
What's New in Windows 10
What's New in Windows 10What's New in Windows 10
What's New in Windows 10
Global Knowledge Training
 
Aligning IT and Business for Better Results
Aligning IT and Business for Better ResultsAligning IT and Business for Better Results
Aligning IT and Business for Better Results
Global Knowledge Training
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
Global Knowledge Training
 

More from Global Knowledge Training (20)

Develop Your Skills with Unlimited Access to Red Hat Online Learning
Develop Your Skills with Unlimited Access to Red Hat Online LearningDevelop Your Skills with Unlimited Access to Red Hat Online Learning
Develop Your Skills with Unlimited Access to Red Hat Online Learning
 
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
Exploring the Upgrade from VMware vSphere: Install, Configure, Manage 6 5 to 6 7
 
What’s Next For Your Azure Certification Journey
What’s Next For Your Azure Certification JourneyWhat’s Next For Your Azure Certification Journey
What’s Next For Your Azure Certification Journey
 
Cisco's Intent-Based Networking and the Journey to Software Defined Networks
Cisco's Intent-Based Networking and the Journey to Software Defined NetworksCisco's Intent-Based Networking and the Journey to Software Defined Networks
Cisco's Intent-Based Networking and the Journey to Software Defined Networks
 
How to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity TeamHow to Build a Winning Cybersecurity Team
How to Build a Winning Cybersecurity Team
 
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
Why It’s Critical to Apply the Risk Management Framework to Your IT Moderniza...
 
How to Build a Web Server with AWS Lambda
How to Build a Web Server with AWS LambdaHow to Build a Web Server with AWS Lambda
How to Build a Web Server with AWS Lambda
 
The Essence of DevOps: What it Can Mean for You and Your Organization
The Essence of DevOps: What it Can Mean for You and Your OrganizationThe Essence of DevOps: What it Can Mean for You and Your Organization
The Essence of DevOps: What it Can Mean for You and Your Organization
 
How to Migrate a Web App to AWS
How to Migrate a Web App to AWSHow to Migrate a Web App to AWS
How to Migrate a Web App to AWS
 
How to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your OrganizationHow to Make Agile Project Management Work in Your Organization
How to Make Agile Project Management Work in Your Organization
 
What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?
 
How the Channel Can Break Down the Barriers to Cloud Success
How the Channel Can Break Down the Barriers to Cloud Success How the Channel Can Break Down the Barriers to Cloud Success
How the Channel Can Break Down the Barriers to Cloud Success
 
How to Avoid Cloud Migration Pitfalls
How to Avoid Cloud Migration PitfallsHow to Avoid Cloud Migration Pitfalls
How to Avoid Cloud Migration Pitfalls
 
Tackling 5 Taboo Topics in Cybersecurity People Management
Tackling 5 Taboo Topics in Cybersecurity People ManagementTackling 5 Taboo Topics in Cybersecurity People Management
Tackling 5 Taboo Topics in Cybersecurity People Management
 
Using Apache Spark with IBM SPSS Modeler
Using Apache Spark with IBM SPSS ModelerUsing Apache Spark with IBM SPSS Modeler
Using Apache Spark with IBM SPSS Modeler
 
How the New PMP Exam and PDU Structure Impacts You
How the New PMP Exam and PDU Structure Impacts YouHow the New PMP Exam and PDU Structure Impacts You
How the New PMP Exam and PDU Structure Impacts You
 
The Unpleasant Truths of Modern Business Cybersecurity
The Unpleasant Truths of Modern Business CybersecurityThe Unpleasant Truths of Modern Business Cybersecurity
The Unpleasant Truths of Modern Business Cybersecurity
 
What's New in Windows 10
What's New in Windows 10What's New in Windows 10
What's New in Windows 10
 
Aligning IT and Business for Better Results
Aligning IT and Business for Better ResultsAligning IT and Business for Better Results
Aligning IT and Business for Better Results
 
Building Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Recently uploaded (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 

Why Your Company Should Have a Risk Management Program

  • 1. Why Your Company Should Have a Risk Management Program David Willson david@azoriancybersecurity.com
  • 2. © 2014 Global Knowledge Training LLC. All rights reserved. INSERT PHOTO HERE David Willson david@azoriancybersecurity.com  Retired Army JAG  Former legal advisor at NSA and CYBERCOM  Risk management and cybersecurity consultant  Licensed to practice law in NY, CT, and CO  Master’s degree in intellectual property and IT law  Speaker at security conferences worldwide
  • 3. © 2014 Global Knowledge Training LLC. All rights reserved. Our Agenda  State of security – Recent breaches – The problem – Common security implementations – Cost of breach  How to lower risk, reduce or eliminate liability, and protect reputation – Leadership – Risk assessment – Policy – Training
  • 4. © 2014 Global Knowledge Training LLC. All rights reserved. State of Security The Global State of Information Security® Survey 2014 shows that: “While many organisations have raised the bar on security, their adversaries are continuing to outpace them. Detected security incidents have increased—and so has the cost of breaches.” (PWC)www.secureworldexpo.com
  • 5. © 2014 Global Knowledge Training LLC. All rights reserved. The Problem According to “Cyber Security Risk: Perception vs. Reality in Corporate America” (Wired, March 2014):  73% of North American execs are confident in their company’s security  Majority of survey respondents believe their orgs will perform better or the same compared to last 12 months  Most C-levels feel very optimistic about readiness  72% of survey respondents feel safe from IT threats  Nearly 60% of respondents were CIOs, CISOs, VPs, or directors
  • 6. © 2014 Global Knowledge Training LLC. All rights reserved. The Problem According to “Cyber Security Risk: Perception vs. Reality in Corporate America” (Wired, March 2014):  Optimism bias leads to false confidence in security  Business leaders simply do not understand cybersecurity risk
  • 7. © 2014 Global Knowledge Training LLC. All rights reserved. Recent Breaches
  • 8. © 2014 Global Knowledge Training LLC. All rights reserved. Common Security Implementations www.eppgroup.eu
  • 9. © 2014 Global Knowledge Training LLC. All rights reserved. Common Security Implementations en.wikipedia.org webpage.pace.edu
  • 10. © 2014 Global Knowledge Training LLC. All rights reserved. Common Security Implementations Mark Popolano, CIO of ProSight Specialty Insurance, regarding risks vs. costs: “If you want to spend an infinite amount of money on security, you can … but the government does, and they’re not 100% foolproof.” (Bree Fowler, AP)
  • 11. © 2014 Global Knowledge Training LLC. All rights reserved. Common Security Implementations  Is there a single standard, piece of hardware, software, or technique that will keep your organization from being breached?  Is there a combination of the above that will keep you secure?
  • 12. © 2014 Global Knowledge Training LLC. All rights reserved. Common Security Implementations  Questions rephrased: www.chronicle.su
  • 13. © 2014 Global Knowledge Training LLC. All rights reserved. Cost of a Breach  Loss of: – Time – Money – Reputation – Revenue
  • 14. © 2014 Global Knowledge Training LLC. All rights reserved. Cost of a Breach
  • 15. © 2014 Global Knowledge Training LLC. All rights reserved. Cost of a Breach “In 2013, an annual investigative report on data security by Verizon found 88% of the attacks initiated against financial services companies were successful in less than a day.” (2013 Verizon Data Breach Report – DBIR)
  • 16. © 2014 Global Knowledge Training LLC. All rights reserved. Cost of a Breach “For publicly traded companies like Target and Neiman Marcus, there is an additional obligation to disclose material information to shareholders in a timely manner. For any retailer, a cyberattack may drive customers away and affect income through increased expenses for stronger computer security, providing identity theft protection to affected customers, and refunding of any fraudulent charges.” (“Adding Up the Costs of Data Breaches,” By Peter J. Henning )
  • 17. © 2014 Global Knowledge Training LLC. All rights reserved. Lower Risk, Reduce or Eliminate Liability, and Protect Reputation  What can you do?  As a business leader what is your responsibility?  What constitutes due diligence when it comes to cybersecurity?
  • 18. © 2014 Global Knowledge Training LLC. All rights reserved. informationsecurity.saiglobal.com
  • 19. © 2014 Global Knowledge Training LLC. All rights reserved.
  • 20. © 2014 Global Knowledge Training LLC. All rights reserved. Leadership  Remember the statistic? 73% of executives believe their security is good and nothing will happen!  This attitude trickles down to the workforce and suddenly all become lackadaisical. voodoogamer.wordpress.com
  • 21. © 2014 Global Knowledge Training LLC. All rights reserved. Risk Assessment  What is it?  What does it do?  How do you do it?  What is the goal?
  • 22. © 2014 Global Knowledge Training LLC. All rights reserved. Risk Assessment innovis.cpsc.ucalgary.ca
  • 23. © 2014 Global Knowledge Training LLC. All rights reserved. Policy  Why?  What?  How? www.satking.com.au
  • 24. © 2014 Global Knowledge Training LLC. All rights reserved. Training  Why?  How?  How often?  Who? web.securityinnovation.com
  • 25. © 2014 Global Knowledge Training LLC. All rights reserved. Call to Action  Perform a risk assessment or hire someone to do it  Write and implement policies or hire someone to do it  Train the workforce and implement a program or hire someone to do it
  • 26. © 2014 Global Knowledge Training LLC. All rights reserved. David Willson, Esq. CISSP, Security + Titan Info Security Group, OnlineIntell, LLC, and Azorian Cyber Security 719-648-4176 david@azoriancybersecurity.com www.azoriancybersecurity.com Questions?
  • 27. © 2014 Global Knowledge Training LLC. All rights reserved. Learn More Recommended Global Knowledge Courses  Cyber Security Compliance & Mobility Course (CSCMC) Request an On-Site Delivery  We can tailor our courses to meet your needs  We can deliver them in a private setting Visit Our Knowledge Center  Assessments  Blog  Case Studies  Demos  Lab Topologies  Special Reports  Twitter  Videos  Webinars  White Papers
  • 28. Thank You for Attending For more information contact us at: www.globalknowledge.com | 1-800-COURSES | am_info@globalknowledge.com