The document provides guidance for boards of directors on cybersecurity oversight. It outlines 5 key tenets:
1) Cybersecurity is a risk management issue, not technological. Boards must regularly assess security posture.
2) Metrics should demonstrate impact of attacks to make cybersecurity tangible. Chief Information Security/Risk Officers should brief boards.
3) Boards must understand legal aspects of data regulations given breach consequences.
4) Boards must identify acceptable cyber risk levels as with other business risks.
5) Boards should adopt a framework like NIST to structure defenses and benchmark performance.
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
This paper discusses the emerging issue of Board of Directors Governance and Cybersecurity. Originally presented to the Boards of Directors of the IRC http://www.isorto.org/Pages/Home in May 2014. The paper is in a continuous improvement mode ultimately targeting being a resource for Boards of Directors in the energy (electricity and natural gas) industry. Suggested updates and improvements are welcome at PaulFeldman@Gmail.com The current copy is always at http://www.EnergyCollection.us/456.pdf
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
In response to the rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect their business. However, most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams.
It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy.
Acknowledging this responsibility on the part of information security personnel, Tripwire has asked a number of prominent experts in the field how security teams can improve their executives’ cyber security literacy.
Estudio de Russell Reynolds Associates sobre ciberseguridad que explora la importancia de la relación entre el Chief Information Security Officer y el Consejo de Administración.
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
The New York State Department of Financial Services has been closely monitoring this ever-growing threat and has proposed regulations that would require financial services companies to adopt a cybersecurity program to protect their customers, employees, data and operations. Its proposed changes are expected to take effect on March 1, 2017. Financial services companies would have until Feb. 15, 2018, to submit a certificate of compliance with the program. Components of New York's proposed cybersecurity program are outlined in this article.
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
This paper discusses the emerging issue of Board of Directors Governance and Cybersecurity. Originally presented to the Boards of Directors of the IRC http://www.isorto.org/Pages/Home in May 2014. The paper is in a continuous improvement mode ultimately targeting being a resource for Boards of Directors in the energy (electricity and natural gas) industry. Suggested updates and improvements are welcome at PaulFeldman@Gmail.com The current copy is always at http://www.EnergyCollection.us/456.pdf
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
In response to the rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect their business. However, most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams.
It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy.
Acknowledging this responsibility on the part of information security personnel, Tripwire has asked a number of prominent experts in the field how security teams can improve their executives’ cyber security literacy.
Estudio de Russell Reynolds Associates sobre ciberseguridad que explora la importancia de la relación entre el Chief Information Security Officer y el Consejo de Administración.
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
The New York State Department of Financial Services has been closely monitoring this ever-growing threat and has proposed regulations that would require financial services companies to adopt a cybersecurity program to protect their customers, employees, data and operations. Its proposed changes are expected to take effect on March 1, 2017. Financial services companies would have until Feb. 15, 2018, to submit a certificate of compliance with the program. Components of New York's proposed cybersecurity program are outlined in this article.
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
Sans 20 CSC: Connecting Security to the Business MissionTripwire
You know the old break-up line, “it’s not you, it’s me….”? As a CISO, what if when you get your few minutes to discuss security with the C-suite, board of directors or mission leadership, it really turns out to be you not them who failed in the communication?
Lack of success in communicating with your C-suite could lead to a breakup sooner or later. I’ve had hundreds of conversations with and about CISOs communicating – - on topics ranging from security breach information, status, performance metrics, risk, visualizations, or overall security posture with their executive leadership.
And largely, it turns out to be no surprise that communicating security information is incredibly difficult, especially with non-technical, disinterested, or time-constrained C-suite executives.
Success with SANS
The initial UMASS Security Program was based on the ISO/IEC 27002 controls framework, then starting in 2011, the SANS 20 CSC were added. Today’s program includes both. The ISO controls focus on program management, compliance and process from an IT auditor’s perspective, while the SANS controls focus on technology means they are better aligned with IT operations.
Prior to 2011, Wilson was having difficulty communicating with executive management (CIOs and others) – it was difficult to translate the purchase and implementation issues surrounding firewalls, anti-virus, and vulnerability scanning into easily familiar business terms and concepts relevant to management and process.
However, when he ditched trying to explain the ISO/IEC 27002 security controls framework in favor of using the SANS 20 CSC, he was able to communicate much more effectively with his C-suite for the first time in a way they could absorb and support.
In addition, he and his team have been able to map out a measurable and actionable security program based on SANS that he regularly succeeds in communicating to his executive team.
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
Designed for bankers, this cybersecurity policy presentation given via partnership with the BSG Financial Group explains where the industry should pay attention and what is next. It was presented on Jan. 24, 2017.
The cyber security job is everyone's business including the Board of Directors, even without a cyber security degree. Recent cyber security news proves that. According to several studies, Boards are getting it wrong and are leaving cyber awareness and risk management in the hands of the CEO, CISO, CTOs and cyber security companies. In a sense they are abdicating their responsibility to the shareholders. This slideshare proposes 7 questions every board should be asking their company executives abour IT security. They're not necessarily all encompassing and don't take the place of real cybersecurity training, but will drive the discussion to better and more complete understanding of strategic risk. Questions cover the basics of cyber security training, cyber policies, who briefs and when at board meetings. Thanks.
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
Protecting enterprise systems against cyber threats is a strategic priority, yet only 42% of executives are confident they could recover without impacting their business from a cyber event. Find out the hidden risks of shadow IT, cloud and cyber insurance.
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Puneet Kukreja
Insider threat seems to be one of the biggest risks for organisations looking to protect their data assets. Enterprises spend large proportion of their budget to secure and protect their most critical assets from exfiltration and leakage. However, it's not all about nation state and espionage, it's about identifying potential insider threat scenarios, understanding the organisation’s critical assets and the controls to protect them.
With the recent spate of data breaches originating from trusted insiders, how do enterprises ensure their data assets are safe from insider threat and appropriate controls are in place?
What models have been implemented to identify potential insider threat scenarios?
Which critical data assets must be safeguarded?
What combination of technologies are required to protect against insider threat?
Is there a psychology element?
The session seeks to answer these questions by sharing experience from two use cases; one which approached the problem from a technical perspective, and the other using consolidation of existing technology data sets.
Cyber-risk Oversight Handbook for Corporate BoardsCheffley White
Cyber-risk oversight handbook for corporate boards that includes good practices and lessons learned to improve #cybersecurity in companies
Download here
ESP https://www.oas.org/ManualRiesgoCiberESP …
ENG https://www.oas.org/CyberRiskManualENG …
POR https://www.oas.org/ManualRiscoCiberPOR …
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
Executive Summary of the 2016 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2016. The full report can be downloaded at: scalar.ca/security-study-2016/
The results of this year’s Internal Audit Capabilities and Needs Survey show that, not surprisingly, cybersecurity represents a major focus for internal audit programs, but it is far from the only pressing issue on internal audit’s plate
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...Proofpoint
Ponemon 2020 Cost Report for Insider Threats: Key Takeaways and Trends How much could Insider Threats cost your company annually? $11.45M, according to a new report from the Ponemon Institute, up from $8.76M in 2018. Ponemon’s 2020 Cost of Insider Threats Report surveyed hundreds of IT security professionals across North America, EMEA, and APAC, covering multi-year trends that prove the significance of this rapidly growing threat type. Join Larry Ponemon, Chairman and Founder of the Ponemon Institute, and Josh Epstein, CMO at ObserveIT a Proofpoint company, in a webinar to break down the key findings of the 2020 report. We will cover: ● What kinds of Insider Threats cost organizations the most ● How investigations are driving up the cost-per-incident for companies ● Which organizations, industries, and regions are being targeted the most ● How companies can potentially save millions by using a dedicated Insider Threat management approach.
Here are my slides on "Board and Cyber Security" that I presented at the Just People Information Security breakfast this morning. Thanks Adam for arranging the session and those who attended.
Apparently, bank directors are a very worried bunch. Nearly 20 members of Bank Director’s membership program responded to the question posed in last month’s newsletter: “What worries you most about the future?”
Sans 20 CSC: Connecting Security to the Business MissionTripwire
You know the old break-up line, “it’s not you, it’s me….”? As a CISO, what if when you get your few minutes to discuss security with the C-suite, board of directors or mission leadership, it really turns out to be you not them who failed in the communication?
Lack of success in communicating with your C-suite could lead to a breakup sooner or later. I’ve had hundreds of conversations with and about CISOs communicating – - on topics ranging from security breach information, status, performance metrics, risk, visualizations, or overall security posture with their executive leadership.
And largely, it turns out to be no surprise that communicating security information is incredibly difficult, especially with non-technical, disinterested, or time-constrained C-suite executives.
Success with SANS
The initial UMASS Security Program was based on the ISO/IEC 27002 controls framework, then starting in 2011, the SANS 20 CSC were added. Today’s program includes both. The ISO controls focus on program management, compliance and process from an IT auditor’s perspective, while the SANS controls focus on technology means they are better aligned with IT operations.
Prior to 2011, Wilson was having difficulty communicating with executive management (CIOs and others) – it was difficult to translate the purchase and implementation issues surrounding firewalls, anti-virus, and vulnerability scanning into easily familiar business terms and concepts relevant to management and process.
However, when he ditched trying to explain the ISO/IEC 27002 security controls framework in favor of using the SANS 20 CSC, he was able to communicate much more effectively with his C-suite for the first time in a way they could absorb and support.
In addition, he and his team have been able to map out a measurable and actionable security program based on SANS that he regularly succeeds in communicating to his executive team.
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
Designed for bankers, this cybersecurity policy presentation given via partnership with the BSG Financial Group explains where the industry should pay attention and what is next. It was presented on Jan. 24, 2017.
The cyber security job is everyone's business including the Board of Directors, even without a cyber security degree. Recent cyber security news proves that. According to several studies, Boards are getting it wrong and are leaving cyber awareness and risk management in the hands of the CEO, CISO, CTOs and cyber security companies. In a sense they are abdicating their responsibility to the shareholders. This slideshare proposes 7 questions every board should be asking their company executives abour IT security. They're not necessarily all encompassing and don't take the place of real cybersecurity training, but will drive the discussion to better and more complete understanding of strategic risk. Questions cover the basics of cyber security training, cyber policies, who briefs and when at board meetings. Thanks.
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
Protecting enterprise systems against cyber threats is a strategic priority, yet only 42% of executives are confident they could recover without impacting their business from a cyber event. Find out the hidden risks of shadow IT, cloud and cyber insurance.
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...Puneet Kukreja
Insider threat seems to be one of the biggest risks for organisations looking to protect their data assets. Enterprises spend large proportion of their budget to secure and protect their most critical assets from exfiltration and leakage. However, it's not all about nation state and espionage, it's about identifying potential insider threat scenarios, understanding the organisation’s critical assets and the controls to protect them.
With the recent spate of data breaches originating from trusted insiders, how do enterprises ensure their data assets are safe from insider threat and appropriate controls are in place?
What models have been implemented to identify potential insider threat scenarios?
Which critical data assets must be safeguarded?
What combination of technologies are required to protect against insider threat?
Is there a psychology element?
The session seeks to answer these questions by sharing experience from two use cases; one which approached the problem from a technical perspective, and the other using consolidation of existing technology data sets.
Cyber-risk Oversight Handbook for Corporate BoardsCheffley White
Cyber-risk oversight handbook for corporate boards that includes good practices and lessons learned to improve #cybersecurity in companies
Download here
ESP https://www.oas.org/ManualRiesgoCiberESP …
ENG https://www.oas.org/CyberRiskManualENG …
POR https://www.oas.org/ManualRiscoCiberPOR …
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
Executive Summary of the 2016 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2016. The full report can be downloaded at: scalar.ca/security-study-2016/
The results of this year’s Internal Audit Capabilities and Needs Survey show that, not surprisingly, cybersecurity represents a major focus for internal audit programs, but it is far from the only pressing issue on internal audit’s plate
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...Proofpoint
Ponemon 2020 Cost Report for Insider Threats: Key Takeaways and Trends How much could Insider Threats cost your company annually? $11.45M, according to a new report from the Ponemon Institute, up from $8.76M in 2018. Ponemon’s 2020 Cost of Insider Threats Report surveyed hundreds of IT security professionals across North America, EMEA, and APAC, covering multi-year trends that prove the significance of this rapidly growing threat type. Join Larry Ponemon, Chairman and Founder of the Ponemon Institute, and Josh Epstein, CMO at ObserveIT a Proofpoint company, in a webinar to break down the key findings of the 2020 report. We will cover: ● What kinds of Insider Threats cost organizations the most ● How investigations are driving up the cost-per-incident for companies ● Which organizations, industries, and regions are being targeted the most ● How companies can potentially save millions by using a dedicated Insider Threat management approach.
Here are my slides on "Board and Cyber Security" that I presented at the Just People Information Security breakfast this morning. Thanks Adam for arranging the session and those who attended.
Apparently, bank directors are a very worried bunch. Nearly 20 members of Bank Director’s membership program responded to the question posed in last month’s newsletter: “What worries you most about the future?”
Cyber risk tips for boards and executive teamsWynyard Group
Craig Richardson, CEO of crime fighting software company Wynyard Group shares his recommendations for boards and executives on addressing cyber risks for their organisations.
Discussion that was held at RSA on the five steps CISO's can use to assess their enterprise security program and architect one that meets the organizations objectives and reduces its exposure to risk.
Most boards of directors don't have someone that understands cyber security issues. As a consequence, they can't provide the proper oversight over the companies they are responsible for. This presentation will cover the issues boards of directors need to understand, what questions board members need to ask and how to communicate with them.
(Consulting) Couch to CISO: A Security Leader's First 100 Days and BeyondPhilip Beyer
:: History ::
Security BSides DFW 2011 - November 5, 2011 (Philip J Beyer) - http://lanyrd.com/skymy
:: Summary ::
I will present details of how I transitioned from security consultant to program leader from vision to practice and planning for the future.
:: Abstract ::
If you want to go from a sedentary life to running a marathon, you have to have a plan. If you want to go from a consulting life to owning a security program, you also have to have a plan. Much like a 'Couch to 5K' running program, that plan will require vision, persistent effort, and a clear set of goals. I'll share my plan, what has worked so far and what didn't, and how you can design your own.
Mitigating Security Risks in Vendor Agreements
Providers of software, software-as-a-service, managed services, and professional services have varying degrees of sophistication in addressing security in their form contracts. Learn from an experienced technology attorney how to understand key clauses, or discover when they are missing, to ensure that the company's vendors are compliant with the appropriate security measures before signing the deal.
Brian Kirkpatrick is the founding shareholder of Kirkpatrick Law PC and a business attorney with a technology focus. He also serves as Of Counsel to Mullin Law PC for matters involving technology and information security.
His practice revolves around clients needing assistance in technology transactions, data privacy, cyber security, software compliance and audits, and general counsel related to business matters. Brian was voted 2015 Top Technology Attorney in Tarrant County by his peers as published in Fort Worth Texas Magazine.
Brian has published numerous articles and lectured nationally on legal topics such as software as a service, software licensing, contract negotiation, cyber security and legal considerations when starting a business. He is also featured in radio news interviews, as a conference panelist, a featured speaker, and is featured in an instructional video series about conducting negotiations. Before entering the legal profession, Brian was a Vice President commercial banker.
Brian is a graduate of Texas A&M University School of Law where he was inducted into the National Order of Barristers. He also has a Masters of Arts in Applied Economics from Southern Methodist University and a Bachelors of Science in Economics from Texas A&M University - Commerce where he was inducted into the Omicron Delta Epsilon International Economics Honor Society.
A Day in the Life of a CISO
The intent of this presentation is to present the diverse nature of being a CISO today within the context of a public, regulated and targeted organization. The content is to both inspire and warn those whose career choices may include the CISO destination.
Mark Nagiel SVP/CISO, PrimeLending (4th. largest mortgage company in the US)
Director, Information Security (MetroPCS/T-Mobile)
VP, Technology/VP Information Security (InCharge Institute - Financial Services)
Co-Founder, Network Audit Systems, Inc. (Acquired by Armor Holdings (NYSE company)
InfoSec Chief (Niagara Mohawk Power Corp.)
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
Global regulations are driving the needs for businesses in all sectors to have cybersecurity programs that are designed to fit the organizations risk profile. At the same time, there is a lack of clarity on how much one should spend on managing these risks and the sophistication and number of risk mitigants that are required to manage these risks.
Company executives and board of directors are held personally liable for having the appropriate oversight and management of these controls and are looking for their CISO and CIROs to provide them assurance that these controls are in place and operating effectively. An attempt to balance the requirements and the expectations is a delicate balance. This presentation will look at the regulatory landscape and how this landscape is affecting client, executive, and board-level expectations for cybersecurity risk management. It will also provide some recommendations on how to approach the development of a cybersecurity risk management program.
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Tripwire
Boards of Directors have an inescapable legal responsibility to protect their organisation’s assets and shareholder value against risks. Where does cybersecurity fit in the agenda? Many boards lack the knowledge, awareness and confidence to connect security to the business.
In this webcast, moderator Paul Edon, Director of Customer Services at Tripwire, will provide a variety of perspectives from experienced professionals in the industry — including Amar Singh UK CISO for Elsevier, Ray Stanton EVP Professional Services at BT and Advisory Board Member of ISF, and Gary Cheetham, CISO at NFU Mutual.
A review of the current and future trends in cyber-security, how the law may treat a breach of cyber-security and what you can do to minimise your exposure.
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, at the January 27, 2017 meeting of (ISC)² Dallas Fort Worth Chapter.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
An accountant is a valuable asset to any organization. He or she is a professional who performs accounting functions. Accounting is not only confined to tax and financial matters as per what people generally think.
What is Cyber Security
What is Cyber Threat and Threat Landscape
Is Cybersecurity an IT Problem? It’s a human Problem
Role of a CFO
Well accepted Cybersecurity Frameworks and common Themes
SOC (Service Organization Control) and SOC for Cybersecurity
Recommended risk mitigation strategies for the weakest links of the Cybersecurity chain
Key Takeaways
Best Practices
Russell Reynolds Associates aborda cinco cuestiones de liderazgo en materia de ciberseguridad que los Consejos de Administración y los ejecutivos deben preguntarse. Estas cuestiones abarcan diversos aspectos, desde el nivel de preparación del Consejo hasta la gestión del talento para proteger el negocio de una forma integral.
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
This report from the Security for Business Innovation Council (SBIC), sponsored by RSA, contends that keeping pace with cyber threats requires an overhaul of information-security processes and provides actionable guidance for change.
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
PART II – Cyber Security: the mitigation strategies – how to identify, assess and mitigate cyber risks
The Risk Manager must be responsible, as for others risks, for the quantification aspect of cyber security. It is a necessary step towards understanding and managing the exposure of the company. He/she should act as a facilitator between the Board and the operational department (IT, Finance, Legal and other functions).
A key subject to unlock the cyber insurance development and to support the economic growth the Digital world is bringing to Europe.
The presentation defines cyber security, its importance, presents a Framework to address the threats. The framework consists of core, profile and tiers
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
For Corporate Boards, a Cyber Security Top 10David X Martin
Corporate boards of directors have a fiduciary duty to understand and oversee cyber security. For most effective oversight, boards should approach cyber security from a good management-practices perspective rather than a technical perspective.
Transforming Information Security: Designing a State-of-the-Art Extended TeamEMC
This paper from the Security for Business Innovation Council (SBIC), sponsored by RSA, can help your organization build a state-of-the-art extended security team through seven actionable recommendations.
Risk management is one of the main concepts that have been used by most of the organisations to protect their assets and data. One such example would be INSURANCE. Most of the insurance like Life, Health, and Auto etc have been formulated to help people protect their assets against losses. Risk management has also extended its roots to physical devices, such as locks and doors to protect homes and automobiles, password protected vaults to protect money and jewels, police, fire, security to protect against other physical risks. Dr. C. Umarani | Shriniketh D "Risk Management" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd37916.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/37916/risk-management/dr-c-umarani
Current enterprise information security measures continue to fail us. Why is ...Livingstone Advisory
Conventional information security measures continue to fail our businesses in today’s rapidly changing world of cyber-risk. Adverse cyber-events manifest themselves as the usual suspects including data breaches, information theft, ransom- and malware, viruses, payment card fraud, DDOS attacks or physical loss – to name but a few.
Problem is, the tally of adverse events keeps mounting up. While headline adverse cyber incidents are now reported in the media with regularity, this represents the tip of the cyber-risk iceberg. Most known events are either unreported or hidden from public disclosure. Not helping, is the industry analysis suggesting that, on average, nearly half of all adverse cyber-risk events impacting organisations are self-inflicted and avoidable. No industry is untouched.
Delivered at the CIO Summit in Melbourne, Australia in November 2016, in this presentation, Rob offers valuable strategic insights into the problem and why it continues to be a problem.
He outlines some practical steps that will be helpful for CIOs and CISOs in reshaping their own organisation’s approach in building a more effective and resilient information security capability.
The Significance of IT Security Management & Risk AssessmentBradley Susser
The Significance of IT Security Management & Risk Assessment
An overview of IT Security Management, which is comprised of standards, policies, plans, and procedures as well as risk assessment and the various techniques and approaches to minimize an organization’s financial impact due to the exploitation of numerous organizational assets.
Fundamentos necessários para que os usuários iniciem o processo de cotação usando a plataforma Salesforce. Ele levará mais de uma hora para ser concluído e permitirá que os usuários comecem a executar o CPQ aprendendo métodos de precificação, modelo de dados de objeto do CPQ, configuração técnica de descontos, documentos de saída.
The Salesforce Automation Landscape
The Salesforce Automation Landscape
Declarative Tolls points and clicks admins
Coding tools Salesforce Gods
For Developers it is very important understand
the tools available and know when they should be applied.
Declarative tool set – Workflowrules, same object updates
Email notifications, limited applications.
Process Builder – Related object updates
Create a records, no unrelated objects
Bulk issues everywhere
Visual flow unrelated object updates variables and loops.
Same learning curve as code, but without the benefits.
A high-level overview of the key features and benefits of Workflow and Approval process automation in Enterprise Edition. Your sales force operates more efficiently with standardized internal procedures and automated business processes. Many of the tasks you normally assign, the emails you regularly send, and other record updates are part of an organization's standard processes. Instead of doing this work manually, you can configure workflow and approvals to do it automatically.
Begin by designing workflow rules and approval processes, and associating them with actions such as email alerts, tasks, field updates, or outbound messages.
Migrating
your
existing applications and IT assets to the Amazon Web Services
(AWS)
Cloud
presents
an opportunity to transform the way your organization
does
business.
It can help
you
lower costs, become more agile, develop new
skills
more quickly
, and deliver reliable, globally available services to your
customers.
Our goal is to help you to
implement
your cloud strategy
successfully.
The Building Blocks of QuestDB, a Time Series Databasejavier ramirez
Talk Delivered at Valencia Codes Meetup 2024-06.
Traditionally, databases have treated timestamps just as another data type. However, when performing real-time analytics, timestamps should be first class citizens and we need rich time semantics to get the most out of our data. We also need to deal with ever growing datasets while keeping performant, which is as fun as it sounds.
It is no wonder time-series databases are now more popular than ever before. Join me in this session to learn about the internal architecture and building blocks of QuestDB, an open source time-series database designed for speed. We will also review a history of some of the changes we have gone over the past two years to deal with late and unordered data, non-blocking writes, read-replicas, or faster batch ingestion.
Techniques to optimize the pagerank algorithm usually fall in two categories. One is to try reducing the work per iteration, and the other is to try reducing the number of iterations. These goals are often at odds with one another. Skipping computation on vertices which have already converged has the potential to save iteration time. Skipping in-identical vertices, with the same in-links, helps reduce duplicate computations and thus could help reduce iteration time. Road networks often have chains which can be short-circuited before pagerank computation to improve performance. Final ranks of chain nodes can be easily calculated. This could reduce both the iteration time, and the number of iterations. If a graph has no dangling nodes, pagerank of each strongly connected component can be computed in topological order. This could help reduce the iteration time, no. of iterations, and also enable multi-iteration concurrency in pagerank computation. The combination of all of the above methods is the STICD algorithm. [sticd] For dynamic graphs, unchanged components whose ranks are unaffected can be skipped altogether.
Adjusting OpenMP PageRank : SHORT REPORT / NOTESSubhajit Sahu
For massive graphs that fit in RAM, but not in GPU memory, it is possible to take
advantage of a shared memory system with multiple CPUs, each with multiple cores, to
accelerate pagerank computation. If the NUMA architecture of the system is properly taken
into account with good vertex partitioning, the speedup can be significant. To take steps in
this direction, experiments are conducted to implement pagerank in OpenMP using two
different approaches, uniform and hybrid. The uniform approach runs all primitives required
for pagerank in OpenMP mode (with multiple threads). On the other hand, the hybrid
approach runs certain primitives in sequential mode (i.e., sumAt, multiply).
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...pchutichetpong
M Capital Group (“MCG”) expects to see demand and the changing evolution of supply, facilitated through institutional investment rotation out of offices and into work from home (“WFH”), while the ever-expanding need for data storage as global internet usage expands, with experts predicting 5.3 billion users by 2023. These market factors will be underpinned by technological changes, such as progressing cloud services and edge sites, allowing the industry to see strong expected annual growth of 13% over the next 4 years.
Whilst competitive headwinds remain, represented through the recent second bankruptcy filing of Sungard, which blames “COVID-19 and other macroeconomic trends including delayed customer spending decisions, insourcing and reductions in IT spending, energy inflation and reduction in demand for certain services”, the industry has seen key adjustments, where MCG believes that engineering cost management and technological innovation will be paramount to success.
MCG reports that the more favorable market conditions expected over the next few years, helped by the winding down of pandemic restrictions and a hybrid working environment will be driving market momentum forward. The continuous injection of capital by alternative investment firms, as well as the growing infrastructural investment from cloud service providers and social media companies, whose revenues are expected to grow over 3.6x larger by value in 2026, will likely help propel center provision and innovation. These factors paint a promising picture for the industry players that offset rising input costs and adapt to new technologies.
According to M Capital Group: “Specifically, the long-term cost-saving opportunities available from the rise of remote managing will likely aid value growth for the industry. Through margin optimization and further availability of capital for reinvestment, strong players will maintain their competitive foothold, while weaker players exit the market to balance supply and demand.”
Adjusting primitives for graph : SHORT REPORT / NOTESSubhajit Sahu
Graph algorithms, like PageRank Compressed Sparse Row (CSR) is an adjacency-list based graph representation that is
Multiply with different modes (map)
1. Performance of sequential execution based vs OpenMP based vector multiply.
2. Comparing various launch configs for CUDA based vector multiply.
Sum with different storage types (reduce)
1. Performance of vector element sum using float vs bfloat16 as the storage type.
Sum with different modes (reduce)
1. Performance of sequential execution based vs OpenMP based vector element sum.
2. Performance of memcpy vs in-place based CUDA based vector element sum.
3. Comparing various launch configs for CUDA based vector element sum (memcpy).
4. Comparing various launch configs for CUDA based vector element sum (in-place).
Sum with in-place strategies of CUDA mode (reduce)
1. Comparing various launch configs for CUDA based vector element sum (in-place).
06-04-2024 - NYC Tech Week - Discussion on Vector Databases, Unstructured Data and AI
Round table discussion of vector databases, unstructured data, ai, big data, real-time, robots and Milvus.
A lively discussion with NJ Gen AI Meetup Lead, Prasad and Procure.FYI's Co-Found
1. cybersecurity and data
theft prevention:
What Every Board of
Directors Should Know
about Managing
Risk in their
Organization
2. a high level primer for every member of the board
Scope of this Document
The primary responsibility of any board of directors is to secure the future of the organization(s) they oversee. To do
so, board members need consistent access to information on circumstances and risks that could affect the future of the
organization. Cybersecurity is a prime example of information that directly affects the wealth and future prospects of an
organization but has heretofore not been subject to board level review and oversight.
However, in the wake of the devastating number of high-profile cyber-incidents and their significant financial and legal
ramifications, cybersecurity is no longer a topic that can be left solely to the IT department. It is now essential that the
board ask strategic and thoughtful questions on how well the organization they oversee is prepared to face the new
world of high-risk data breaches and realize continued success in these tumultuous times.
This document provides a non-technical overview on cybersecurity and provides recommendations for the topics that
every board member should consider.
Legal Notice
Please note that this document represents the views and interpretations of the authors and editors, acting on behalf
of Raytheon|Websense, unless stated otherwise. This publication should not be construed as legal advice from
Raytheon|Websense. Third-party sources are quoted as appropriate. Raytheon|Websense is not responsible for the
content of the external sources, including external websites referenced in this document. This document is intended for
information purposes only. Reproduction is authorized provided the source is acknowledged.
3. a high level primer for every member of the board
Table of Contents
Executive Summary 4
Cybersecurity Becomes a Top-Tier Issue
Five Tenets of Cybersecurity Oversight for the Board of Directors
Key Areas of Inquiry for the Board
Key Tenets for the Board 6
Tenet 1: Cybersecurity is a risk management issue, not a technological one.
Tenet 2: Provide meaning behind the metrics – make cybersecurity real to the board.
Tenet 3: Board members must understand the legal aspects of cybersecurity regulations.
Tenet 4: Board members must identify acceptable cyber risk levels in business operations.
Tenet 5: Board of Directors must adopt a well-defined cyber risk management framework.
Key Areas of Inquiry for the Board 11
1. The organization’s critical data.
2. Current risks to that data.
3. Key performance indicators of the security posture.
4. Data breach protocol for mitigation, remediation and public relations.
5. Procedures for upgrading the security posture and training personnel.
Conclusion 12
Recommended Readings & References 13
4. a high level primer for every member of the board
Executive Summary
Cybersecurity Becomes a Top-Tier Issue
2014 saw some of the biggest organizations in the world became victims of costly cyber-attacks and data theft
incidents. These high profile events ushered in a new era for all organizations in which cyber-attacks are now a part of
doing business. As a result, cybersecurity has become a top-tier issue for all boards of directors. It is, however, a complex
and fluid discipline that is beyond most directors’ area of expertise. This document will guide directors in their approach
and assessment of the cybersecurity posture and processes of the organization(s) they oversee.
Five Tenets of Cybersecurity Oversight for the Board of Directors
Raytheon|Websense identifies five tenets that provide directors the foundation to accomplish the formidable-but
necessary task of cybersecurity oversight at the board level:
Tenet 1: Cybersecurity is a risk management issue, not a technological one.
The board of directors must demand a regular health check and risk assessment of the organization’s security posture.
Tenet 2: Provide meaning behind the metrics – make cybersecurity real to the board.
The board must be briefed by the Chief Information Security or Chief Risk Officer at every meeting. These roles should
report directly to the board.
Tenet 3: Board members must understand the legal aspects of cybersecurity regulations.
A data breach exposes organizations to the risk of civil and criminal disciplinary actions and fines by regulatory bodies,
class action suits from customers and shareholders as well as legal actions by affected partners.
Tenet 4: Board members must identify acceptable risk levels in business operations.
Business judgment applies to cybersecurity as a part of business operations. Boards must quantify and manage
cybersecurity risk as they do in other business categories.
Tenet 5: Board members must adopt a well-defined risk management framework.
The Framework is a risk-based compilation of guidelines designed to help assess current capabilities and the creation of
a prioritized plan for improving cybersecurity practices.
// 04
5. a high level primer for every member of the board
Key Areas of Inquiry for the Board
For effective oversight, directors will need to Identify:
1. The organization’s critical data.
2. Current risks to that data.
3. Key performance indicators of the security posture.
4. Data breach protocol for mitigation, remediation and public relations.
5. Procedures for upgrading the security posture and training personnel.
// 05
6. a high level primer for every member of the board
Key Tenets for the Board
With 22,000 customers worldwide, Raytheon|Websense has an established track record developed over more
than twenty years of experience as a leading cybersecurity provider. During this significant period of time,
Raytheon|Websense has developed a series of cybersecurity tenets which can serve as the strategic foundation for a
board of directors’ approach to understanding the tools and processes of an effective cybersecurity posture.
Tenet 1: Cybersecurity is a risk management issue, not a technological one.
Sophisticated organizations look at cybersecurity through the prism of risk management. At the board level, business
risks are categorized into one or more of the following:
• Business disruption risk.
• Reputational risk.
• Legal risk.
• Regulatory and compliance risk.
Cybersecurity risk will fall under one or more of these categories, depending upon the organization’s business model and
sensitivity to various types of risk.
The board of directors must receive and review an update and business risk assessment of the organization’s security
posture at every board meeting. The board will need to prioritize the elements of every cybersecurity risk assessment
as each applies to its respective business risk. By asking the questions below, boards can ensure they have a proper
understanding and context of cyber risks to the organization:
1. Have we identified the value of the organization’s most critical information assets?
• What information makes the organization competitive?
• What percentage of the overall information assets does this represent, where is it stored, used and shared?
2. Have we received a detailed summary on the security incidents that have occurred (including those attacks that
were successfully thwarted)?
• What intelligence can be gained from these threats and attacks?
• How can that intelligence be most effectively applied for incidence remediation and prevention of
future attacks?
Cybersecurity and Data Theft
Prevention: What Every Board of
Directors Should Know about
Managing Risk in their Organization
// 06
7. a high level primer for every member of the board
3. What assurances do you have that employees, suppliers, partners, overseas subsidiaries, cloud providers etc., can
be trusted with the organization’s most critical information assets?
• What controls are in place to militate against anticipated risks and how well documented are these?
4. What is the appetite for risk in the organization?
• How well documented is this?
• How is this risk posture reflected in operations and decision making?
5. To what extent are the representatives across the business, i.e. Manufacturing, Operations, R&D, Legal, HR, etc.
engaged in an organization-wide and regular risk-based discussion on cybersecurity?
6. Has the business quantified the potential business effects of cyber-attacks – i.e. data loss, disruption and costs
arising from a failure to protect the organization from a significant incident?
7. Has the organization benchmarked its risk posture and integrity against comparable organizations that may be
open to this form of information sharing?
8. Has the organization tested its cyber-resilience and response in the wake of a significant incident? Has this testing
been incorporated into the organization’s Disaster Recovery & Business Continuity Planning Process?
9. Does the person responsible for cybersecurity have a mentor among the board members to help them prepare
information in the most appropriate manner possible?
Tenet 2: Provide meaning behind the metrics – make cybersecurity real to the board.
Every board meeting should discuss the topic of cybersecurity to some degree. Board members are generally tired of
hearing about threats. Instead, they want to hear about risks and understand the impact of what the organization has
witnessed. Avoid repeating meaningless KPI statistics that hide the true nature of what is happing in the organization’s
infrastructure. At its core, the board wants to know, “How secure are we?”
The Chief Information Security or Chief Risk Officer should report directly to the board. They should not be “buried”
within the IT or Operations departments. The board of directors must probe the officer in charge of cybersecurity to do
the following:
1. Focus on metrics that explain the impact attacks have or could have had on the organization. How have these
metrics changed since the last review period and what might one infer from such changes?
2. Report by department who has been targeted and the nature of the attack. Indicate how well the organization’s
security mechanisms responded and quantify, if possible, the impact of a successful attack.
3. Identify the overall cybersecurity strategy and response to known risks and attempted attacks.
4. Explain the key issues that are at the forefront of the officer’s mind.
5. Provide a recap of key incidents that have occurred in the organization’s industry and how they relate to the risk-
posture of the organization and discuss any roadblocks to implementing a holistic Data Theft Prevention approach.
This is a key metric, as it is relevant to the board in terms of legal risk. The board must have a clear understanding
of how well the organization is protected, organized and prepared in its security posture relative to its industry
// 07
8. a high level primer for every member of the board
peers. If an industry peer suffers a data breach and the board’s organization is similarly protected, the board will
know that a higher level of security is needed. Meeting or surpassing industry security standards may also help
the organization avoid punitive damages should it fall victim to data theft. On the other hand, if the organization’s
security budget is significantly higher than its peers, it may indicate to the board that they’re spending too much
money on cybersecurity, the security resources are inefficiently allocated, or both.
The board must also, from time-to-time, seek external review of the cybersecurity in place to gain an alternative
perspective on the organization’s risk posture.
Tenet 3: Board members must understand the legal aspects of cybersecurity regulations.
The loss or theft of critical information exposes organizations to the risk of action by regulatory bodies. Moreover, when
cyber-attacks disrupt business operations, organizations may fail to meet obligations to customers, resulting in class
action suits from customers and even shareholders.
Furthermore, the U.S. Securities and Exchange Commission has stated that, “Public companies that are victims of
cyber-attacks should consider disclosing additional information beyond what’s required to help protect customers
whose private data could be at risk.” Also, knowledge of a cyber-attack may be regarded as information likely to inform
investment decisions and be treated as “inside information” that meets the “reasonable investor” test.
There are three broad areas of concern with regards to legal frameworks:
1. Compliance with national and industry-specific regulations – PII and other data are huge privacy and compliance
risks for organizations. Compliance is complex and multi-layered, with national and industry-specific security and
privacy laws often varying widely. Directors must ensure that management is aware of civil and criminal liabilities
that may attach to failure to comply with security and privacy compliance schemes. Many organizations have
at least some level of program in place to manage cyber risk. Such risk programs should be incorporated within
overall corporate risk management strategies with the appropriate executive control and authority.
2. Risks and liabilities associated with third-party service providers – Directors should probe the contractual
relationships and liabilities with IT outsourcing, business process outsourcing and cloud computing providers.
Many third-party agreements are vague on the definitions of who is responsible for the safeguarding of the
organization’s critical information. Moreover, incident notification and remediation procedures are often
overlooked. Individuals in the organization have frequently created chains-of-trust between organizational
stakeholders and it is the responsibility of the directors to ensure that such agreements are appropriately defined
and audited. Additionally, directors should be aware of what their own organization’s security, privacy and
reporting obligations are to its customers and partners. Failure to account for this risk could lead to lengthy legal
battles and loss of reputation.
3. Data breach awareness policy and notification processes – The board must be made aware of major data
breaches and has a duty to remain informed of such matters. This duty also pertains to attempted breaches,
although there is reasonable latitude allowed with regard to the scale, severity and potential impact of the breach
or attempted breach. Notification processes, however, is a complex area of concern. In the event of a breach - even
without the subsequent transmission of the data elsewhere – the board’s first priority must be to seek external
legal and data breach notification advice in order to establish the correct notification processes in a timely matter.
// 08
9. a high level primer for every member of the board
From the board’s perspective, the following information must be recorded for any possible breach declaration:
• The geographic sphere of operations where the information was used and affected. Also very important in
data breach notification is the locale of the citizens whose data was impacted. Disclosure laws generally
follow the citizen’s domicile, not the physical location of the breach itself.
• The reporting requirements in relation to the laws of the specific location - i.e. the legal reporting
requirements in Europe differ widely from those in the US, for example, and will even vary from state-to-
state within the U.S.
• And, whether or when a breach has occurred is a complex question. Safe harbor clauses may come
into effect.
Tenet 4: Board members must identify acceptable cyber risk levels in business operations.
It’s important to note that the board of directors always sets the tone for the organization, and as such, communicates to
members of the organization how cybersecurity should be viewed. This will have a marked effect on the security culture
within the organization. Certainly board members face remarkable challenges, not least the fact that many may have
spent the majority of their careers in the pre-digital era. They must not be fazed by the highly technical jargon used by
“experts in the field” or the complexity and fluidity of modern technology. Instead, they must elevate the discussion to
one of risk-versus-reward. As a former chief of the SEC’s Office of Internet Enforcement recently remarked:
“I do not believe it’s realistic to expect board members to have anything but a high-level understanding of the nature of
cyber threats and how they impact the business of the corporation. Just as you need a good accounting firm to give you
financial expertise, from the board’s perspective this field … requires you to tap into … the necessary expertise and make
sure your company is doing all it can to protect itself.”
However, it behoves all board of directors to educate themselves broadly on the types of cyber risks to which their
organization and sector may be vulnerable. As such, directors should request and expect regular updates from the
organization on recent trends in industry-specific data breaches and on security intelligence reports from information
sharing centers.
In general terms, common sense and business judgment must apply in cybersecurity as much as any other sphere of
business operations. Many of the same types of questions and approaches used by boards to quantify and manage other
categories of risk, such as insurance and recovery plans, apply equally here as well.
Tenet 5: Board of Directors must adopt a well-defined cyber risk management framework.
The organization should structure its cybersecurity defenses in order that their effectiveness and applicability can be
independently assessed. The framework should seek to:
1. Define a set of activities to anticipate and defend against cyber-attacks.
2. Define a set of measurements to assess to what degree an organization has implemented its defense strategies
and benchmark how prepared they are to protect systems against an attack.
3. Define a benchmark profile that can be used to identify opportunities for improving an organization’s
cybersecurity posture by comparing a current profile with a target profile.
// 09
10. a high level primer for every member of the board
One such framework was created by the National Institute of Standards and Technology (NIST). The “Framework for
Improving Critical Infrastructure Cybersecurity” was the result of an executive order issued by the US President in 2013
to establish a set of voluntary cybersecurity standards for critical infrastructure companies. The framework is a risk-
based compilation of guidelines designed to help organizations assess current capabilities and draft a prioritized road-
map toward improved cybersecurity practices. The NIST Framework also creates a common language for the discussion
of cybersecurity issues that can facilitate internal and external collaboration.
There are many other benefits associated with adopting such a framework. First, the NIST Framework may set
cybersecurity standards for future legal rulings. Secondly, organizations that adopt the NIST Framework at the highest
possible risk-tolerance level may be better positioned to comply with future cybersecurity and privacy regulations.
It’s important to note, however, that there is no one-size-fits-all solution for cybersecurity. The US government cannot
provide comprehensive, prescriptive guidelines across all industries. It is therefore the responsibility of the directors to
ensure that any framework adopted is appropriate to the circumstances in which it is applied. With that said, there are
a number of questions directors should pose to their management teams to begin the process of understanding and
managing risk.
// 10
11. a high level primer for every member of the board
Key Areas of Inquiry for the Board
Having established the broad tenets of a comprehensive cybersecurity strategy, the following is a list of areas that
directors may wish to refer to in their next board meeting:
1. Identify the organization’s critical data.
• What is our most critical data that drives the business success?
• Where is it stored, used and shared?
• What are the consequences of a breach featuring this information?
2. Current risks to that data.
• What are the top risks facing the organization with regards to cybersecurity integrity when adopting new
technology – i.e. new technology such as cloud computing and mobile (BYOD)?
• What are the third party risks such as outsourcing and SaaS, and risk of data theft from external actors and
Insider Threats?
3. Key performance indicators of the security posture.
• How do we educate employees to raise their Security IQ and create awareness of threats and risky
behavior?
• Do we use independent third parties to periodically test our defenses?
• What other risk assessment methods have been put in place and what did the results indicate?
4. Data breach protocol for mitigation, remediation and public relations.
• What steps have been taken to manage cybersecurity governance and the legal frameworks for the
territories in which the organization operates and the domiciles of individuals from which data is collected?
• In the event of a serious breach, what protocols and procedures have been developed? Have these been
tested?
• What is the communications plan for the event of a serious information breach?
• What is the crisis management plan and has it ever been tested?
5. Procedures for upgrading the security posture and training personnel.
• To what extent have we measured the risk of data loss or attack across our extended value chain of
partners, suppliers and customers?
• When was the last major breach? What happened as a result and what lessons were learned?
// 11
12. a high level primer for every member of the board
Conclusion
The familiar maxim, “national defense is too important to leave to the military,” also applies to the cybersecurity of your
organization. Of course, the IT team is on the front lines of cyber defense and monitoring the risk to your data, as it
should be; but the impact of data theft is too important for the board of directors not to be involved at a strategic level.
For most boards of directors, however, the prospect of overseeing cybersecurity is a formidable task. However, it is
certainly achievable with a holistic approach and the right cybersecurity partner.
Raytheon|Websense’s Data Theft Prevention solution is an advanced and holistic approach to data security and cyber
risk management. It identifies the critical data at the heart of your organization, provides in-depth risk assessment and
analysis of your security posture and prevents your critical data from leaving when it should not. It also enables your
organization to innovate and grow with confidence.
These factors and security attributes are the key advantages in performing successful, board–level oversight duties as
well as frontline IT security decision-making. Identifying the weaknesses in your security posture as well as potential
threats to your critical data are the first steps to take when reviewing and assessing your current risk levels. The results
of a complete risk assessment will drive the security processes and strategies going forward.
Contact Raytheon|Websense for a complementary risk assessment of your current security posture with our RiskVision™
technology. It will identify threats that your current system is missing or cannot recognize and then provide you with an
in-depth report on your cybersecurity system’s weaknesses and vulnerabilities. No security posture, regardless of the
investment level, can protect your critical data against threats it cannot see.
About Raytheon|Websense
On May 29, 2015, Raytheon Company (NYSE: RTN) and Vista Equity Partners completed a joint venture transaction
creating a new company that combines Websense®, a Vista Equity portfolio company, and Raytheon Cyber Products, a
product line of Raytheon’s Intelligence, Information and Services business. The newly-formed commercial cybersecurity
company will be known on an interim basis as Raytheon|Websense. The company expects to introduce a new brand
identity upon completion of standard organizational integration activity.
To access the latest Raytheon|Websense security insights and connect through social media, please visit
www.websense.com/smc.
For more information, visit http://www.websense.com or http://www.websense.com/triton.
// 12
13. a high level primer for every member of the board
Recommended Reading
& References
1. Framework for Improving Critical Infrastructure Cybersecurity:
http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf
2. The UK Cyber Security Strategy:
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/60961/uk-cyber-security-
strategy-final.pdf
3. The 2015 Raytheon|Websense Threat Report:
http://www.websense.com/content/websense-2015-threat-report.aspx
4. 2014 Ponemon Report on CyberSecurity:
http://www.websense.com/content/2014-ponemon-report-part-2-thank-you.aspx
5. ENISA’s work on National Cyber Security Strategies:
http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss
6. Related Raytheon|Websense publications on Data Theft Prevention:
http://www.websense.com/content/data-theft-prevention.aspx
// 13