SlideShare une entreprise Scribd logo

Cyber Security in the Interconnected World

Télécharger en tant que PPTX, PDF
Russell_Kennedy
Russell_Kennedy

A review of the current and future trends in cyber-security, how the law may treat a breach of cyber-security and what you can do to minimise your exposure.

Technologie
1  sur  21
[Insert image here to match your presentation – contact Meg in BD to obtain images] Cyber Security in the Interconnected World Craig Subocz, Senior Associate 8 March 2016 ##Insert FileSite Doc ID
The information contained in this presentation is intended as general commentary and should not be regarded as legal advice. Should you require specific advice on the topics or areas discussed please contact the presenter directly. Disclaimer 2
> What is cyber security? > Current and future threats > Legal ramifications > The Victorian Privacy Data Security Standards Agenda 3
> Cyber security comprises active steps taken to: > safeguard an IT environment from unauthorised access; and > to ensure that information contained on the IT environment is not accessed, used or disclosed without authorisation What is Cyber Security? 4
> Federal Government refers to “cyber adversaries” > A cyber adversary is “an individual or organisation that conducts cyber espionage, crime or attack” > Adversaries include: > Foreign state-owned adversaries; > Organised crime > Issue-motivated groups or individuals with personal grievances Source: Australian Cyber Security Centre, 2015 Threat Report (July 2015) Current and Future Threats 5
Current and Future Threats 6
Current and Future Threats 7
> Cyber intrusion > Spear phishing and social engineering > Remote Access Tools > Watering-hole Techniques > Compromised legitimate website hosts malware > Malware/Ransomware > Distributed Denial of Service Current and Future Threats 8
> Potential breach of statutory obligations of privacy > Failure to take reasonable steps to secure personal information > Possible breach of director’s duties > Possible breach of contract > Disruption to business continuity > Possible breach of duty (negligence) Legal Ramifications 9
> Many businesses bound by the Privacy Act 1988 (Cth) > Australian Privacy Principle 4 > An organisation must take ‘reasonable steps’ to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure Breach of Privacy 10
> ‘Reasonable steps’ depends on the circumstances > Example: IT network vulnerability allows personal information to be harvested: > If vulnerability could have been addressed relatively inexpensively and/or quickly, then may not have taken ‘reasonable steps’ > Example: Malware detection software detects suspicious activity but IT department takes no action > Privacy Commissioner may conclude that reasonable steps were not taken Breach of Privacy 11
> Directors must act with a reasonable degree of care, diligence and skill (Corporations Act 2001 (Cth), s 180(1)) > Corporation suffers an information security breach incident causing significant disruption to its business > Did the directors adequately plan for and oversee cyber security? > If not, did they discharge their duty? > March 2015: ASIC released REP 429 “Cyber Resilience: Health Check” > Expressly highlighted cyber security as a focus for entities regulated by ASIC Director’s Duties 12
> May 2013: Target installed anti-malware software > Thanksgiving 2013: Malware installed on Target servers > 12 December 2013: US Govt warned Target of an attack > 15 December 2013: Target confirmed it had removed malware > 19 December 2013: Target acknowledged breach > May 2014: Target CEO resigned Target Hack 13
> Target allegedly could have prevented the theft of their customers’ credit cards > Allegedly ignored warnings from its software > Sales in the 2013 holiday period were 3- 4% lower than in previous years > Up to 70 million customers were affected > August 2015: Target US settled lawsuits with VISA > March 2016: Litigation continues Target Hack 14
> Cyber security breaches may disrupt your business continuity and may adversely affect your capacity to deliver goods/services to your customers > Will a force majeure clause to excuse non-compliance? > Can you plan anticipated delivery dates to implement a fallback if your business is interrupted by a cyber security breach (either to your business or a supplier’s business)? Contract Issues 15
> Look at your key supplier contracts to see if they address cyber security > Are there provisions dealing with privacy? > Are there provisions dealing with service unavailability and your rights? > Do your suppliers have the appropriate security certifications? > Do their regularly test their readiness? > What rights do you have against a supplier if their system is undone by a cyber security breach? Contract Issues 16
> Framework developed to address issues in Victorian Government cyber resilience > Applies to 2000+ Victorian Govt agencies (though Councils are exempt) > Establishes Victorian Protective Data Security Standards (VPDSS) > VPDSS currently in draft form > Expected to commence in 2016 Victorian Protective Data Security Framework 17
> VPDSS comprises 20 high level mandatory requirements + supporting material in the form of non-mandatory guidance > Guidance notes still being prepared > Standards include Security Management Framework and Contracted Service Providers Standards > Security Management Framework compels board and executive buy-in to implement security management internally > Contracted Service Providers Standard requires agencies to address security management in contracts in an enforceable manner Victorian Protective Data Security Standards 18
> Cyber threats evolving > Cyber security requires board and executive attention > Use resources such as ASIC Report 429 as a means of informing the board to set a strategy for improving cyber resilience > Review engagements with suppliers to determine whether and to what extent cyber security is addressed > If appropriate, discuss what suppliers will do in relation to cyber security and seek to embed their undertakings in contract documents > Monitor communications from relevant regulators, eg. Privacy Commissioner > Seek external assistance, if required Summary 19
20 Please Contact Craig Subocz Senior Associate (03) 9609 1646 csubocz@rk.com.au rk.com.au Thanks
Level 12, 469 La Trobe Street, Melbourne, VIC 3000 P: +61 3 9609 1555 Level 8, 28 University Avenue, Canberra, ACT 2601 P: +61 2 6171 9900 Liability limited by a scheme approved under Professional Standards Legislation

Recommandé

What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika University
Avantika University
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1
Mukesh Chinta
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
SAHANAHK
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
rahulbhardwaj312501
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
PECB
 

Recommandé

What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika University
Avantika University
 
Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1Cisco Cyber Security Essentials Chapter-1
Cisco Cyber Security Essentials Chapter-1
Mukesh Chinta
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
SAHANAHK
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
rahulbhardwaj312501
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
PECB
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
Stephen Cobb
 
Cyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 minsCyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 mins
INKPPT
 
It risk assessment in uae
It risk assessment in uaeIt risk assessment in uae
It risk assessment in uae
RishalHalid1
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
Scott Geye
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measures
CBIZ, Inc.
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business Experience
National Retail Federation
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Cyber security threats and its solutions
Cyber security threats and its solutionsCyber security threats and its solutions
Cyber security threats and its solutions
maryrowling
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
R-Style Lab
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
CH Asim Zubair
 
Cyber security
Cyber securityCyber security
Cyber security
Ankush Verma
 
Basic knowledge of cyber security
Basic knowledge of cyber securityBasic knowledge of cyber security
Basic knowledge of cyber security
mahendra_chauhan
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed Actions
John Gilligan
 
Cyber security basics
Cyber security basics Cyber security basics
Cyber security basics
Rohit Srivastava
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
WAJAHAT IQBAL
 
Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTH
Awais Shibli
 
Cyber Domain Security
Cyber Domain SecurityCyber Domain Security
Cyber Domain Security
ICSA, LLC
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security Certifications
Mercury Solutions Limited
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
Jim Brashear
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
Mandar Pathrikar
 

Contenu connexe

Tendances

2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
Scott Geye
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
IBM Security
 
Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTH
Awais Shibli
 

Tendances (20)

HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
 
Cyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 minsCyber Security vs IT Security in 2 mins
Cyber Security vs IT Security in 2 mins
 
It risk assessment in uae
It risk assessment in uaeIt risk assessment in uae
It risk assessment in uae
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Cyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measuresCyber Security: Why your business needs protection & prevention measures
Cyber Security: Why your business needs protection & prevention measures
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business Experience
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security threats and its solutions
Cyber security threats and its solutionsCyber security threats and its solutions
Cyber security threats and its solutions
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
 
Cyber security
Cyber securityCyber security
Cyber security
 
Basic knowledge of cyber security
Basic knowledge of cyber securityBasic knowledge of cyber security
Basic knowledge of cyber security
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed Actions
 
Cyber security basics
Cyber security basics Cyber security basics
Cyber security basics
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 
Cyber Security_Presentation_KTH
Cyber Security_Presentation_KTHCyber Security_Presentation_KTH
Cyber Security_Presentation_KTH
 
Cyber Domain Security
Cyber Domain SecurityCyber Domain Security
Cyber Domain Security
 
The Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security CertificationsThe Ultimate Guide To Cyber Security Certifications
The Ultimate Guide To Cyber Security Certifications
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 

En vedette

Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond
(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond
(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond
Philip Beyer
 
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
North Texas Chapter of the ISSA
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
centralohioissa
 

En vedette (20)

A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attention
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
 
Bank Director List of Worries
Bank Director List of WorriesBank Director List of Worries
Bank Director List of Worries
 
Websense
WebsenseWebsense
Websense
 
10 Rules for Vendors - an Overview
10 Rules for Vendors - an Overview10 Rules for Vendors - an Overview
10 Rules for Vendors - an Overview
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber Security
 
Cyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsCyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teams
 
RSA 2017 - CISO's 5 steps to Success
RSA 2017 - CISO's 5 steps to SuccessRSA 2017 - CISO's 5 steps to Success
RSA 2017 - CISO's 5 steps to Success
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
 
(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond
(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond
(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond
 
Securing Yourself in the Cyber World
Securing Yourself in the Cyber WorldSecuring Yourself in the Cyber World
Securing Yourself in the Cyber World
 
Attacks on the cyber world
Attacks on the cyber worldAttacks on the cyber world
Attacks on the cyber world
 
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
 
NTXISSACSC4 - A Day in the Life of a CISO
NTXISSACSC4 - A Day in the Life of a CISONTXISSACSC4 - A Day in the Life of a CISO
NTXISSACSC4 - A Day in the Life of a CISO
 

Similaire à Cyber Security in the Interconnected World

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
IT Governance Ltd
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
Rachel Anne Carter
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
Mark Bennett
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Shawn Tuma
 
How to Establish a Cyber Security Readiness Program
How to Establish a Cyber Security Readiness ProgramHow to Establish a Cyber Security Readiness Program
How to Establish a Cyber Security Readiness Program
Matt Moneypenny
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
soulscout02
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
ijtsrd
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
SolarWinds
 

Similaire à Cyber Security in the Interconnected World (20)

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
 
How to protect your company from cyber attacks
How to protect your company from cyber attacksHow to protect your company from cyber attacks
How to protect your company from cyber attacks
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
 
How to Establish a Cyber Security Readiness Program
How to Establish a Cyber Security Readiness ProgramHow to Establish a Cyber Security Readiness Program
How to Establish a Cyber Security Readiness Program
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
Simple Safe Steps to Cyber Security
Simple Safe Steps to Cyber SecuritySimple Safe Steps to Cyber Security
Simple Safe Steps to Cyber Security
 
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber AttacksA Comprehensive Review of Cyber Security, Threats and Cyber Attacks
A Comprehensive Review of Cyber Security, Threats and Cyber Attacks
 
Navigating the Digital Landscape.pdf
Navigating the Digital Landscape.pdfNavigating the Digital Landscape.pdf
Navigating the Digital Landscape.pdf
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
 
Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!Vulnerability Management – Opportunities and Challenges!
Vulnerability Management – Opportunities and Challenges!
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
 

Plus de Russell_Kennedy

Plus de Russell_Kennedy (20)

Seminar: Social media in the workplace - 30 November 2016
Seminar: Social media in the workplace - 30 November 2016Seminar: Social media in the workplace - 30 November 2016
Seminar: Social media in the workplace - 30 November 2016
 
Illicit Tobacco Investigations and Prosecutions Presentation
Illicit Tobacco Investigations and Prosecutions PresentationIllicit Tobacco Investigations and Prosecutions Presentation
Illicit Tobacco Investigations and Prosecutions Presentation
 
Russell Kennedy Health Seminar by Matthew Carroll - 6 September 2016
Russell Kennedy Health Seminar by Matthew Carroll - 6 September 2016Russell Kennedy Health Seminar by Matthew Carroll - 6 September 2016
Russell Kennedy Health Seminar by Matthew Carroll - 6 September 2016
 
Russell Kennedy Not-for-profit Seminar: Strategic challenges facing primary ...
Russell Kennedy Not-for-profit Seminar: Strategic challenges facing primary ...Russell Kennedy Not-for-profit Seminar: Strategic challenges facing primary ...
Russell Kennedy Not-for-profit Seminar: Strategic challenges facing primary ...
 
RKWN event: Women and the Power of Negotiation by Nicole Davidson, CMA Learni...
RKWN event: Women and the Power of Negotiation by Nicole Davidson, CMA Learni...RKWN event: Women and the Power of Negotiation by Nicole Davidson, CMA Learni...
RKWN event: Women and the Power of Negotiation by Nicole Davidson, CMA Learni...
 
I'm Never Going to Die and My Partner's Never Going to Leave Me - RKWN event ...
I'm Never Going to Die and My Partner's Never Going to Leave Me - RKWN event ...I'm Never Going to Die and My Partner's Never Going to Leave Me - RKWN event ...
I'm Never Going to Die and My Partner's Never Going to Leave Me - RKWN event ...
 
"He's never going to leave me..." and other myths - RKWN event - Wednesday 3 ...
"He's never going to leave me..." and other myths - RKWN event - Wednesday 3 ..."He's never going to leave me..." and other myths - RKWN event - Wednesday 3 ...
"He's never going to leave me..." and other myths - RKWN event - Wednesday 3 ...
 
Clinical Governance Presentation by Michael Gorton AM - 21 July 2016
Clinical Governance Presentation by Michael Gorton AM - 21 July 2016Clinical Governance Presentation by Michael Gorton AM - 21 July 2016
Clinical Governance Presentation by Michael Gorton AM - 21 July 2016
 
Workplace Relations Seminar - Wednesday 20 July 2016
Workplace Relations Seminar - Wednesday 20 July 2016Workplace Relations Seminar - Wednesday 20 July 2016
Workplace Relations Seminar - Wednesday 20 July 2016
 
Russell Kennedy and Pitcher Partners NFP Seminar - 12 July 2016
Russell Kennedy and Pitcher Partners NFP Seminar - 12 July 2016Russell Kennedy and Pitcher Partners NFP Seminar - 12 July 2016
Russell Kennedy and Pitcher Partners NFP Seminar - 12 July 2016
 
Barrington Centre - Psychological Risks and Human Management in a Crisis - 24...
Barrington Centre - Psychological Risks and Human Management in a Crisis - 24...Barrington Centre - Psychological Risks and Human Management in a Crisis - 24...
Barrington Centre - Psychological Risks and Human Management in a Crisis - 24...
 
Grounded Communications - Communicating in a Crisis - 24 May 2016
Grounded Communications - Communicating in a Crisis - 24 May 2016Grounded Communications - Communicating in a Crisis - 24 May 2016
Grounded Communications - Communicating in a Crisis - 24 May 2016
 
Russell Kennedy - Legal Issues in Crisis Management - 24 May 2016
Russell Kennedy - Legal Issues in Crisis Management - 24 May 2016Russell Kennedy - Legal Issues in Crisis Management - 24 May 2016
Russell Kennedy - Legal Issues in Crisis Management - 24 May 2016
 
Restructures, redundancies and transfer of business: Getting it Right
Restructures, redundancies and transfer of business: Getting it RightRestructures, redundancies and transfer of business: Getting it Right
Restructures, redundancies and transfer of business: Getting it Right
 
Russell Kennedy - Abuse issues in the Not For Profit sector: Handling and Pr...
Russell Kennedy - Abuse issues in the Not For Profit sector: Handling and Pr...Russell Kennedy - Abuse issues in the Not For Profit sector: Handling and Pr...
Russell Kennedy - Abuse issues in the Not For Profit sector: Handling and Pr...
 
Russell Kennedy Women's Network: Develop seminar - Wills & Estates Planning f...
Russell Kennedy Women's Network: Develop seminar - Wills & Estates Planning f...Russell Kennedy Women's Network: Develop seminar - Wills & Estates Planning f...
Russell Kennedy Women's Network: Develop seminar - Wills & Estates Planning f...
 
Changes to the ACT Coroner Act
Changes to the ACT Coroner ActChanges to the ACT Coroner Act
Changes to the ACT Coroner Act
 
Workplace Relations Seminar
Workplace Relations Seminar Workplace Relations Seminar
Workplace Relations Seminar
 
Aged Care Seminar
Aged Care SeminarAged Care Seminar
Aged Care Seminar
 
Merge, restructure or wind up?
Merge, restructure or wind up?Merge, restructure or wind up?
Merge, restructure or wind up?
 

Dernier

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Dernier (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Cyber Security in the Interconnected World

  • 1. [Insert image here to match your presentation – contact Meg in BD to obtain images] Cyber Security in the Interconnected World Craig Subocz, Senior Associate 8 March 2016 ##Insert FileSite Doc ID
  • 2. The information contained in this presentation is intended as general commentary and should not be regarded as legal advice. Should you require specific advice on the topics or areas discussed please contact the presenter directly. Disclaimer 2
  • 3. > What is cyber security? > Current and future threats > Legal ramifications > The Victorian Privacy Data Security Standards Agenda 3
  • 4. > Cyber security comprises active steps taken to: > safeguard an IT environment from unauthorised access; and > to ensure that information contained on the IT environment is not accessed, used or disclosed without authorisation What is Cyber Security? 4
  • 5. > Federal Government refers to “cyber adversaries” > A cyber adversary is “an individual or organisation that conducts cyber espionage, crime or attack” > Adversaries include: > Foreign state-owned adversaries; > Organised crime > Issue-motivated groups or individuals with personal grievances Source: Australian Cyber Security Centre, 2015 Threat Report (July 2015) Current and Future Threats 5
  • 6. Current and Future Threats 6
  • 7. Current and Future Threats 7
  • 8. > Cyber intrusion > Spear phishing and social engineering > Remote Access Tools > Watering-hole Techniques > Compromised legitimate website hosts malware > Malware/Ransomware > Distributed Denial of Service Current and Future Threats 8
  • 9. > Potential breach of statutory obligations of privacy > Failure to take reasonable steps to secure personal information > Possible breach of director’s duties > Possible breach of contract > Disruption to business continuity > Possible breach of duty (negligence) Legal Ramifications 9
  • 10. > Many businesses bound by the Privacy Act 1988 (Cth) > Australian Privacy Principle 4 > An organisation must take ‘reasonable steps’ to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure Breach of Privacy 10
  • 11. > ‘Reasonable steps’ depends on the circumstances > Example: IT network vulnerability allows personal information to be harvested: > If vulnerability could have been addressed relatively inexpensively and/or quickly, then may not have taken ‘reasonable steps’ > Example: Malware detection software detects suspicious activity but IT department takes no action > Privacy Commissioner may conclude that reasonable steps were not taken Breach of Privacy 11
  • 12. > Directors must act with a reasonable degree of care, diligence and skill (Corporations Act 2001 (Cth), s 180(1)) > Corporation suffers an information security breach incident causing significant disruption to its business > Did the directors adequately plan for and oversee cyber security? > If not, did they discharge their duty? > March 2015: ASIC released REP 429 “Cyber Resilience: Health Check” > Expressly highlighted cyber security as a focus for entities regulated by ASIC Director’s Duties 12
  • 13. > May 2013: Target installed anti-malware software > Thanksgiving 2013: Malware installed on Target servers > 12 December 2013: US Govt warned Target of an attack > 15 December 2013: Target confirmed it had removed malware > 19 December 2013: Target acknowledged breach > May 2014: Target CEO resigned Target Hack 13
  • 14. > Target allegedly could have prevented the theft of their customers’ credit cards > Allegedly ignored warnings from its software > Sales in the 2013 holiday period were 3- 4% lower than in previous years > Up to 70 million customers were affected > August 2015: Target US settled lawsuits with VISA > March 2016: Litigation continues Target Hack 14
  • 15. > Cyber security breaches may disrupt your business continuity and may adversely affect your capacity to deliver goods/services to your customers > Will a force majeure clause to excuse non-compliance? > Can you plan anticipated delivery dates to implement a fallback if your business is interrupted by a cyber security breach (either to your business or a supplier’s business)? Contract Issues 15
  • 16. > Look at your key supplier contracts to see if they address cyber security > Are there provisions dealing with privacy? > Are there provisions dealing with service unavailability and your rights? > Do your suppliers have the appropriate security certifications? > Do their regularly test their readiness? > What rights do you have against a supplier if their system is undone by a cyber security breach? Contract Issues 16
  • 17. > Framework developed to address issues in Victorian Government cyber resilience > Applies to 2000+ Victorian Govt agencies (though Councils are exempt) > Establishes Victorian Protective Data Security Standards (VPDSS) > VPDSS currently in draft form > Expected to commence in 2016 Victorian Protective Data Security Framework 17
  • 18. > VPDSS comprises 20 high level mandatory requirements + supporting material in the form of non-mandatory guidance > Guidance notes still being prepared > Standards include Security Management Framework and Contracted Service Providers Standards > Security Management Framework compels board and executive buy-in to implement security management internally > Contracted Service Providers Standard requires agencies to address security management in contracts in an enforceable manner Victorian Protective Data Security Standards 18
  • 19. > Cyber threats evolving > Cyber security requires board and executive attention > Use resources such as ASIC Report 429 as a means of informing the board to set a strategy for improving cyber resilience > Review engagements with suppliers to determine whether and to what extent cyber security is addressed > If appropriate, discuss what suppliers will do in relation to cyber security and seek to embed their undertakings in contract documents > Monitor communications from relevant regulators, eg. Privacy Commissioner > Seek external assistance, if required Summary 19
  • 20. 20 Please Contact Craig Subocz Senior Associate (03) 9609 1646 csubocz@rk.com.au rk.com.au Thanks
  • 21. Level 12, 469 La Trobe Street, Melbourne, VIC 3000 P: +61 3 9609 1555 Level 8, 28 University Avenue, Canberra, ACT 2601 P: +61 2 6171 9900 Liability limited by a scheme approved under Professional Standards Legislation