1 / 8

Cybersecurity is not a new issue!

Cybersecurity is not a new issue!. Dr. Edgar Frank Codd, an IBM researcher, wrote a paper that described the fundamental model of the relational databases that today underpin virtually every major company’s operations.

maryw
Download Presentation

Cybersecurity is not a new issue!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cybersecurity is not a new issue! Dr. Edgar Frank Codd, an IBM researcher, wrote a paper that described the fundamental model of the relational databases that today underpin virtually every major company’s operations. The paper outlined the need for the ‘shared data banks’ to have the attributes of dataconsistency, integrity, security and privacy. This paper was published in 1970, but its goals are just as relevant today!

  2. Cyber Stress Factors • Media coverage • (D)evolving workforce • Hyper-connectivity • People, people, people • Cyber talent shortages • Legislation, Regulation, Contracts These drivers vary by industry, region and corporate culture

  3. Lessons (to be) Learned • Access restrictions • Authorization enforcement • Segregation of duties • Vendor management • Root cause analysis • Risk-based oversight Is this Déjà vu all over again?

  4. Use of Frameworks is Expanding • Extends the classic security life cycle functions to include Identify • The model is more proactive - Business and Governance are key risk aspects • The model includes analytics, supply chain risk management, continuous monitoring • An emerging imperative is enhancing the role of Internal Audit in risk management • ISACA has released an implementation guidance document as part of CSX • Other frameworks include COBIT5 and ISO/IEC 27000 NIST Cybersecurity Framework Source: http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf 4

  5. Cybersecurity Roadmap • Adopt a risk and control framework • Assess your risk profile and appetite • Inventory your capabilities and people • Define a cyber security strategy • Develop an integrated oversight plan • Periodically report, review and revise Be pragmatic to create change that is evolutionary and less disruptive

  6. Take on the Challenge for Change The journey begins with each of you: • Take a fresh look at your role • Become an active participant • Be bold - challenge the status quo • Increase IA/IS/IT transparency • Make audits more meaningful Cybersecurity improvements often need to occur one person at a time

  7. Closing Thoughts • Cyber threats constantly change the game • Data breaches will continue to focus on finding and exploiting the weak links • Perfect security isn’t possible, so flexibility, agility and resilience must be the priority • Audit should be playing a stronger role in evaluating the adequacy of risk management • A strong partnership between IT, Security and Internal Audit can make a real difference • Be prepared, individually and organizationally, instead of being paranoid!

  8. Contact Info: Michael Gerdes Director, Information Security COE Experis 585.981.0042 Michael.Gerdes@experis.com

More Related