Professional Documents
Culture Documents
Milt Rosberg
Global VP, Vanguard Integrity Professionals
CAU01
The Pressure Is On
2
Board Assurance & Stakeholders
Concerns:
• Meet Regulations
• Avoid Penalties
• Reputational Risk
• Improve Operations
3
Stakeholders – Silos are changing
• Responsibilities
• Organizationally
4
Mainframe and Open Systems Responsibilities
5
All Hands on Deck
6
Cybersecurity Leadership & Teamwork
7
Leadership Teams Fighting Cybersecurity Risks
• CIO
• CISO
• CTO
• CSO
• CCO
• CHRO
8
Managing External and Internal Risks
9
Government Intervention is Growing
10
Separating Operations from Compliance
Soooooo Many Rules!!
11
Managing Audit Demands & $$$
• Internal Auditors
• Outside Audit Firms
• State Requirements
• Federal Requirements
• Industry Requirements
• International Requirements
• Home Grown Compliance
12
The Breach ? $$$$ go up over time
Time it takes
• 206 Days to Discover
• 314 Days to Contain
• $ 740,000 to notify
• Lawsuits
13
New Challenges – Big Risk
14
Global Cybersecurity Spending Big Increase
15
Connecting The Risks – Where To Spend The $$$
• Integrity of Systems
• Documented Security Policies
• Security Ops & Procedures
• Mitigate Previously
Discovered
16
Risk Responsibility Belongs To Who ?
17
IT Functions vs Threats - Important Biz Risk
18
CISO leadership
19
CISO Understanding the Insider threat risk
20
Insider Threats – The Wolf in Sheep's Clothing
Only 0% is acceptable
Average 35% of all corporate hacks were from known users from inside the company.
Only need 1 exfiltration
Internal and External Access
22
Insider Espionage, Know Your Surroundings
23
Insider Threat Best Practices
• Be vigilant
24
2018 to 2020 31% Cost Increase
25
Risk Appetite & Tolerance $$$$
26
Basic Steps – Answering the “How Much” ??
Develop a plan
Gather Information
Discover Vulnerabilities
o Scans - Pen Test
o Current controls?
o “Open Doors”
Comprehensive Report
27
Step One - Planning
28
Step Two - Gathering Information
29
Step 3 - Discover Vulnerabilities
30
System “Knobs” Set Correctly ?
• Authorized Libraries
• ESM Controls
• z/OS and Unix Services
• Excess Access
31
Locate all the “Back Doors” & “Open Doors”
• Code Scanning
• Pen-Testing
• Vulnerably Scans
• Surveillance
32
Delivering the Comprehensive Report
33
Step 4 – Stakeholders Comprehensive Report
Remediation Options
Leverage In-house Skills
Use Industry SME
Integrate Managed Services
Results
Deploy Options Combinations
Meet External Regulations
Exceed Internal Audit Demands
34
Data Loss Effects 3.5 Billion Where did it go?
35
Lock Your Systems Down
36
Questions
How to Contact Us
Vanguard Integrity Professionals
6625 South Eastern Ave., Suite 100
Las Vegas, NV 89119-3930
37
Session Evaluation
38
Legal Notice
Copyright
©2020 Copyright by Vanguard Integrity Professionals, Inc. All rights reserved. Unauthorized reproduction, modification, publication,
display, or distribution of this work in any form is not permitted. Criminal copyright infringement may be punishable by fines and/or
incarceration. Recording of live or online presentations is not permitted. The use of session, event, staff, or presenter images is not
authorized including but not limited to posting images on social media. With respect to presentation materials such as hand-outs or slide
decks, registered participants are permitted to reproduce, distribute, and display such materials internally within their organizations for
non-commercial educational purposes only. All other uses must be expressly granted in writing by Vanguard Integrity Professionals,
Inc..
Trademarks
The following are trademarks of Vanguard Integrity Professionals – Nevada:
UNIX is a registered trademark of The Open Group in the United States and other countries.
Microsoft, Windows and Windows NT are registered trademarks of Microsoft Corporation in the United
States, other countries, or both.
Other company, product, and service names may be trademarks or service marks of others.
Content sources: World Economic Forum Global Risk Report (GRR), IDG Tecktalks (CIO.com), Security
Boulevard, Ponemon Institute