Insurance Accounting & Systems Association (IASA): NY/NJ Chapter Spring 2014

Similar documents
Deloitte Accelerated Value: SaaS innovation for the digital core. Extending the potential of core systems, addressing tomorrow s needs

Securing Capabilities in the Cloud: Security and Privacy in the Evolution of Cloud Computing

Implementing Analytics in Internal Audit. Jordan Lloyd Senior Manager Ravindra Singh Manager

Welcome to the postmodern era for public sector ERP

Mid-market technology trends: Leveraging disruption to drive value The Dbriefs Private Companies series Anthony Stephan, Principal, Deloitte

Governing the cloud. insights for 5executives. Drive innovation and empower your workforce through responsible adoption of the cloud

Operational Risk Management (#DOpsRisk) Solutions suite

The BIG question: How can you optimize to drive growth?

Reimagining IT: Leading technology organizations into the future The Dbriefs Technology Executives series

2017 NASC Annual Conference SESSION G: Postmodern ERP: Back to The Future

Unlock your digital marketing potential

Empower your field technicians. A smarter approach to managing field assets using mobile tools

Securing Enterprise Social Media and Mobility Apps

Extended Enterprise Risk Management

The past, present and future of service organization control reporting

CFO Perspectives CFO Speaks

Generating value within the Risk Ecosystem Risk powers performance

Risk Advisory Services Developing your organisation s governance for competitive advantage

Four Strategies for Enabling Innovation in the Face of Risk and Compliance. By John A. Epperson and Clayton J. Mitchell

Implementing a corporate legal process outsourcing solution. Key considerations before embarking on the legal service delivery transformation journey

Presented by David Bischof SIOPSA 2016

Social Analytics in Media & Entertainment The three-minute guide

SAP S/4HANA Finance The Finance Labs The Art of the Possible

High-Impact Talent Management in the Mid-Market November 30, 2016

Extended Enterprise Risk Management

Welcome your.. virtual colleagues!

The Case for the SIO. A guide to navigate the new challenges of Service Management. kpmg.ca

Infrastructure services delivery planning for M&A: An ounce of prevention Part of the heart of M&A series on M&A technology topics

Get ahead of technology trends Enabling the symphonic enterprise with SAP solutions

2017 Deloitte Renewable Energy Seminar Innovating for tomorrow November 13-15, 2017

On the board s agenda US Winning with digital: What boards need to know about digital transformation

CFOs and CIOs: How do you know when to reach for the clouds?

It s time to revisit your anti-corruption compliance program How to design an effective and defensible compliance program in response to global trends

A View from the C-Suite: The Value Proposition of Shared and Global Business Services The Conference Board 20th Annual Global Business and Shared

Internal Audit innovation Structured methods to unlock new value

Four faces of the CFO

PROACTIVE ADOPTER SERIES: Embracing foundational benefits of IT security

The velocity of change

Digital HR: Driving organizations to be digital, not just do digital

Why digital governance matters

Global trends for community services in Western Australia

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Machine intelligence ascending

RSA ARCHER IT & SECURITY RISK MANAGEMENT

Transformation in the Internal Audit Function Neil White October 5, 2017

Think logically about logical separation

Are you ready for Industry 4.0? FY2017 Stakeholder engagement summary

Outsourcing transparency evolution

DIGITAL CASE STUDIES

On the board s agenda US Board oversight of algorithmic risk. Board Effectiveness. Center for. Summary. November 2017

Harnessing the power of GIS

International Finance Corporation

EY Digital Boardroom. Overview. EY Digital Boardroom 1

Legacy System Modernization. Imperatives. Challenges. Approach. Case Studies. PA TechCon. May 4, Considerations

Ramifications of the New COSO Framework & Recent PCAOB Actions

Webcast title in Verdana Regular

Beyond EDI Unlocking new value with transactions enabled by SAP Ariba and the Ariba Network

Internal audit insights High impact areas of focus

Understanding employee engagement after a corporate acquisition A global communications company. EngagePath client spotlight

Global Manufacturing Industry Landscape

Kseniia Jones Senior Manager Global Risk Advisory Deloitte UK

2017 Technology, Media and Telecommunications Predictions Middle East edition

INDUSTRY STUDY. The Definitive Buyer's Guide to the Global Market for Learning Management Solutions 2013

Business partners needed: Results of Deloitte s 2013 Global finance talent survey

Elevate your organization. To reach the Cloud.

Miles CPA Review: BEC Q Updates for 2017 Edition

Embracing SaaS: A Blueprint for IT Success

RSA Solution for egrc. A holistic strategy for managing risk and compliance across functional domains and lines of business.

Cloud Computing Opportunities & Challenges

Building a Business Case for Talent Analytics

Risk Based Approach and Enterprise Wide Risk Assessment Edwin Somers / Inneke Geyskens-Borgions 26 September 2017

itsmf Annual Conference 2012

Back to School for Business Services how to get it right?

Technology evolution. Managing the risk in four key areas

Building your omni-channel journey

Third Party Risk Management ( TPRM ) Transformation

API Gateway Digital access to meaningful banking content

Competing for growth. Creating a customer-centric, connected enterprise. KPMG Customer Advisory. kpmg.com/customer

Building a gross-to-net strategy in a fast changing market How evolved is your approach?

Payments solutions for the innovation era: A renewed commitment to our cooperative system

The importance of the right reporting, analytics and information delivery

Building a Roadmap to Robust Identity and Access Management

Growth Fuel Rethinking trade spending in consumer products

Go global: positioning your family business expansion across borders. Key considerations for accelerating your growth

Kinetic Enterprise Putting the next-generation organization into motion

Bringing the power of the digital workplace to life. A guide on how UK businesses can drive digital adoption

Responsive Risk Management. Francesca Gomez, Deloitte

Elevating The In-Store Experience: Why The Network Matters

Are you a top performer?

Digital Maturity Model Achieving digital maturity to drive growth. February 2018

MOVING TO THE CLOUD WITH CONFIDENCE A step-by-step guide to managing all stages of cloud migration

Talent Strategy. Building Competitive Advantage with Talent

Volatility: the new reality Synchronize your supply chain planning to capture value in a volatile world

Microsoft Enterprise Services. Modernizing IT to enable the Digital Workplace

Transforming the power and utilities IT organization

FUJITSU Transformational Application Managed Services

Agenda Overview for Marketing Management, 2015

Turning Data into Insights Information Management with Deloitte and Informatica

DLT AnalyticsStack. Powering big data, analytics and data science strategies for government agencies

TECHNOLOGY AND AUDIT: A MUTUAL FUTURE THERESA GRAFENSTINE CHAIR, ISACA BOARD OF DIRECTORS 2/15/2018

Transcription:

Insurance Accounting & Systems Association (IASA): NY/NJ Chapter Spring 2014 State of Information Security by Deloitte & Touche LLP May 20, 2014 As used in this document, Deloitte means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

Introductions Najeh Adib Manager, Cyber Risk Services, Deloitte & Touche LLP Phone: +1 203 274 2014 E-Mail: nadib@deloitte.com Tushar Srivastava Manager, Cyber Risk Services, Deloitte & Touche LLP Phone: +1 212 436 3779 E-Mail: tsrivastava@deloitte.com 1

How did we get here? Technology has given rise to a new kind of consumer and a new kind of worker causing organizations to fundamentally rethink almost every aspect of their operations. Socially connected Consumers are constantly connected to their social networks, resulting in increasingly collaborative experiences in which they are both influenced by and influencers of their peers Behaviorally connected Companies are gaining more detailed information about individuals, enabling more compelling consumer engagement through marketing and product/service offerings that are tightly linked to past patterns of behavior Technically connected Consumers are constantly connected to the Internet through smart, portable, and highly usable devices, enabling real-time analysis, price comparisons, and product/service transparency The enterprise has evolved over the past two decades from Industrial to Digital to Postdigital. Industrial Digital Postdigital Organization Specialization Processes-focused Functional model IT-focused Interdisciplinary Collaboration-focused Channel Single channel Multichannel Omnichannel Market Approach Plan-based replenishment Transaction-based replenishment Interest-based replenishment 2

Disrupt or be disrupted Organizations must evolve to stay relevant as behaviors and needs within the post-digital ecosystem change rapidly. A slow response invites disruption Evolve now and you can disrupt and grow A movie rental company failed to heed to customers changing appetite for direct, instant digital fulfillment Online shoe retailer disrupted the industry by using mobile and social technology to provide the flexibility that customers desire Consumer electronics retailer failed to transform workforce from traditional salesmen to engaging customer service advocates Static businesses will be unable to meet desires and expectations in two years Home improvement retailer empowers employees with collaboration tools to share ideas and leading practices Innovative car rental service channeled social technologies to provide customers the desired high-touch merchant experience at a low cost Postdigital Enterprises will evolve to harness disruptive technologies 3

Deloitte Tech Trends 2013: Elements of Post-digital Interested in more, the full report can be downloaded at http://www.deloitte.com/view/en_us/us/services/consulting/technology-consulting/technology-2013/index.htm 4

The impact on today s Information and Cyber Security Officers Expectations are evolving as executives grapple with the impact of the post-digital environment on information and technology. Customer focus Consumerization of technology Value-driven allocation of resources to maximize results Emphasis on partnering to deliver business capabilities Extendible & flexible enterprise architecture to support broader eco-system & new technologies Cost reduction Corporate / BU CIO Shift from fixed to variable cost models to address fluctuating business requirements Global resource management enterprise & third party; onshore & off-shore Smart sourcing of development / infrastructure / services Create efficiencies by leveraging big data Chief / BU Information Security Officers Understand the real risk associated with data and the associated security implications Strike a balance between information security, the evolving business model and end user expectations that are primarily formed through use of consumer technology Secure data that transcends the four walls of the company especially in cloud, mobile and unstructured environments Manage software vulnerabilities as development cycles shorten and applications are introduced into new environments Understand regulatory and legal expectations and determine how to address them without hindering the IT organization and the business 5

Key cyber security focus areas Below are some of the key focus areas for today s cyber risk executives. Agile Risk Management Integrating risk management into existing IT management processes rather than bolting it on (e.g., SDLC) Rationalizing control processes and tempering them based on risk tolerance Cyber Security Mobile Security Third Party Security Cloud Computing Regulatory Requirements Understanding cyber criminal networks and their potential impact on the company (and it s clients) Preventing cyber attacks and advanced persistent threats Keeping up with cyber criminals as they innovate at a faster pace than industry Mobile technology and social networking provide an ecosystem that is complex and rapidly evolving Adoption of mobile devices (and BYOD) is growing at a staggering rate across industries and markets Powerful communication tools are opening new communication channels and risks Operating cost pressures drive an increased focus on outsourcing business functions Companies are dependent on third parties for core operations and key business functions Regulatory requirements of third party suppliers are complex and difficult to manage Ease of acquisition and use drives an increased business demand for cloud capabilities ( Rogue IT ) Difficulty in addressing responsibility for information security in the cloud Records management, data privacy and disclosure risks complicated by international jurisdictions Changes to the regulatory environment must filter through to information security programs Global organizations must constantly monitor for changes to international regulatory requirements Failure to meet regulatory requirements in information security can have real business impact 6

Agile risk management The Challenge Many organizations believe that appropriate information security can still be achieved by simply purchasing various security products and services"¹ while burdening the IT organization with additional check the box exercises. Overview One size does not fit all existing risk management processes often do not account for the organization s risk tolerance Integrated vs. bolted on risk processes are often bolted on as separate processes instead of integrated into existing processes (e.g., SDLC) Adaptability existing risk processes and libraries often times do not account for the evolving threat landscape and are not agile enough to quickly adapt Key Considerations Engage the business earlier Get a seat decision making table by demonstrating value and flexibility Look for opportunities to adjust the rigor of risk management processes based on tolerance ¹ A Systematic, Comprehensive Approach to Information Security Gartner, Published: 24 June 2010 7

Cyber security The Challenge Cyber crime has taken a chilling turn it is now serious, more widespread, aggressive, growing, and increasingly sophisticated, posing major implications for national and economic security. Overview Velocity and volume frequent cyber attacks and breaches with discovery usually occurring only after the fact, if at all Innovation and sophistication cyber criminals are innovating at a pace which many organizations and technology vendors cannot match It s not just the hacker many organizations have not yet recognized organized cyber criminal networks as a potential threat Current deterrents aren t working effective deterrents are not known, available, or accessible to many practitioners 288 83M 360K Number of publicly disclosed data breaches in the last 6+ years Number of customer records exposed in data breaches in the last 6+ years Number of credit card accounts compromised in a single data breach Key Considerations Understand how your organization is viewed by cyber criminals Consider risk when determining where to focus resources Balance impact of an incident with ability to acquire intel 8

Mobile security The Challenge With rapid and increased adoption of mobile devices, CISOs are often faced with the challenge on how to adopt enterprise mobility while protecting organization s assets. Overview Mobile ecosystem a complex, rapidly developing environment where new risks are introduced everyday Adoption growing at a staggering rate and will continue to do so for foreseeable future Powerful tools mobility has the potential to deliver powerful tools and open new communication channels Enterprise mobility challenges include, bring your own device (BYOD), Management of diverse mobile devices, secure mobile asset deployment, and mobile data loss Key Considerations Balance mobile security with usability Understand the true threats Consider training and awareness to compensate for reduced control 9

Third party security The Challenge Reliance on third party relationships can significantly increase a organization's risk profile. Increased risk most often arises from poor planning, oversight, and control on the part of the organization and/or inferior performance or service on the part of the supplier. Overview Core functions many organizations are depending on third parties for their core operations and key business functions Competitive advantage looking to third-party relationships as a way to gain a competitive edge without regard for risks Nature of relationship third party risk isn t a risk unto itself; rather, it is a combination of other risks with various degrees of severity based on the nature of the relationship with the third party Regulatory requirements continue to increase and evolve with changes in outsourcing trends Key Considerations Tailor practices based on complexity of third party activities Tier outsourced third party relationships based on risk Consider ongoing operational performance reviews of critical vendors 10

Cloud computing The Challenge Cloud computing is changing how businesses purchase, deploy, and support IT services, and most organizations now are responding to the new opportunities. Security concerns rank as the most challenging to resolve, and act as a barrier to cloud adoption across all industries. Overview Increased business demand business pursuing cloud deployment for agility and cost savings before security maturation Responsibility and governance lack of appropriate governance and oversight are as critical as security concerns Inherent risks exacerbated when data in the cloud resides in a foreign country or moves across international borders Regulatory and compliance requirements not optional in cloud computing Key Considerations Build a holistic risk profile to support adoption Know boundaries of the cloud deployment model Understand time to market business drivers 11

Regulatory requirements The Challenge The evolving information security threat landscape has been recognized by industry regulators. Information security must understand the impacts of new regulations, changes to existing regulations and be early adopters of these changes. Overview Regulations change changes to regulations must analyzed and where necessary adopted into the information security program Regulations are global organizations with a global footprint must constantly monitor for changes to regulations in each operating jurisdiction Regulatory and compliance requirements are not optional and failure of information security to meet regulations can have a real impact to the business (fines, sanctions etc.) Key Considerations Know which regulatory jurisdictions to monitor Monitor for regulatory changes and determine impact Be a regulatory consultant to the business 12

In conclusion, here is what to watch out for. Information security as a compliance driven exercise The technical value proposition not a vision of the future Bolt-on security tools and controls for the sake of tools and controls Security at the end Not a trusted advisor A barrier to business progress and innovation Security that is only compliance driven, promoting a check-the-box mentality A program that cannot articulate how information security adds value to the organization Prioritizing bolt-on security controls and tools and not necessarily the needs of the business Mentality to involve information security at the end of a project or process only drives down information security program value Acting as a policy cop or paranoid custodian of security rather than an enabler to the business¹ 13

and what to consider focusing on Be resilient build program immune to a la mode security priorities Predict it takes more than good technology to prevent breaches Adapt understand and adjust current risk appetite Improve seek continuous improvement Evolve to a trusted advisor Understand current maturity & capabilities. Align with the business to reduce flavor of the month approach to security Proactive risk based approach to keep pace with evolving threat landscape A risk appetite that adjusts by aligning with the security priorities of the business Develop processes to build a security program based on continual improvement Grow an information security program that plays an active role in supporting the business strategy and that is a valued trusted adviser 14

This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback