Demystifying CyberSecurity & BScDA, CPA, Preparing for the - - PowerPoint PPT Presentation

demystifying cybersecurity
SMART_READER_LITE
LIVE PREVIEW

Demystifying CyberSecurity & BScDA, CPA, Preparing for the - - PowerPoint PPT Presentation

Sep 17, 2022 26 likes •187 views

Rick Ouellette, Demystifying CyberSecurity & BScDA, CPA, Preparing for the Board Room CGA, CISA, CISSP, CGEIT Find me on LinkedIn: rick-ouellette-5b1573a Consider Perspectives Source: https://cdn-images-

slide-1
SLIDE 1

Demystifying CyberSecurity & Preparing for the Board Room

Rick Ouellette, BScDA, CPA, CGA, CISA, CISSP, CGEIT

Find me on LinkedIn: rick-ouellette-5b1573a

slide-2
SLIDE 2

Source: https://cdn-images- 1.medium.com/max/1600/1*Yac5ryyS0kdQvSxSwoUscQ.png

Consider Perspectives

slide-3
SLIDE 3

We Need To Work Together

Source: Rick Ouellette

slide-4
SLIDE 4

We need a simple formula –

To focus ourselves & collaborate

slide-5
SLIDE 5

Foundation

  • f

Accounting A=L+OE Assets = Liabilities + Owner’s Equity Foundation that enables finance performance measures

slide-6
SLIDE 6

Foundation of Risk Management

T – VM = R Threats – Vulnerability Management = Risk Posture Foundation that enables risk management performance measures

slide-7
SLIDE 7

Key Document: Institute of Internal Auditors - “GTAG 6”

Vulnerability Management

slide-8
SLIDE 8

80 / 20?

Source: IIA’s Global Technology Audit Guide – Managing and Auditing IT, 2006

Vulnerability Management Highlights

slide-9
SLIDE 9

Performance Management -

Leading and Lagging Indicators

slide-10
SLIDE 10

CyberSec VM Performance Management

Leading Indicators

Before

Lagging Indicators

After Balanced Scorecard SOMIA

(measure)

Corporate Alignment

Now

slide-11
SLIDE 11

VM Capability Components

  • People
  • Process
  • Technology
  • Information
slide-12
SLIDE 12

For Example, Leading: People

  • 52 work roles in the NICE Framework (next slide)
  • Do we have the required roles defined?
  • Do we have the required functions mapped?
  • Required experience, skills and certs defined?
  • Roles filled?
  • 100% filled with 100% of experience, skills, certs?
  • 50% filled with 70% of essential qualities?
slide-13
SLIDE 13

Source: http://www.auditscripts.com/free-resources/critical-security-controls/

VM: Critical Controls Self- Assessment

slide-14
SLIDE 14

Lets Bring It Home……… Build a Bridge to The Board

slide-15
SLIDE 15

Source: https://corpgov.law.harvard.edu/2017/06/27/ten-questions-every-board-should-ask-in-overseeing-cyber-risks/

K e y

Examples from -Ten Questions Every Board Should Ask in Overseeing Cyber Risks

Quoted from the Harvard Law School Forum on Corporate Governance and Financial Regulation

  • 1. Has management given serious consideration to how much of the budget and how much

staff is adequate for proper cyber risk management?

  • 2. Has management taken steps to mitigate the cybersecurity risks associated with
  • utsourcing business functions to third parties?
  • 3. Has management installed adequate technology not only for preventing the downloading
  • f malicious software but also for detecting and alerting the organization to attempted

breaches?

  • 4. What steps does management take to safeguard sensitive non-digital information?

Bridge to the Board’s Perspective

slide-16
SLIDE 16

Thank you!