demystifying cybersecurity
play

Demystifying CyberSecurity & BScDA, CPA, Preparing for the - PowerPoint PPT Presentation

Sep 17, 2022 •26 likes •186 views

Rick Ouellette, Demystifying CyberSecurity & BScDA, CPA, Preparing for the Board Room CGA, CISA, CISSP, CGEIT Find me on LinkedIn: rick-ouellette-5b1573a Consider Perspectives Source: https://cdn-images-

  1. Rick Ouellette, Demystifying CyberSecurity & BScDA, CPA, Preparing for the Board Room CGA, CISA, CISSP, CGEIT Find me on LinkedIn: rick-ouellette-5b1573a

  2. Consider Perspectives Source: https://cdn-images- 1.medium.com/max/1600/1*Yac5ryyS0kdQvSxSwoUscQ.png

  3. We Need To Work Together Source: Rick Ouellette

  4. We need a simple formula – To focus ourselves & collaborate

  5. A=L+OE Assets = Liabilities + Foundation Owner’s Equity of Accounting Foundation that enables finance performance measures

  6. T – VM = R Threats – Vulnerability Management = Risk Foundation of Posture Risk Management Foundation that enables risk management performance measures

  7. Vulnerability Management Key Document: Institute of Internal Auditors - “GTAG 6”

  8. Vulnerability Management Highlights 80 / 20? Source: IIA’s Global Technology Audit Guide – Managing and Auditing IT, 2006

  9. Performance Management - Leading and Lagging Indicators

  10. CyberSec VM Performance Management Balanced Scorecard SOMIA Now (measure) Corporate Alignment Leading Indicators Lagging Indicators Before After

  11. VM Capability Components • People • Process • Technology • Information

  12. For Example, Leading: People • 52 work roles in the NICE Framework (next slide) • Do we have the required roles defined? • Do we have the required functions mapped? • Required experience, skills and certs defined? • Roles filled? • 100% filled with 100% of experience, skills, certs? • 50% filled with 70% of essential qualities?

  13. VM: Critical Controls Self- Assessment Source: http://www.auditscripts.com/free-resources/critical-security-controls/

  14. Lets Bring It Home……… Build a Bridge to The Board

  15. Bridge to the Board’s Perspective K e y Examples from -Ten Questions Every Board Should Ask in Overseeing Cyber Risks Quoted from the Harvard Law School Forum on Corporate Governance and Financial Regulation 1. Has management given serious consideration to how much of the budget and how much staff is adequate for proper cyber risk management? 2. Has management taken steps to mitigate the cybersecurity risks associated with outsourcing business functions to third parties? 3. Has management installed adequate technology not only for preventing the downloading of malicious software but also for detecting and alerting the organization to attempted breaches? 4. What steps does management take to safeguard sensitive non-digital information? Source: https://corpgov.law.harvard.edu/2017/06/27/ten-questions-every-board-should-ask-in-overseeing-cyber-risks/

  16. Thank you!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Demystifying DNA Demystifying DNA What is it? How do I get it? What is it? How do I

Demystifying DNA Demystifying DNA What is it? How do I get it? What is it? How do I

Demystifying DNA Demystifying DNA What is it? How do I get it? What is it? How do I get it? How do I get rid of it? How do I get rid of it? Alissa Bjerkhoel Litigation Coordinator, California Innocence Project Panel Attorney,

1.61k views • 124 slides
Demystifying SEO for Government Agencies Demystifying SEO for Government Agencies Why should you

Demystifying SEO for Government Agencies Demystifying SEO for Government Agencies Why should you

Drupal GovCon 2018 Demystifying SEO for Government Agencies Demystifying SEO for Government Agencies Why should you listen me? Jason Hamrick Senior Strategist Phase2 jhamrick@phase2technology.com Demystifying SEO for Government Agencies 2

418 views • 26 slides
U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides
Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives: Define Cybersecurity & why its important Provide information about Dept. Homeland Security Cybersecurity Campaigns: National

328 views • 22 slides
Demystifying Benchmarks How to Use Them to Better Evaluate Databases Peter Friedenbach,

Demystifying Benchmarks How to Use Them to Better Evaluate Databases Peter Friedenbach,

Flexible transactional scale for the connected world. Demystifying Benchmarks How to Use Them to Better Evaluate Databases Peter Friedenbach, Performance Architect | Clustrix Demystifying Benchmarks Outline A Brief History of Database

591 views • 20 slides
Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland Chapter Contents Cybersecurity and risk management 1 Cybersecurity and the regulatory 2 environment Cybersecurity and the audit 3 4 Appendix

685 views • 37 slides
Demystifying the Finance Audit Committee DEMYSTIFYING THE FINANCE AND AUDIT COMMITTEE

Demystifying the Finance Audit Committee DEMYSTIFYING THE FINANCE AND AUDIT COMMITTEE

DEMYSTIFYING THE FINANCE AND AUDIT COMMITTEE Demystifying the Finance Audit Committee DEMYSTIFYING THE FINANCE AND AUDIT COMMITTEE Agenda 1. How to set-up the Finance and Audit Committee 2. Terms of Reference 3. Recruitment 4.

503 views • 33 slides
Demystifying The Edge for the IIoT Deployment: Supporting the new Industrial Landscape

Demystifying The Edge for the IIoT Deployment: Supporting the new Industrial Landscape

Demystifying The Edge for the IIoT Deployment: Supporting the new Industrial Landscape Department/Name/Date 1 Demystifying The Edge for IIoT I. Review the applications and services driving IIoT Edge deployments II. Discuss proper planning

689 views • 41 slides
KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing

7/17/2020 KACo Cybersecurity Training KACo Cybersecurity Training Cybersecurity Threats Phishing Attacks Malware/Ransomware Hacking Imposter Scams 1 7/17/2020 KACo Cybersecurity Training BEWARE OF Phishing Phishing attacks

248 views • 6 slides
Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright CyberSecurity Scholar 4 September 2019 James Davenport Formal Methods and CyberSecurity CyberSecurity CyberSecurity failures abound: tens daily in the

212 views • 19 slides
Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright

Formal Methods and CyberSecurity James Davenport University of Bath Former Fulbright CyberSecurity Scholar 4 September 2018 James Davenport Formal Methods and CyberSecurity CyberSecurity CyberSecurity failures abound: tens daily in the

325 views • 18 slides
ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity

ITU Mandate and Activities ITU Mandate and Activities Related to Cybersecurity Cybersecurity Related to Subregional Seminar on Cybersecurity for Information and Communication Networks 21 June 2005 Lima, Peru Christine Sund Christine Sund

921 views • 48 slides
Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel

Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel

Being Strategic about Cybersecurity Regional Cybersecurity Forum, 29-30 Nov 2016, Grand Hotel Sofia, Bulgaria Mr. Joaqun Castelln , Operational Director Spanish National Security Department Ms. Anita TIKOS , Desk Officer for International

197 views • 15 slides
EU in action about cybersecurity NIS Directive 5G Cybersecurity Act GDPR Contractual ISACs

EU in action about cybersecurity NIS Directive 5G Cybersecurity Act GDPR Contractual ISACs

EU Cybersecurity European policy overview e-IRG e-IRG 4 December 2019 Brussels Anni Hellman, Senior Expert, Permanent Representation of Finland to the European Union Seconded for the Finnish Presidency from the Directorate General

320 views • 28 slides
Demystifying Relational Latent Representations Sebastijan Dumani, Hendrik Blockeel DTAI, KU

Demystifying Relational Latent Representations Sebastijan Dumani, Hendrik Blockeel DTAI, KU

Demystifying Relational Latent Representations Sebastijan Dumani, Hendrik Blockeel DTAI, KU Leuven September 6, ILP 2017 1 Outline 2/24 1 Introduction 2 Understanding latent features 3 Properties of latent spaces Demystifying

281 views • 24 slides
MAYASEVENs Hacking Diary Who are we? Nop Phoomthaisong MAYASEVEN Team Cybersecurity

MAYASEVENs Hacking Diary Who are we? Nop Phoomthaisong MAYASEVEN Team Cybersecurity

MAYASEVENs Hacking Diary Who are we? Nop Phoomthaisong MAYASEVEN Team Cybersecurity Consultants, The Cybersecurity Expert Guys Cybersecurity Researcher 2 Agenda 1. Account Takeover via Forgot Password Function 2. Amazon S3

2.36k views • 75 slides
Reservoir Simulation of Million-Cell Models on Desktop Computers KnutAndreas Lie SINTEF ICT,

Reservoir Simulation of Million-Cell Models on Desktop Computers KnutAndreas Lie SINTEF ICT,

Reservoir Simulation of Million-Cell Models on Desktop Computers KnutAndreas Lie SINTEF ICT, Dept. Applied Mathematics The 22nd Kongsberg Seminar, May 2009 Applied Mathematics 07/05/2009 1/26 Physical Scales in Porous Media Flow ... one

638 views • 46 slides
GNU Guix R. Wurmus , B. Uyar, B. Osberg,

GNU Guix R. Wurmus , B. Uyar, B. Osberg,

Reproducible genomics analysis pipelines with GNU Guix R. Wurmus , B. Uyar, B. Osberg, V. Franke, https://doi.org/10.1093/gigascience/giy123 A. Gosdschan, K. Wreczycka, J. Ronen, A. Akalin

576 views • 24 slides
Effective Solvers for Reservoir Simulation Xiaozhe Hu The Pennsylvania State University

Effective Solvers for Reservoir Simulation Xiaozhe Hu The Pennsylvania State University

Effective Solvers for Reservoir Simulation Xiaozhe Hu The Pennsylvania State University Numerical Analysis of Multiscale Problems & Stochastic Modelling, RICAM, Linz, Dec. 12-16, 2011 X. Hu (Penn State) Effective Solvers for Reservoir

546 views • 52 slides
Safety Assessment of Food Packaging and Food Contact Substances May 23, 2017 Welcome Michael

Safety Assessment of Food Packaging and Food Contact Substances May 23, 2017 Welcome Michael

Safety Assessment of Food Packaging and Food Contact Substances May 23, 2017 Welcome Michael Adams, PhD Deputy Director, Office of Food Additive Safety, CFSAN, US FDA, College Park, MD Welcome from SOT Peter L. Goering, PhD, DABT, ATS

641 views • 15 slides
Using an IEEE 802.1AS Network as a i 802 S k Distributed IEEE 1588 Boundary Distributed IEEE

Using an IEEE 802.1AS Network as a i 802 S k Distributed IEEE 1588 Boundary Distributed IEEE

Using an IEEE 802.1AS Network as a i 802 S k Distributed IEEE 1588 Boundary Distributed IEEE 1588 Boundary, Ordinary, or Transparent Clock Geoffrey M. Garner Samsung Advanced Institute of Technology (SAIT), Consultant (SAIT) Consultant

580 views • 39 slides
Dark matter local density determination based on recent observations Pablo Fernndez de Salas

Dark matter local density determination based on recent observations Pablo Fernndez de Salas

Dark matter local density determination based on recent observations Pablo Fernndez de Salas Oskar Klein Centre for Cosmoparticle Physics, Stockholm University TAUP 2019 Toyama 11th September 2019 The presence of dark matter (DM)

425 views • 38 slides
To a Billion and Beyond How to Visually Explore, Compare and Share Large Quantitative Datasets

To a Billion and Beyond How to Visually Explore, Compare and Share Large Quantitative Datasets

To a Billion and Beyond How to Visually Explore, Compare and Share Large Quantitative Datasets with HiGlass Peter Kerpedjiev, Nezar Abdennur, and Fritz Lekschas Peter Kerpedjiev Nezar Abdennur Fritz Lekschas Software Engineer at Zymergen

451 views • 33 slides
Finite Horizon Robustness Analysis of LTV Systems Using Integral Quadratic Constraints Peter

Finite Horizon Robustness Analysis of LTV Systems Using Integral Quadratic Constraints Peter

Finite Horizon Robustness Analysis of LTV Systems Using Integral Quadratic Constraints Peter Seiler University of Minnesota M. Moore, C. Meissen, M. Arcak, and A. Packard University of California, Berkeley MTA Sztaki October 5, 2017 A EROSPACE

622 views • 40 slides

More recommend