SlideShare ist ein Scribd-Unternehmen logo

Cyber security: Five leadership issues worthy of board and executive attention

R
Ramón Gómez de Olea y Bustinza

Estudio de Russell Reynolds Associates sobre ciberseguridad que explora la importancia de la relación entre el Chief Information Security Officer y el Consejo de Administración.

Technologie
1 von 10
Downloaden Sie, um offline zu lesen
1 Cyber Security: Five Leadership Issues Worthy of Board and Executive Attention
2 Introduction How effectively does your board discuss emerging risks like cyber security? How plugged-in is your CISO? How effective is your chief information security officer (CISO) at clarifying the nature and urgency of cyber security risk with your board and executive team? Does your CISO maintain a siloed technology view or a broader business/risk view? Do you have the right leadership and talent in place to protect your business? 1 2 3 4 5
3 Board Readiness BOARD KNOWLEDGE OF EMERGING RISKS2 Despite changes in how boards view risk allocation—and additional focus on financial risk—most directors lack knowledge of emerging risks like cyber security. Director Understanding of Cyber Security Risks How effectively does your board address emerging risks like cyber security? Successful security strategies require boards to play a fundamental role. While boards have focused on mitigating financial risk by way of audit committees, they must now broaden their focus to include emerging risks like cyber security. As cyber security becomes a greater concern, boards must play a more active role in navigating their firm through an increasingly complex and challenging environment. Some knowledge 70.3%Little knowledge 19.2% High level of knowledge 10.5% VIEW FROM CISOs: IS YOUR BOARD OF DIRECTORS CONCERNED WITH SECURITY?1 Yes No Don’t know 78.73% 9.72% 11.55% KEY POINTS Being proactive by embracing a broader risk management approach and prioritizing key issues like cyber security are no longer options but a necessity. Managing risk is increasingly a board-wide function as focus on emerging threats like cyber security continues to increase. While boards give more of their attention to major risks like cyber security, most directors still lack a deep understanding of cyber security risk. 1. “No Respect: Chief Information Security Officers Misunderstood and Underappreciated by their C-level Peers,” ThreatTrack Security, 2014. 2. “2014-2015 Public Company Governance Survey,” National Association of Corporate Directors.
4 Clarifying Risk and Driving Urgency How effective is your CISO at clarifying the nature and urgency of cyber security risk with your board and executive team? As organizations continue to focus their attention on cyber security risks, CISOs will remain fundamental to developing and implementing the organization’s security strategy and vision. With boards increasingly dependent on CISOs for both information and the execution of security strategy, organizations must have the right security leadership in place and the proper reporting structure to establish key communication channels with the broader leadership team and to protect the enterprise. WHILE CYBER SECURITY IS A GROWING CONCERN, THERE STILL REMAINS A LACK OF COMMUNICATION BETWEEN THE EXECUTIVE TEAM AND THE CISO HAVING THE WRONG COMMUNICATION CHANNELS WITHIN AN ORGANIZATION HAS REAL FINANCIAL CONSEQUENCES5 TO WHOM DOES SECURITY REPORT IN YOUR ORGANIZATION?1 Despite the prominence of cyber security threats, most CISOs continue to report to the CIO. CEO 19.97% CFO 5.96% Audit 3.54% Board of Directors 10.79% CIO 59.74% 14% Organizations in which the CISO reported to the CIO experienced 14% more downtime due to cyber security incidents than those organizations in which the CISO reported directly to the CEO. 46% Financial losses were 46% higher in organizations where the CISO reported to the CIO than when the CISO reported to the CEO. According to PwC’s The Global State of Information Security Survey 2014, having the CISO report to almost any position in senior management other than the CIO (board of directors, CFO, etc.) reduced financial losses from cyber incidents. 49% of respondents in The Global State of Information Security Survey 2015 by PricewaterhouseCoopers said their organization had a cross- organizational team that regularly convenes to discuss, coordinate, and communicate information security issues.4 KEY POINTS Despite cyber security’s growing prominence, there remains a lack of communication between security leaders and senior leadership. Many firms still don’t have a proper reporting structure in place to establish better communication channels. Evidence suggests that having the CISO report to the CIO increases the likelihood and severity of security incidents. 1. State of Cybersecurity: Implications for 2015, ISACA and RSA Conference Study. 2. Ibid. 3. US Cybersecurity: Progress Stalled – Key Findings from the 2015 US State of Cybercrime Survey, PwC, 2015. 4. The Global State of Information Security Survey 2015, PwC. 5. Ibid. 26% of respondents in a PricewaterhouseCoopers survey of over 500 executives and public officials said their CISO makes a security presentation to the board only once a year, while 30% of respondents said their senior security executive makes quarterly security presentations. 28% of respondents said their security leaders make no presentation at all.3
5 IT Expert or Business Leader? Does your CISO maintain a siloed technology view or a broader business/risk view? CISOs must operate strategically, ensuring clearly visible alignment between business strategy and cyber security strategy. Top CISOs have an influential and compelling voice at board meetings and in executive committee discussions. And CISOs articulate cyber security strategy not as a simple cost of doing business but, instead, as a crucial enabler of business outcomes. WHAT IS THE BIGGEST SKILL GAP YOU SEE IN TODAY’S SECURITY PROFESSIONALS?1 MANY CISOs STILL LACK THE CLOUT WITHIN THEIR ORGANIZATION TO UNDERSTAND THE BUSINESSES THEY PROTECT, THOUGH THIS UNDERSTANDING IS BECOMING INCREASINGLY IMPORTANT TO THEIR ROLE. 4 The growing complexity of organizations requires CISOs to both protect the enterprise and support broader business objectives. Managing this balance is increasingly important, not just to the near-term health of the business but to the long-term clout of the CISO role, a role that many organizations have elevated and have included in broader strategic decision making. Technical skills Ability to understand the business Communication 46% 42% 72% There is a prevailing sense that individuals in the CISO role are specialists with a narrow skill set. While half of executives believed CISOs provide valuable guidance to leadership, nearly one-fifth view the role as primarily an advisor to the CIO on cyber security strategy. 62% of CISOs developed their security strategy in conjunction with other strategies (primarily IT, risk and operations).3 61% of executives did not believe their CISO would succeed in a non-information security leadership position within their organization. 68% of executives did not agree that CISOs possessed broad awareness of organizational objectives and business needs outside of information security. 74% of executives did not believe CISOs should be part of organizational leadership teams. 28% of executives said a decision by their CISO has hurt their business’ bottom line.2 1. State of Cybersecurity: Implications for 2015, ISACA and RSA Conference Study 2. “No Respect: Chief Information. Security Officers Misunderstood and Underappreciated by their C-level Peers,” ThreatTrack Security, 2014. 3. Fortifying for the Future of Security, IBM 2014 CISO Assessment. 4. “No Respect: Chief Information Security Officers Misunderstood and Underappreciated by their C-level Peers,” ThreatTrack Security, 2014. KEY POINTS The CISO role demands a strong understanding of the business, not just technical ability. There still remains a large number of security leaders who do not build their security strategy around the business. Many executives do not understand the CISO’s new, expanding role, which makes it challenging for CISOs to exert influence across the company and align cyber strategy with business strategy.
6 Having a Strong Relationship Network How plugged-in is your CISO? Information sharing has never been more essential. CISOs need a strong external network to better understand the extent of their vulnerabilities, to adopt best practices and to attract security talent. Being externally focused and proactive rather than internally focused is essential. SHARING THREAT INFORMATION1 CISOs face an increasingly complex security ecosystem. Communication among members of the ecosystem is extremely important, but organizations still are underperforming in this area. EXTERNAL COLLABORATION IS MORE IMPORTANT FOR MAINTAINING INDUSTRY BEST PRACTICES AND COUNTERING THREATS FROM THE SAME SOURCE3 1. Fortifying for the Future of Security, IBM 2014 CISO Assessment. 2. Ibid. 3. ibid. of security vendors share information 57% of industry peers share information 51% of government organizations/agencies share information 43% of suppliers share information 22% Security ecosystem Suppliers Government organizations/ agencies Industry peers Security vendors “External collaboration gives security leaders a chance to observe industry practices and evolve with their peers to better understand where the “good stuff” is happening... The reality of today’s expansive threat landscape is that we can’t fully protect everything. Other firms face the same challenge so hearing the perspectives of my peers helps to improve our strategies around our most sensitive information.”2 John Taylor, former Global Head of IT Security, British American Tobacco 62% vs. 42% of security leaders believed industry-related security groups will become more necessary in the next three to five years. 86% While 62% of security leaders strongly agreed that the risk level to their organization was increasing due to the number of interactions and connections with customers, suppliers and partners, only 42% of organizations were a member of a formal industry-related security forum/group. KEY POINTS Protecting not just the firm but the ecosystem is becoming increasingly essential for organizations. In order to protect the ecosystem, CISOs must be externally focused and proactively build a strong network of contacts among customers, suppliers, security vendors, and government agencies. Regular communication among the firm’s existing stakeholders in the ecosystem is and will continue to be an important part of a sound security strategy.
7 Talent Is the Best Defense Do you have the right leadership and talent in place to protect your business? The increasing complexity of cyber security threats requires new types of security leaders who can go beyond their traditionally narrow technical domains and understand how to protect the business in a holistic way. Cyber security leaders who can effectively do these things are scarce. With a high demand for talent and a low supply, knowing where to look for talent will become increasingly critical. KEY POINTS As cyber security persists as a primary concern, the focus will shift heavily on talented leaders with both technical aptitude and business acumen. With a limited supply of talent, organizations must know where to find top talent in markets and sectors with which they may not be familiar, including the public sector. Developing bench strength below the CISO will become increasingly important as organizational challenges become more complex. THE CYBER TALENT GAP WILL PERSIST1 A study by the Ponemon Institute for Raytheon in 2015 showed that the verdict across regions was the same: Organizations need more knowledgeable and experienced cyber security practitioners. My Organization Needs More Knowledgeable and Experienced Cyber Security Practitioners FACTORS THAT WILL HINDER IMPROVEMENT OVER THE NEXT THREE YEARS2 WHERE DOES CYBER SECURITY TALENT COME FROM? CYBER SECURITY ARCHETYPES3 : 1. 2015 Global Megatrends in Cybersecurity, Ponemon Institute for Raytheon, February 2015. 2. Ibid. 3. Russell Reynolds Associates proprietary study. U.S. UK/Europe Middle East/ North Africa 67% 66% 65% Inability to hire and retain expert staff Lack of actionable intelligence Inability to minimize employee risk Lack of funding Lack of suitable technologies Increase in complexity Lack of C-level support Lack of cyber security leadership Increase in compliance burden 45% 44% 43% 34% 33% 31% 29% 22% 19% Organizations trying to prepare for the future face a number of challenges, including finding top talent. According to a major survey by the Ponemon Institute for Raytheon, the primary factor hindering improvement in cyber defense is the inability to hire and retain staff (45%), followed by a lack of actionable intelligence (44%) and the inability to curb employee-related security risks (43%). Profile 1: Professional Services/Audit Profile 2: General Technologists Profile 3: Military or Law Enforcement Professionals Profile 4: Cyber Security Threat Intelligence Specialists Profile 5: Corporate Development/ Strategy Executives Often holding a technical degree in engineering or computer science, these executives typically begin their career in the cyber security function of a large organization and climb their way to the top. Frequently holding a technical degree in engineering or computer science, these executives normally begin their career in corporate IT (e.g., applications development) and migrate to a specialization in cyber security. Less commonly holding a technical degree, these executives begin their career in the military or law enforcement, gaining technical expertise via experience and rising to a senior cyber security role before migrating to a senior position within the cyber security function of a corporation. Cutting-edge cyber threat intelligence specialists who are extremely technical, often coming out of organizations like the National Security Agency or the broader intelligence community. An emerging class of business leaders who are trained in cyber security and are positioned for broader risk management roles.
8 GLOBAL OFFICES Americas Atlanta Boston Buenos Aires Calgary Chicago Dallas Houston Los Angeles Mexico City Minneapolis/St. Paul Montréal New York Palo Alto San Francisco São Paulo Stamford Toronto Washington, D.C. EMEA Amsterdam Barcelona Brussels Copenhagen Dubai Frankfurt Hamburg Helsinki Istanbul London Madrid Milan Munich Oslo Paris Stockholm Warsaw Zurich Asia/Pacific Beijing Hong Kong Melbourne Mumbai New Delhi Seoul Shanghai Singapore Sydney Tokyo Russell Reynolds Associates is a global leader in assessment, recruitment and succession planning for boards of directors, chief executive officers and key roles within the C-suite. With more than 370 consultants in 46 offices around the world, we work closely with both public and private organizations across all industries and regions. We help our clients build boards and executive teams that can meet the challenges and opportunities presented by the digital, economic, environmental and political trends that are reshaping the global business environment. www.russellreynolds.com. Follow us on Twitter: @RRAonLeadership.
9 © Copyright 2015, Russell Reynolds Associates. All rights reserved. Americas Atlanta 1180 Peachtree St., NE Suite 2250 Atlanta, GA 30309-3521 United States of America Tel: +1-404-577-3000 Boston One Federal Street, 26th Fl. Boston, MA 02110-1007 United States of America Tel: +1-617-523-1111 Buenos Aires Manuela Sáenz 323 7th Floor, Suites 14 & 15 C1107BPA, Buenos Aires Argentina Tel: +54-11-4118-8900 Calgary Suite 750, Ernst & Young Tower 440-2nd Avenue SW Calgary, Alberta T2P 5E9 Canada Tel: +1-403-776-4175 Chicago 155 North Wacker Drive Suite 4100 Chicago, IL 60606-1732 United States of America Tel: +1-312-993-9696 Dallas 200 Crescent Court, Suite 1000 Dallas, TX 75201-1834 United States of America Tel: +1-214-220-2033 Houston 600 Travis Street, Suite 2200 Houston, TX 77002-2910 United States of America Tel: +1-713-754-5995 Los Angeles 11100 Santa Monica Blvd. Suite 350 Los Angeles, CA 90025-3384 United States of America Tel: +1-310-775-8940 Mexico City Torre Reforma 115 Paseo de la Reforma 115-1502 Lomas de Chapultepec 11000 México, D.F. México Tel: +52-55-5249-5130 Minneapolis/St. Paul IDS Center 80 South 8th St, Suite 1425 Minneapolis, MN 55402-2100 United States of America Tel: +1-612-332-6966 Montréal 2000, avenue McGill College 6e étage Montréal (Québec) H3A 3H3 Canada Tel: +1-514-416-3300 New York 200 Park Avenue Suite 2300 New York, NY 10166-0002 United States of America Tel: +1-212-351-2000 Palo Alto 260 Homer Avenue, Suite 202 Palo Alto, CA 94301-2777 United States of America Tel: +1-650-233-2400 San Francisco 101 California Street Suite 2900 San Francisco, CA 94111-5829 United States of America Tel: +1-415-352-3300 São Paulo Edifício Eldorado Business Tower Av. Nações Unidas, 8.501 11º 05425-070 São Paulo Brazil Tel: +55-11-3566-2400 Stamford 301 Tresser Boulevard Suite 1210 Stamford, CT 06901-3250 United States of America Tel: +1-203-905-3341 Toronto 40 King Street West Scotia Plaza, Suite 3410 Toronto, ON M5H 3Y2 Canada Tel: +1-416-364-3355 Washington, D.C. 1700 New York Avenue, NW Suite 400 Washington, D.C. 20006-5208 United States of America Tel: +1-202-654-7800 Asia/Pacific Beijing Unit 3422 China World Offfice 1 No. 1 Jian Guo Men Wai Avenue Beijing 100004 China Tel: +86-10-6535-1188 Hong Kong Room 1801, Alexandra House 18 Chater Road Central Hong Kong, China Tel: +852-2523-9123 Melbourne Level 51, Rialto Towers 525 Collins Street Melbourne, VIC 3000 Australia Tel: +61-3-9603-1300 Mumbai 63, 3 North Avenue, Maker Maxity Bandra Kurla Complex Bandra (East), Mumbai 400 051 India Tel: +91-22-6733-2222 New Delhi One Horizon Center, 14th floor Golf Course Road, Sector 43 DLF Phase-V, Gurgaon 122 002, Haryana India Tel: +91-11-4603-4600 Seoul 16F West Tower Mirae Asset Centre 1 Building 26 Eulji-ro 5-gil, Jung-gu Seoul 100-210 Korea Tel: +82-2-6030-3200 Shanghai Room 4504, Jin Mao Tower 88 Century Avenue Shanghai 200121 China Tel: +86-21-6163-0888 Singapore 12 Marina View #18-01 Asia Square Tower 2 Singapore 018961 Tel: +65-6225-1811 Sydney Level 25 1 Bligh Street Sydney NSW 2000 Australia Tel: +61-2-9258-3100 Tokyo Akasaka Biz Tower 37F 5-3-1 Akasaka Minato-ku, Tokyo 107-6337 Japan Tel: +81-3-5114-3700 EMEA Amsterdam World Trade Center, Tower H, 18th Floor Zuidplein 148 1077 XV Amsterdam The Netherlands Tel: +31-20-305-7630 Barcelona Avda. Diagonal, 613 2˚A 08028 Barcelona Spain Tel: +34-93-494-9400 Brussels Boulevard Saint-Michel 27 B-1040 Brussels Belgium Tel: +32-2-743-12-20 Copenhagen Kongens Nytorv 3 1050 Copenhagen K Denmark Tel: +45-33-69-23-20 Dubai Burj Daman Offices Tower Office C610, 6th floor DIFC, PO Box 507008 Dubai United Arab Emirates Tel: +971 50 6574346 Frankfurt OpernTurm, 60306 Frankfurt am Main Germany Tel: +49-69-75-60-90-0 Hamburg Stadthausbrücke 1-3/Fleethof 20355 Hamburg Germany Tel: +49-40-48-06-61-0 Helsinki Unioninkatu 22 00130 Helsinki Finland Tel: +358-9-6226-7000 Istanbul Cumhuriyet Cad. No 48 Kat: 4/B Pegasus Evi Elmadağ 34367 Şişli Istanbul / Türkiye Tel: +90-212-705-3550 London Almack House 28 King Street London SW1Y 6QW United Kingdom Tel: +44-20-7839-7788 Madrid Miguel Angel, 11, 7° 28010 Madrid Spain Tel: +34-91-319-7100 Milan Corso Giacomo Matteotti, 3 20121 Milan Italy Tel: +39-02-430-015-1 Munich Maximilianstraße 12-14 80539 München Germany Tel: +49-89-24-89-81-3 Oslo Haakon VIIs Gata 1 NO-0161 Oslo Norway Tel: +47-2203-8010 Paris 20 rue de la Paix 75002 Paris France Tel: +33-1-49-26-13-00 Stockholm Hamngatan 27 SE-111 47 Stockholm Sweden Tel: +46-8-545-074-40 Warsaw Belvedere Plaza ul. Belwederska 23 00-761 Warsaw Poland Tel: +48-22-851-68-38 Zürich Stampfenbachstrasse 5 8001 Zurich Switzerland Tel: +41-44-447-30-30
10 RussellReynolds.com

Empfohlen

Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Websense
WebsenseWebsense
WebsenseCMR WORLD TECH
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 

Empfohlen

Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Websense
WebsenseWebsense
WebsenseCMR WORLD TECH
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber SecurityLeon Fouche
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCheffley White
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security RisksHeimdal Security
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial InstitutionsKhawar Nehal khawar.nehal@atrc.net.pk
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boardsPaul McGillicuddy
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing OCTF Industry Engagement
 
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...Phil Agcaoili
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final ReportPhil Agcaoili
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber SecurityPhil Agcaoili
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
Cyber security
Cyber securityCyber security
Cyber securityVaibhav Jain
 
Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Dawn Yankeelov
 
Bank Director List of Worries
Bank Director List of WorriesBank Director List of Worries
Bank Director List of WorriesBank Director
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber SecurityFireEye, Inc.
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCheffley White
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security RisksHeimdal Security
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boardsPaul McGillicuddy
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Dawn Yankeelov
 
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...Phil Agcaoili
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final ReportPhil Agcaoili
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber SecurityPhil Agcaoili
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye, Inc.
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesAlex Rudie
 
Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Dawn Yankeelov
 

Was ist angesagt? (20)

Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
 
The Board and Cyber Security
The Board and Cyber SecurityThe Board and Cyber Security
The Board and Cyber Security
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate Boards
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business Mission
 
Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boards
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
 
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management an...
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial Institutions
 
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The BreachFireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach
 
Cybersecurity Risks for Businesses
Cybersecurity Risks for BusinessesCybersecurity Risks for Businesses
Cybersecurity Risks for Businesses
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019
 

Andere mochten auch

Bank Director List of Worries
Bank Director List of WorriesBank Director List of Worries
Bank Director List of WorriesBank Director
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
Cyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsCyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsWynyard Group
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond
(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond
(Consulting) Couch to CISO: A Security Leader's First 100 Days and BeyondPhilip Beyer
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...centralohioissa
 
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNorth Texas Chapter of the ISSA
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Tripwire
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected WorldRussell_Kennedy
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Phil Agcaoili
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Rahul Neel Mani
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 

Andere mochten auch (19)

Bank Director List of Worries
Bank Director List of WorriesBank Director List of Worries
Bank Director List of Worries
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
 
10 Rules for Vendors - an Overview
10 Rules for Vendors - an Overview10 Rules for Vendors - an Overview
10 Rules for Vendors - an Overview
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
Cyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teamsCyber risk tips for boards and executive teams
Cyber risk tips for boards and executive teams
 
RSA 2017 - CISO's 5 steps to Success
RSA 2017 - CISO's 5 steps to SuccessRSA 2017 - CISO's 5 steps to Success
RSA 2017 - CISO's 5 steps to Success
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
 
(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond
(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond
(Consulting) Couch to CISO: A Security Leader's First 100 Days and Beyond
 
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
Jason Harrell - Compliance and Security: Building a Cybersecurity Risk Manage...
 
NTXISSACSC4 - A Day in the Life of a CISO
NTXISSACSC4 - A Day in the Life of a CISONTXISSACSC4 - A Day in the Life of a CISO
NTXISSACSC4 - A Day in the Life of a CISO
 
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor AgreementsNTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
NTXISSACSC4 - Mitigating Security Risks in Vendor Agreements
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected World
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom? Is Cyber Security the Elephant in the Boardroom?
Is Cyber Security the Elephant in the Boardroom?
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
 

Ähnlich wie Cyber security: Five leadership issues worthy of board and executive attention

Insights from the IBM Chief Information Security Officer Assessment
Insights from the IBM Chief Information Security Officer AssessmentInsights from the IBM Chief Information Security Officer Assessment
Insights from the IBM Chief Information Security Officer AssessmentIBM Security
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 
IREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookIREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookChris Cornillie
 
speaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperspeaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperBilha Diaz
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital FutureCognizant
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Accenture Technology
 
10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber Risk10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber RiskMark Gibson
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Ideba
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
 
Cisco Yıllık Güvenlik Raporu 2015
Cisco Yıllık Güvenlik Raporu 2015Cisco Yıllık Güvenlik Raporu 2015
Cisco Yıllık Güvenlik Raporu 2015Marketing Türkiye
 

Ähnlich wie Cyber security: Five leadership issues worthy of board and executive attention (20)

Finding a strategic voice
Finding a strategic voiceFinding a strategic voice
Finding a strategic voice
 
Insights from the IBM Chief Information Security Officer Assessment
Insights from the IBM Chief Information Security Officer AssessmentInsights from the IBM Chief Information Security Officer Assessment
Insights from the IBM Chief Information Security Officer Assessment
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 
IREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookIREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security Outlook
 
speaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperspeaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaper
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
2015 IA survey - Protiviti
2015 IA survey - Protiviti2015 IA survey - Protiviti
2015 IA survey - Protiviti
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital Future
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chain
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
 
10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber Risk10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber Risk
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
 
Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Windstream Cloud Security Checklist
Windstream Cloud Security Checklist
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
 
Cisco Yıllık Güvenlik Raporu 2015
Cisco Yıllık Güvenlik Raporu 2015Cisco Yıllık Güvenlik Raporu 2015
Cisco Yıllık Güvenlik Raporu 2015
 

Kürzlich hochgeladen

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 

Kürzlich hochgeladen (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 

Cyber security: Five leadership issues worthy of board and executive attention

  • 1. 1 Cyber Security: Five Leadership Issues Worthy of Board and Executive Attention
  • 2. 2 Introduction How effectively does your board discuss emerging risks like cyber security? How plugged-in is your CISO? How effective is your chief information security officer (CISO) at clarifying the nature and urgency of cyber security risk with your board and executive team? Does your CISO maintain a siloed technology view or a broader business/risk view? Do you have the right leadership and talent in place to protect your business? 1 2 3 4 5
  • 3. 3 Board Readiness BOARD KNOWLEDGE OF EMERGING RISKS2 Despite changes in how boards view risk allocation—and additional focus on financial risk—most directors lack knowledge of emerging risks like cyber security. Director Understanding of Cyber Security Risks How effectively does your board address emerging risks like cyber security? Successful security strategies require boards to play a fundamental role. While boards have focused on mitigating financial risk by way of audit committees, they must now broaden their focus to include emerging risks like cyber security. As cyber security becomes a greater concern, boards must play a more active role in navigating their firm through an increasingly complex and challenging environment. Some knowledge 70.3%Little knowledge 19.2% High level of knowledge 10.5% VIEW FROM CISOs: IS YOUR BOARD OF DIRECTORS CONCERNED WITH SECURITY?1 Yes No Don’t know 78.73% 9.72% 11.55% KEY POINTS Being proactive by embracing a broader risk management approach and prioritizing key issues like cyber security are no longer options but a necessity. Managing risk is increasingly a board-wide function as focus on emerging threats like cyber security continues to increase. While boards give more of their attention to major risks like cyber security, most directors still lack a deep understanding of cyber security risk. 1. “No Respect: Chief Information Security Officers Misunderstood and Underappreciated by their C-level Peers,” ThreatTrack Security, 2014. 2. “2014-2015 Public Company Governance Survey,” National Association of Corporate Directors.
  • 4. 4 Clarifying Risk and Driving Urgency How effective is your CISO at clarifying the nature and urgency of cyber security risk with your board and executive team? As organizations continue to focus their attention on cyber security risks, CISOs will remain fundamental to developing and implementing the organization’s security strategy and vision. With boards increasingly dependent on CISOs for both information and the execution of security strategy, organizations must have the right security leadership in place and the proper reporting structure to establish key communication channels with the broader leadership team and to protect the enterprise. WHILE CYBER SECURITY IS A GROWING CONCERN, THERE STILL REMAINS A LACK OF COMMUNICATION BETWEEN THE EXECUTIVE TEAM AND THE CISO HAVING THE WRONG COMMUNICATION CHANNELS WITHIN AN ORGANIZATION HAS REAL FINANCIAL CONSEQUENCES5 TO WHOM DOES SECURITY REPORT IN YOUR ORGANIZATION?1 Despite the prominence of cyber security threats, most CISOs continue to report to the CIO. CEO 19.97% CFO 5.96% Audit 3.54% Board of Directors 10.79% CIO 59.74% 14% Organizations in which the CISO reported to the CIO experienced 14% more downtime due to cyber security incidents than those organizations in which the CISO reported directly to the CEO. 46% Financial losses were 46% higher in organizations where the CISO reported to the CIO than when the CISO reported to the CEO. According to PwC’s The Global State of Information Security Survey 2014, having the CISO report to almost any position in senior management other than the CIO (board of directors, CFO, etc.) reduced financial losses from cyber incidents. 49% of respondents in The Global State of Information Security Survey 2015 by PricewaterhouseCoopers said their organization had a cross- organizational team that regularly convenes to discuss, coordinate, and communicate information security issues.4 KEY POINTS Despite cyber security’s growing prominence, there remains a lack of communication between security leaders and senior leadership. Many firms still don’t have a proper reporting structure in place to establish better communication channels. Evidence suggests that having the CISO report to the CIO increases the likelihood and severity of security incidents. 1. State of Cybersecurity: Implications for 2015, ISACA and RSA Conference Study. 2. Ibid. 3. US Cybersecurity: Progress Stalled – Key Findings from the 2015 US State of Cybercrime Survey, PwC, 2015. 4. The Global State of Information Security Survey 2015, PwC. 5. Ibid. 26% of respondents in a PricewaterhouseCoopers survey of over 500 executives and public officials said their CISO makes a security presentation to the board only once a year, while 30% of respondents said their senior security executive makes quarterly security presentations. 28% of respondents said their security leaders make no presentation at all.3
  • 5. 5 IT Expert or Business Leader? Does your CISO maintain a siloed technology view or a broader business/risk view? CISOs must operate strategically, ensuring clearly visible alignment between business strategy and cyber security strategy. Top CISOs have an influential and compelling voice at board meetings and in executive committee discussions. And CISOs articulate cyber security strategy not as a simple cost of doing business but, instead, as a crucial enabler of business outcomes. WHAT IS THE BIGGEST SKILL GAP YOU SEE IN TODAY’S SECURITY PROFESSIONALS?1 MANY CISOs STILL LACK THE CLOUT WITHIN THEIR ORGANIZATION TO UNDERSTAND THE BUSINESSES THEY PROTECT, THOUGH THIS UNDERSTANDING IS BECOMING INCREASINGLY IMPORTANT TO THEIR ROLE. 4 The growing complexity of organizations requires CISOs to both protect the enterprise and support broader business objectives. Managing this balance is increasingly important, not just to the near-term health of the business but to the long-term clout of the CISO role, a role that many organizations have elevated and have included in broader strategic decision making. Technical skills Ability to understand the business Communication 46% 42% 72% There is a prevailing sense that individuals in the CISO role are specialists with a narrow skill set. While half of executives believed CISOs provide valuable guidance to leadership, nearly one-fifth view the role as primarily an advisor to the CIO on cyber security strategy. 62% of CISOs developed their security strategy in conjunction with other strategies (primarily IT, risk and operations).3 61% of executives did not believe their CISO would succeed in a non-information security leadership position within their organization. 68% of executives did not agree that CISOs possessed broad awareness of organizational objectives and business needs outside of information security. 74% of executives did not believe CISOs should be part of organizational leadership teams. 28% of executives said a decision by their CISO has hurt their business’ bottom line.2 1. State of Cybersecurity: Implications for 2015, ISACA and RSA Conference Study 2. “No Respect: Chief Information. Security Officers Misunderstood and Underappreciated by their C-level Peers,” ThreatTrack Security, 2014. 3. Fortifying for the Future of Security, IBM 2014 CISO Assessment. 4. “No Respect: Chief Information Security Officers Misunderstood and Underappreciated by their C-level Peers,” ThreatTrack Security, 2014. KEY POINTS The CISO role demands a strong understanding of the business, not just technical ability. There still remains a large number of security leaders who do not build their security strategy around the business. Many executives do not understand the CISO’s new, expanding role, which makes it challenging for CISOs to exert influence across the company and align cyber strategy with business strategy.
  • 6. 6 Having a Strong Relationship Network How plugged-in is your CISO? Information sharing has never been more essential. CISOs need a strong external network to better understand the extent of their vulnerabilities, to adopt best practices and to attract security talent. Being externally focused and proactive rather than internally focused is essential. SHARING THREAT INFORMATION1 CISOs face an increasingly complex security ecosystem. Communication among members of the ecosystem is extremely important, but organizations still are underperforming in this area. EXTERNAL COLLABORATION IS MORE IMPORTANT FOR MAINTAINING INDUSTRY BEST PRACTICES AND COUNTERING THREATS FROM THE SAME SOURCE3 1. Fortifying for the Future of Security, IBM 2014 CISO Assessment. 2. Ibid. 3. ibid. of security vendors share information 57% of industry peers share information 51% of government organizations/agencies share information 43% of suppliers share information 22% Security ecosystem Suppliers Government organizations/ agencies Industry peers Security vendors “External collaboration gives security leaders a chance to observe industry practices and evolve with their peers to better understand where the “good stuff” is happening... The reality of today’s expansive threat landscape is that we can’t fully protect everything. Other firms face the same challenge so hearing the perspectives of my peers helps to improve our strategies around our most sensitive information.”2 John Taylor, former Global Head of IT Security, British American Tobacco 62% vs. 42% of security leaders believed industry-related security groups will become more necessary in the next three to five years. 86% While 62% of security leaders strongly agreed that the risk level to their organization was increasing due to the number of interactions and connections with customers, suppliers and partners, only 42% of organizations were a member of a formal industry-related security forum/group. KEY POINTS Protecting not just the firm but the ecosystem is becoming increasingly essential for organizations. In order to protect the ecosystem, CISOs must be externally focused and proactively build a strong network of contacts among customers, suppliers, security vendors, and government agencies. Regular communication among the firm’s existing stakeholders in the ecosystem is and will continue to be an important part of a sound security strategy.
  • 7. 7 Talent Is the Best Defense Do you have the right leadership and talent in place to protect your business? The increasing complexity of cyber security threats requires new types of security leaders who can go beyond their traditionally narrow technical domains and understand how to protect the business in a holistic way. Cyber security leaders who can effectively do these things are scarce. With a high demand for talent and a low supply, knowing where to look for talent will become increasingly critical. KEY POINTS As cyber security persists as a primary concern, the focus will shift heavily on talented leaders with both technical aptitude and business acumen. With a limited supply of talent, organizations must know where to find top talent in markets and sectors with which they may not be familiar, including the public sector. Developing bench strength below the CISO will become increasingly important as organizational challenges become more complex. THE CYBER TALENT GAP WILL PERSIST1 A study by the Ponemon Institute for Raytheon in 2015 showed that the verdict across regions was the same: Organizations need more knowledgeable and experienced cyber security practitioners. My Organization Needs More Knowledgeable and Experienced Cyber Security Practitioners FACTORS THAT WILL HINDER IMPROVEMENT OVER THE NEXT THREE YEARS2 WHERE DOES CYBER SECURITY TALENT COME FROM? CYBER SECURITY ARCHETYPES3 : 1. 2015 Global Megatrends in Cybersecurity, Ponemon Institute for Raytheon, February 2015. 2. Ibid. 3. Russell Reynolds Associates proprietary study. U.S. UK/Europe Middle East/ North Africa 67% 66% 65% Inability to hire and retain expert staff Lack of actionable intelligence Inability to minimize employee risk Lack of funding Lack of suitable technologies Increase in complexity Lack of C-level support Lack of cyber security leadership Increase in compliance burden 45% 44% 43% 34% 33% 31% 29% 22% 19% Organizations trying to prepare for the future face a number of challenges, including finding top talent. According to a major survey by the Ponemon Institute for Raytheon, the primary factor hindering improvement in cyber defense is the inability to hire and retain staff (45%), followed by a lack of actionable intelligence (44%) and the inability to curb employee-related security risks (43%). Profile 1: Professional Services/Audit Profile 2: General Technologists Profile 3: Military or Law Enforcement Professionals Profile 4: Cyber Security Threat Intelligence Specialists Profile 5: Corporate Development/ Strategy Executives Often holding a technical degree in engineering or computer science, these executives typically begin their career in the cyber security function of a large organization and climb their way to the top. Frequently holding a technical degree in engineering or computer science, these executives normally begin their career in corporate IT (e.g., applications development) and migrate to a specialization in cyber security. Less commonly holding a technical degree, these executives begin their career in the military or law enforcement, gaining technical expertise via experience and rising to a senior cyber security role before migrating to a senior position within the cyber security function of a corporation. Cutting-edge cyber threat intelligence specialists who are extremely technical, often coming out of organizations like the National Security Agency or the broader intelligence community. An emerging class of business leaders who are trained in cyber security and are positioned for broader risk management roles.
  • 8. 8 GLOBAL OFFICES Americas Atlanta Boston Buenos Aires Calgary Chicago Dallas Houston Los Angeles Mexico City Minneapolis/St. Paul Montréal New York Palo Alto San Francisco São Paulo Stamford Toronto Washington, D.C. EMEA Amsterdam Barcelona Brussels Copenhagen Dubai Frankfurt Hamburg Helsinki Istanbul London Madrid Milan Munich Oslo Paris Stockholm Warsaw Zurich Asia/Pacific Beijing Hong Kong Melbourne Mumbai New Delhi Seoul Shanghai Singapore Sydney Tokyo Russell Reynolds Associates is a global leader in assessment, recruitment and succession planning for boards of directors, chief executive officers and key roles within the C-suite. With more than 370 consultants in 46 offices around the world, we work closely with both public and private organizations across all industries and regions. We help our clients build boards and executive teams that can meet the challenges and opportunities presented by the digital, economic, environmental and political trends that are reshaping the global business environment. www.russellreynolds.com. Follow us on Twitter: @RRAonLeadership.
  • 9. 9 © Copyright 2015, Russell Reynolds Associates. All rights reserved. Americas Atlanta 1180 Peachtree St., NE Suite 2250 Atlanta, GA 30309-3521 United States of America Tel: +1-404-577-3000 Boston One Federal Street, 26th Fl. Boston, MA 02110-1007 United States of America Tel: +1-617-523-1111 Buenos Aires Manuela Sáenz 323 7th Floor, Suites 14 & 15 C1107BPA, Buenos Aires Argentina Tel: +54-11-4118-8900 Calgary Suite 750, Ernst & Young Tower 440-2nd Avenue SW Calgary, Alberta T2P 5E9 Canada Tel: +1-403-776-4175 Chicago 155 North Wacker Drive Suite 4100 Chicago, IL 60606-1732 United States of America Tel: +1-312-993-9696 Dallas 200 Crescent Court, Suite 1000 Dallas, TX 75201-1834 United States of America Tel: +1-214-220-2033 Houston 600 Travis Street, Suite 2200 Houston, TX 77002-2910 United States of America Tel: +1-713-754-5995 Los Angeles 11100 Santa Monica Blvd. Suite 350 Los Angeles, CA 90025-3384 United States of America Tel: +1-310-775-8940 Mexico City Torre Reforma 115 Paseo de la Reforma 115-1502 Lomas de Chapultepec 11000 México, D.F. México Tel: +52-55-5249-5130 Minneapolis/St. Paul IDS Center 80 South 8th St, Suite 1425 Minneapolis, MN 55402-2100 United States of America Tel: +1-612-332-6966 Montréal 2000, avenue McGill College 6e étage Montréal (Québec) H3A 3H3 Canada Tel: +1-514-416-3300 New York 200 Park Avenue Suite 2300 New York, NY 10166-0002 United States of America Tel: +1-212-351-2000 Palo Alto 260 Homer Avenue, Suite 202 Palo Alto, CA 94301-2777 United States of America Tel: +1-650-233-2400 San Francisco 101 California Street Suite 2900 San Francisco, CA 94111-5829 United States of America Tel: +1-415-352-3300 São Paulo Edifício Eldorado Business Tower Av. Nações Unidas, 8.501 11º 05425-070 São Paulo Brazil Tel: +55-11-3566-2400 Stamford 301 Tresser Boulevard Suite 1210 Stamford, CT 06901-3250 United States of America Tel: +1-203-905-3341 Toronto 40 King Street West Scotia Plaza, Suite 3410 Toronto, ON M5H 3Y2 Canada Tel: +1-416-364-3355 Washington, D.C. 1700 New York Avenue, NW Suite 400 Washington, D.C. 20006-5208 United States of America Tel: +1-202-654-7800 Asia/Pacific Beijing Unit 3422 China World Offfice 1 No. 1 Jian Guo Men Wai Avenue Beijing 100004 China Tel: +86-10-6535-1188 Hong Kong Room 1801, Alexandra House 18 Chater Road Central Hong Kong, China Tel: +852-2523-9123 Melbourne Level 51, Rialto Towers 525 Collins Street Melbourne, VIC 3000 Australia Tel: +61-3-9603-1300 Mumbai 63, 3 North Avenue, Maker Maxity Bandra Kurla Complex Bandra (East), Mumbai 400 051 India Tel: +91-22-6733-2222 New Delhi One Horizon Center, 14th floor Golf Course Road, Sector 43 DLF Phase-V, Gurgaon 122 002, Haryana India Tel: +91-11-4603-4600 Seoul 16F West Tower Mirae Asset Centre 1 Building 26 Eulji-ro 5-gil, Jung-gu Seoul 100-210 Korea Tel: +82-2-6030-3200 Shanghai Room 4504, Jin Mao Tower 88 Century Avenue Shanghai 200121 China Tel: +86-21-6163-0888 Singapore 12 Marina View #18-01 Asia Square Tower 2 Singapore 018961 Tel: +65-6225-1811 Sydney Level 25 1 Bligh Street Sydney NSW 2000 Australia Tel: +61-2-9258-3100 Tokyo Akasaka Biz Tower 37F 5-3-1 Akasaka Minato-ku, Tokyo 107-6337 Japan Tel: +81-3-5114-3700 EMEA Amsterdam World Trade Center, Tower H, 18th Floor Zuidplein 148 1077 XV Amsterdam The Netherlands Tel: +31-20-305-7630 Barcelona Avda. Diagonal, 613 2˚A 08028 Barcelona Spain Tel: +34-93-494-9400 Brussels Boulevard Saint-Michel 27 B-1040 Brussels Belgium Tel: +32-2-743-12-20 Copenhagen Kongens Nytorv 3 1050 Copenhagen K Denmark Tel: +45-33-69-23-20 Dubai Burj Daman Offices Tower Office C610, 6th floor DIFC, PO Box 507008 Dubai United Arab Emirates Tel: +971 50 6574346 Frankfurt OpernTurm, 60306 Frankfurt am Main Germany Tel: +49-69-75-60-90-0 Hamburg Stadthausbrücke 1-3/Fleethof 20355 Hamburg Germany Tel: +49-40-48-06-61-0 Helsinki Unioninkatu 22 00130 Helsinki Finland Tel: +358-9-6226-7000 Istanbul Cumhuriyet Cad. No 48 Kat: 4/B Pegasus Evi Elmadağ 34367 Şişli Istanbul / Türkiye Tel: +90-212-705-3550 London Almack House 28 King Street London SW1Y 6QW United Kingdom Tel: +44-20-7839-7788 Madrid Miguel Angel, 11, 7° 28010 Madrid Spain Tel: +34-91-319-7100 Milan Corso Giacomo Matteotti, 3 20121 Milan Italy Tel: +39-02-430-015-1 Munich Maximilianstraße 12-14 80539 München Germany Tel: +49-89-24-89-81-3 Oslo Haakon VIIs Gata 1 NO-0161 Oslo Norway Tel: +47-2203-8010 Paris 20 rue de la Paix 75002 Paris France Tel: +33-1-49-26-13-00 Stockholm Hamngatan 27 SE-111 47 Stockholm Sweden Tel: +46-8-545-074-40 Warsaw Belvedere Plaza ul. Belwederska 23 00-761 Warsaw Poland Tel: +48-22-851-68-38 Zürich Stampfenbachstrasse 5 8001 Zurich Switzerland Tel: +41-44-447-30-30