SlideShare ist ein Scribd-Unternehmen logo

Risks Facing Media World IT

Aman Bandvi
Aman Bandvi
1 von 18
Downloaden Sie, um offline zu lesen
IM 18IM 18 ZastaConverse Aman Bandvi Risk Based Management Draft Document for Discussions 
The Premise : From a global research projectThe Premise : From a global research project
The IT Trainings in Media WorldThe IT Trainings in Media World The change is slow but evident.
Risks in The Media WorldRisks in The Media World • Privileged users pose a risk to yourPrivileged users pose a risk to your  company's security – The NSA and GCHQ revelations revealed a– The NSA and GCHQ revelations revealed a  fundamental weakness in our business  infrastructure – the risk posed by 'privileged users'p y p g
Risks in The Media WorldRisks in The Media World Social Networking IIssue Use of social media technologies is expanding into new areas. Examples include  user communities, business collaboration, and commerce. Regulatory requirements  are catching up (e.g. financial services organizations).g p ( g g ) Risk • Brand protection • Unauthorized access to confidential data • Regulatory or legal violations• Regulatory or legal violations • Current company policies may not readily apply Recommendation Historical audits are insufficient as risks are rapidly evolving. Need to complete an  inventory of social media usage, and existing policies, procedures and controls. Draft  and execute new audit plan based on emerging risks and current usage within the  organization – may need to include the HR, IT, and Legal departments. Determine  whether a training course should be delivered to employeeswhether a training course should be delivered to employees.
Risks in The Media WorldRisks in The Media World Mobile Devices IIssue Rapid expansion of number of devices, and functionality (e.g., 15+ million iPads in  current circulation). mCommerce enabling technologies within companies introduces  new risks as well. Risk • Loss / release of critical business data • Security and identity management • Application development challenges• Application development challenges • ERP integration issues Recommendation Historical audit procedures are insufficient. Need an inventory of all current allowable  devices and corresponding policies & procedures. Evaluate effectiveness of “push”  controls. Understand mCommerce activities and processes/technology. Ensure that  controls are in place for lost devices.
Risks in The Media WorldRisks in The Media World Malware IIssue Malware continues to increase in sophistication, and has more avenues for execution  (e.g. mobile devices and traditional computing). Most PCs still provide local admin  access. Work‐at‐home flexibility increases issues.y Risk • Loss or theft of critical information • Hardware impacts • Cash impact• Cash impact  • Lost productivity Recommendation Understand organizational approach to malware identification, isolation, and  remediation. Consider impacts beyond traditional spamware/firewalls (e.g., remote  users, mobile devices). Consider update schedules and monitoring (beyond  responsiveness to patch updates). Control contractor / consultant access to the  corporate networkcorporate network.
Risks in The Media WorldRisks in The Media World End User Computing IIssue End User Computing (EUC) applications continue to evolve given resource  constraints of economic downturn. Increased scrutiny is being applied by auditors  and regulators, particularly to financial models. False sense of security provided by g , p y y p y current efforts. Risk • Misstated financial statements • Unsupported decision making• Unsupported decision making • Regulatory concerns • Loss or corruption of data Recommendation Understand current approach to managing and controlling EUCs. Policy‐based  approaches are typically insufficient. Evaluate use of technology and critical  technical settings. Evaluate other program aspects including governance, security,  management processes and training/awarenessmanagement processes, and training/awareness.
Risks in The Media WorldRisks in The Media World Corporate Espionage IIssue More specific targeted efforts (often for gain), assisted by increase in mobile  computing technologies. Increased access to government defense toolkits. Specific  verticals hardest hit – e.g. oil firms, gaming platform networks, defense contractors.g , g g p , Risk • Loss or release of corporate data • Denial of service • Intellectual Property loss• Intellectual Property loss Recommendation This should be a component of information security audits. SOX “monitoring  controls” generally insufficient. Need to understand specific threats, user awareness,  hardening of critical devices and access points (via firewalls and network traffic  monitoring devices / software), vulnerability assessments, and detection/escalation  procedures.
Risks in The Media WorldRisks in The Media World Project Backlog IIssue Economic downturn caused decrease in IT investment and deferral of critical projects  resulting in large project backlogs. Recent increase in resumption of large corporate  IT projects, now being performed with reduced staff levels and/or weak project p j , g p / p j management oversight. Risk • Project delays or failure • Completed projects shortchanging security and controls• Completed projects shortchanging security and controls • Failure to achieve business objectives • Poor or inadequate vendor management Recommendation Current projects should be included in enterprise risk assessments and IT audit  universe. Ensure that controls are built into projects; deferral until after project goes  live creates substantial risk and remediation can be expensive.
Risks in The Media WorldRisks in The Media World IT Governance IIssue Reduced enterprise IT support / budgets and increased ease of technology  deployments has led to multiple “shadow IT” organizations within enterprises.  Shadow groups tend to not follow established control procedures.g p p Risk • Failure to comply with corporate IT policies and controls • Operational impacts • Information security risks• Information security risks • Regulatory violations • Duplication of efforts, increased costs and inefficiencies Recommendation Determine extent of shadow IT deployment. Identify applications and environments  deployed outside of usual channels, and assess compliance with corporate policies.  Evaluate and assess duplicative systems, licensing, and support issues.
Risks in The Media WorldRisks in The Media World Electronic Records Management (ERM) IIssue Increased deployment of ERM solutions, with corresponding data conversions and  process changes. Specific verticals more highly impacted (e.g., health care and  financial services).) Risk • Loss of data in conversion process • Regulatory violations if inadequate controls exist • Storage retention and forensic issues• Storage, retention, and forensic issues Recommendation Determine extent of ERM deployment. Identify impacted data and processes.  Ensure data is mapped against existing data management strategies, policies and  legal requirements. Evaluate storage controls and monitoring.
Risks in The Media WorldRisks in The Media World Data Management IIssue Increased regulatory requirement for management and security of types of data.  Lack of ability to identify types/location of enterprise data. Lack of robust data  stratification schema to categorize sensitive data. Exacerbated by cloud g y deployments, shadow IT organizations, mobile computing, and electronic records  management. Risk • Regulatory penalties• Regulatory penalties • Brand damage • Increased cost of compliance Recommendation Evaluate current data management program. Assess level of adequacy to current  business requirements and emerging regulations. Identify specific data management  controls and perform focused audit procedures.
Risks in The Media WorldRisks in The Media World Cloud Computing IIssue Proliferation of external cloud computing solutions, corporate‐ and user‐based.  Different deployments available; data, applications, services. Risk • Administrative access • Data management – location/compliance/recovery/security • Dependent upon availability of cloud provider and internet connection • Investigative support• Investigative support  • Long‐term viability Recommendation Identify cloud computing strategies deployed or planned. Determine applications and  data impacted. Perform a risk assessment for the items impacted and determine the  organization’s risk tolerance. Identify controls that mitigate risks identified above
Think….Think…. All media companies shouldAll media companies should  super‐size their computersuper size their computer  security to ensure that their  information is as safe and  secure as everything else theysecure as everything else they  dodo
Think….Think…. Security rules are ineffective atSecurity rules are ineffective at  the prevention and deterrence  of serious breach/crime. They  can be very effective at solvingcan be very effective at solving  crime. We need to prevent as well!
Think….Think….
Think….Think….

Empfohlen

How to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRHow to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRCharlie Pownall
 
NACD Directorship Article - Cyber July:Aug 2015 published
NACD Directorship Article - Cyber July:Aug 2015 publishedNACD Directorship Article - Cyber July:Aug 2015 published
NACD Directorship Article - Cyber July:Aug 2015 publishedPrista Corporation
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsResilient Systems
 
Top 10 leading fraud detection and prevention solution providers
Top 10 leading fraud detection and prevention solution providersTop 10 leading fraud detection and prevention solution providers
Top 10 leading fraud detection and prevention solution providersMerry D'souza
 
Ics white paper report 2017
Ics white paper report 2017Ics white paper report 2017
Ics white paper report 2017Ir. Indin Hasan ST, MT, IPM, ASEAN Eng
 
CTPAT and Cybersecurity.
CTPAT and Cybersecurity. CTPAT and Cybersecurity.
CTPAT and Cybersecurity. Dan Petrosini
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise The Economist Media Businesses
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframePrecisely
 

Empfohlen

How to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRHow to handle data breach incidents under GDPR
How to handle data breach incidents under GDPRCharlie Pownall
 
NACD Directorship Article - Cyber July:Aug 2015 published
NACD Directorship Article - Cyber July:Aug 2015 publishedNACD Directorship Article - Cyber July:Aug 2015 published
NACD Directorship Article - Cyber July:Aug 2015 publishedPrista Corporation
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsResilient Systems
 
Top 10 leading fraud detection and prevention solution providers
Top 10 leading fraud detection and prevention solution providersTop 10 leading fraud detection and prevention solution providers
Top 10 leading fraud detection and prevention solution providersMerry D'souza
 
Ics white paper report 2017
Ics white paper report 2017Ics white paper report 2017
Ics white paper report 2017Ir. Indin Hasan ST, MT, IPM, ASEAN Eng
 
CTPAT and Cybersecurity.
CTPAT and Cybersecurity. CTPAT and Cybersecurity.
CTPAT and Cybersecurity. Dan Petrosini
 
Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise Protecting the brand—cyber-attacks and the reputation of the enterprise
Protecting the brand—cyber-attacks and the reputation of the enterprise The Economist Media Businesses
 
Big Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframeBig Iron to Big Data Analytics for Security, Compliance, and the Mainframe
Big Iron to Big Data Analytics for Security, Compliance, and the MainframePrecisely
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Enterprise Management Associates
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sDr Lendy Spires
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The Economist Media Businesses
 
Heidi
HeidiHeidi
Heidikategat
 
The Future of Cybersecurity
The Future of CybersecurityThe Future of Cybersecurity
The Future of CybersecurityTheWiltonBainGroup
 
Coso in the cyber age
Coso in the cyber ageCoso in the cyber age
Coso in the cyber ageAmit Bhargava
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
Maersk Notpetya Crisis Response Case Study
Maersk Notpetya Crisis Response Case StudyMaersk Notpetya Crisis Response Case Study
Maersk Notpetya Crisis Response Case StudyCharlie Pownall
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber SecurityPhil Agcaoili
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance TempRohan Sehgal
 
New York Cybersecurity Requirements for Financial Services Companies
New York Cybersecurity Requirements for Financial Services CompaniesNew York Cybersecurity Requirements for Financial Services Companies
New York Cybersecurity Requirements for Financial Services CompaniesCitrin Cooperman
 
News letter oct 12
News letter oct 12News letter oct 12
News letter oct 12Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
Dynamic Defense
Dynamic DefenseDynamic Defense
Dynamic DefenseBooz Allen Hamilton
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
CYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATIONCYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATION3.com
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurityMark Albala
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 

Weitere ähnliche Inhalte

Was ist angesagt?

Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Enterprise Management Associates
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sDr Lendy Spires
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The Economist Media Businesses
 
Coso in the cyber age
Coso in the cyber ageCoso in the cyber age
Coso in the cyber ageAmit Bhargava
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
Maersk Notpetya Crisis Response Case Study
Maersk Notpetya Crisis Response Case StudyMaersk Notpetya Crisis Response Case Study
Maersk Notpetya Crisis Response Case StudyCharlie Pownall
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber SecurityPhil Agcaoili
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance TempRohan Sehgal
 
New York Cybersecurity Requirements for Financial Services Companies
New York Cybersecurity Requirements for Financial Services CompaniesNew York Cybersecurity Requirements for Financial Services Companies
New York Cybersecurity Requirements for Financial Services CompaniesCitrin Cooperman
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
CYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATIONCYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATION3.com
 

Was ist angesagt? (20)

Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
 
The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...The cyber-chasm: How the disconnect between the C-suite and security endanger...
The cyber-chasm: How the disconnect between the C-suite and security endanger...
 
Heidi
HeidiHeidi
Heidi
 
The Future of Cybersecurity
The Future of CybersecurityThe Future of Cybersecurity
The Future of Cybersecurity
 
Coso in the cyber age
Coso in the cyber ageCoso in the cyber age
Coso in the cyber age
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial Institutions
 
Maersk Notpetya Crisis Response Case Study
Maersk Notpetya Crisis Response Case StudyMaersk Notpetya Crisis Response Case Study
Maersk Notpetya Crisis Response Case Study
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
 
2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security2015 KSU So You Want To Be in Cyber Security
2015 KSU So You Want To Be in Cyber Security
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance Temp
 
New York Cybersecurity Requirements for Financial Services Companies
New York Cybersecurity Requirements for Financial Services CompaniesNew York Cybersecurity Requirements for Financial Services Companies
New York Cybersecurity Requirements for Financial Services Companies
 
News letter oct 12
News letter oct 12News letter oct 12
News letter oct 12
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
 
Dynamic Defense
Dynamic DefenseDynamic Defense
Dynamic Defense
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentation
 
CYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATIONCYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATION
 

Ähnlich wie Risks Facing Media World IT

The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurityMark Albala
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
GWAVACon 2015: Netbox Blue - GWAVA & Netbox Blue
GWAVACon 2015: Netbox Blue - GWAVA & Netbox BlueGWAVACon 2015: Netbox Blue - GWAVA & Netbox Blue
GWAVACon 2015: Netbox Blue - GWAVA & Netbox BlueGWAVA
 
Update on enterprise social media risks
Update on enterprise social media risks Update on enterprise social media risks
Update on enterprise social media risks Constantine Karbaliotis
 
Data Analytics for Security Intelligence
Data Analytics for Security IntelligenceData Analytics for Security Intelligence
Data Analytics for Security IntelligenceData Driven Innovation
 
Re-imagine-Risk-Strategies-for-Success-IT-Internal-Audit-Conference-Highlight...
Re-imagine-Risk-Strategies-for-Success-IT-Internal-Audit-Conference-Highlight...Re-imagine-Risk-Strategies-for-Success-IT-Internal-Audit-Conference-Highlight...
Re-imagine-Risk-Strategies-for-Success-IT-Internal-Audit-Conference-Highlight...Charmaine Servado
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
 
Financier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewFinancier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewMorgan Jones
 
The top trends changing the landscape of Information Management
The top trends changing the landscape of Information ManagementThe top trends changing the landscape of Information Management
The top trends changing the landscape of Information ManagementVelrada
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)naveen p
 
Business Continuity Emerging Trends - DRIE Atlantic - Summary
Business Continuity Emerging Trends - DRIE Atlantic - SummaryBusiness Continuity Emerging Trends - DRIE Atlantic - Summary
Business Continuity Emerging Trends - DRIE Atlantic - SummaryMarie Lavoie Dufort
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomIBM Security
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
Using a Data Lake at the core of a Life Assurance business
Using a Data Lake at the core of a Life Assurance businessUsing a Data Lake at the core of a Life Assurance business
Using a Data Lake at the core of a Life Assurance businessDataWorks Summit/Hadoop Summit
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 

Ähnlich wie Risks Facing Media World IT (20)

The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurity
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
GWAVACon 2015: Netbox Blue - GWAVA & Netbox Blue
GWAVACon 2015: Netbox Blue - GWAVA & Netbox BlueGWAVACon 2015: Netbox Blue - GWAVA & Netbox Blue
GWAVACon 2015: Netbox Blue - GWAVA & Netbox Blue
 
Update on enterprise social media risks
Update on enterprise social media risks Update on enterprise social media risks
Update on enterprise social media risks
 
Data Analytics for Security Intelligence
Data Analytics for Security IntelligenceData Analytics for Security Intelligence
Data Analytics for Security Intelligence
 
Re-imagine-Risk-Strategies-for-Success-IT-Internal-Audit-Conference-Highlight...
Re-imagine-Risk-Strategies-for-Success-IT-Internal-Audit-Conference-Highlight...Re-imagine-Risk-Strategies-for-Success-IT-Internal-Audit-Conference-Highlight...
Re-imagine-Risk-Strategies-for-Success-IT-Internal-Audit-Conference-Highlight...
 
Enterprise Cyber Security 2016
Enterprise Cyber Security 2016Enterprise Cyber Security 2016
Enterprise Cyber Security 2016
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.
 
Financier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewFinancier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual review
 
The top trends changing the landscape of Information Management
The top trends changing the landscape of Information ManagementThe top trends changing the landscape of Information Management
The top trends changing the landscape of Information Management
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Cyber savvy (2)
Cyber savvy (2)Cyber savvy (2)
Cyber savvy (2)
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
 
Business Continuity Emerging Trends - DRIE Atlantic - Summary
Business Continuity Emerging Trends - DRIE Atlantic - SummaryBusiness Continuity Emerging Trends - DRIE Atlantic - Summary
Business Continuity Emerging Trends - DRIE Atlantic - Summary
 
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the BoardroomSecuring the C-Suite: Cybersecurity Perspectives from the Boardroom
Securing the C-Suite: Cybersecurity Perspectives from the Boardroom
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
 
Using a Data Lake at the core of a Life Assurance business
Using a Data Lake at the core of a Life Assurance businessUsing a Data Lake at the core of a Life Assurance business
Using a Data Lake at the core of a Life Assurance business
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
 

Mehr von Aman Bandvi

Credence 15 Years Updated Jan 18 AB
Credence 15 Years Updated Jan 18 ABCredence 15 Years Updated Jan 18 AB
Credence 15 Years Updated Jan 18 ABAman Bandvi
 
Ziksan Capital Ventures Shale Oil in Jordan
Ziksan Capital Ventures Shale Oil in JordanZiksan Capital Ventures Shale Oil in Jordan
Ziksan Capital Ventures Shale Oil in JordanAman Bandvi
 
Relocity Pre-Fab construction Panels
Relocity Pre-Fab construction PanelsRelocity Pre-Fab construction Panels
Relocity Pre-Fab construction PanelsAman Bandvi
 
Relocity SmartCoat Vehicle Germ FREE Interiors Presentation
Relocity SmartCoat Vehicle Germ FREE Interiors PresentationRelocity SmartCoat Vehicle Germ FREE Interiors Presentation
Relocity SmartCoat Vehicle Germ FREE Interiors PresentationAman Bandvi
 
Credence - An Introduction
Credence - An IntroductionCredence - An Introduction
Credence - An IntroductionAman Bandvi
 
Defence India Offsite Presentation
Defence India Offsite PresentationDefence India Offsite Presentation
Defence India Offsite PresentationAman Bandvi
 
Defence India Brief
Defence India BriefDefence India Brief
Defence India BriefAman Bandvi
 

Mehr von Aman Bandvi (7)

Credence 15 Years Updated Jan 18 AB
Credence 15 Years Updated Jan 18 ABCredence 15 Years Updated Jan 18 AB
Credence 15 Years Updated Jan 18 AB
 
Ziksan Capital Ventures Shale Oil in Jordan
Ziksan Capital Ventures Shale Oil in JordanZiksan Capital Ventures Shale Oil in Jordan
Ziksan Capital Ventures Shale Oil in Jordan
 
Relocity Pre-Fab construction Panels
Relocity Pre-Fab construction PanelsRelocity Pre-Fab construction Panels
Relocity Pre-Fab construction Panels
 
Relocity SmartCoat Vehicle Germ FREE Interiors Presentation
Relocity SmartCoat Vehicle Germ FREE Interiors PresentationRelocity SmartCoat Vehicle Germ FREE Interiors Presentation
Relocity SmartCoat Vehicle Germ FREE Interiors Presentation
 
Credence - An Introduction
Credence - An IntroductionCredence - An Introduction
Credence - An Introduction
 
Defence India Offsite Presentation
Defence India Offsite PresentationDefence India Offsite Presentation
Defence India Offsite Presentation
 
Defence India Brief
Defence India BriefDefence India Brief
Defence India Brief
 

Risks Facing Media World IT

  • 1. IM 18IM 18 ZastaConverse Aman Bandvi Risk Based Management Draft Document for Discussions 
  • 2. The Premise : From a global research projectThe Premise : From a global research project
  • 3. The IT Trainings in Media WorldThe IT Trainings in Media World The change is slow but evident.
  • 4. Risks in The Media WorldRisks in The Media World • Privileged users pose a risk to yourPrivileged users pose a risk to your  company's security – The NSA and GCHQ revelations revealed a– The NSA and GCHQ revelations revealed a  fundamental weakness in our business  infrastructure – the risk posed by 'privileged users'p y p g
  • 5. Risks in The Media WorldRisks in The Media World Social Networking IIssue Use of social media technologies is expanding into new areas. Examples include  user communities, business collaboration, and commerce. Regulatory requirements  are catching up (e.g. financial services organizations).g p ( g g ) Risk • Brand protection • Unauthorized access to confidential data • Regulatory or legal violations• Regulatory or legal violations • Current company policies may not readily apply Recommendation Historical audits are insufficient as risks are rapidly evolving. Need to complete an  inventory of social media usage, and existing policies, procedures and controls. Draft  and execute new audit plan based on emerging risks and current usage within the  organization – may need to include the HR, IT, and Legal departments. Determine  whether a training course should be delivered to employeeswhether a training course should be delivered to employees.
  • 6. Risks in The Media WorldRisks in The Media World Mobile Devices IIssue Rapid expansion of number of devices, and functionality (e.g., 15+ million iPads in  current circulation). mCommerce enabling technologies within companies introduces  new risks as well. Risk • Loss / release of critical business data • Security and identity management • Application development challenges• Application development challenges • ERP integration issues Recommendation Historical audit procedures are insufficient. Need an inventory of all current allowable  devices and corresponding policies & procedures. Evaluate effectiveness of “push”  controls. Understand mCommerce activities and processes/technology. Ensure that  controls are in place for lost devices.
  • 7. Risks in The Media WorldRisks in The Media World Malware IIssue Malware continues to increase in sophistication, and has more avenues for execution  (e.g. mobile devices and traditional computing). Most PCs still provide local admin  access. Work‐at‐home flexibility increases issues.y Risk • Loss or theft of critical information • Hardware impacts • Cash impact• Cash impact  • Lost productivity Recommendation Understand organizational approach to malware identification, isolation, and  remediation. Consider impacts beyond traditional spamware/firewalls (e.g., remote  users, mobile devices). Consider update schedules and monitoring (beyond  responsiveness to patch updates). Control contractor / consultant access to the  corporate networkcorporate network.
  • 8. Risks in The Media WorldRisks in The Media World End User Computing IIssue End User Computing (EUC) applications continue to evolve given resource  constraints of economic downturn. Increased scrutiny is being applied by auditors  and regulators, particularly to financial models. False sense of security provided by g , p y y p y current efforts. Risk • Misstated financial statements • Unsupported decision making• Unsupported decision making • Regulatory concerns • Loss or corruption of data Recommendation Understand current approach to managing and controlling EUCs. Policy‐based  approaches are typically insufficient. Evaluate use of technology and critical  technical settings. Evaluate other program aspects including governance, security,  management processes and training/awarenessmanagement processes, and training/awareness.
  • 9. Risks in The Media WorldRisks in The Media World Corporate Espionage IIssue More specific targeted efforts (often for gain), assisted by increase in mobile  computing technologies. Increased access to government defense toolkits. Specific  verticals hardest hit – e.g. oil firms, gaming platform networks, defense contractors.g , g g p , Risk • Loss or release of corporate data • Denial of service • Intellectual Property loss• Intellectual Property loss Recommendation This should be a component of information security audits. SOX “monitoring  controls” generally insufficient. Need to understand specific threats, user awareness,  hardening of critical devices and access points (via firewalls and network traffic  monitoring devices / software), vulnerability assessments, and detection/escalation  procedures.
  • 10. Risks in The Media WorldRisks in The Media World Project Backlog IIssue Economic downturn caused decrease in IT investment and deferral of critical projects  resulting in large project backlogs. Recent increase in resumption of large corporate  IT projects, now being performed with reduced staff levels and/or weak project p j , g p / p j management oversight. Risk • Project delays or failure • Completed projects shortchanging security and controls• Completed projects shortchanging security and controls • Failure to achieve business objectives • Poor or inadequate vendor management Recommendation Current projects should be included in enterprise risk assessments and IT audit  universe. Ensure that controls are built into projects; deferral until after project goes  live creates substantial risk and remediation can be expensive.
  • 11. Risks in The Media WorldRisks in The Media World IT Governance IIssue Reduced enterprise IT support / budgets and increased ease of technology  deployments has led to multiple “shadow IT” organizations within enterprises.  Shadow groups tend to not follow established control procedures.g p p Risk • Failure to comply with corporate IT policies and controls • Operational impacts • Information security risks• Information security risks • Regulatory violations • Duplication of efforts, increased costs and inefficiencies Recommendation Determine extent of shadow IT deployment. Identify applications and environments  deployed outside of usual channels, and assess compliance with corporate policies.  Evaluate and assess duplicative systems, licensing, and support issues.
  • 12. Risks in The Media WorldRisks in The Media World Electronic Records Management (ERM) IIssue Increased deployment of ERM solutions, with corresponding data conversions and  process changes. Specific verticals more highly impacted (e.g., health care and  financial services).) Risk • Loss of data in conversion process • Regulatory violations if inadequate controls exist • Storage retention and forensic issues• Storage, retention, and forensic issues Recommendation Determine extent of ERM deployment. Identify impacted data and processes.  Ensure data is mapped against existing data management strategies, policies and  legal requirements. Evaluate storage controls and monitoring.
  • 13. Risks in The Media WorldRisks in The Media World Data Management IIssue Increased regulatory requirement for management and security of types of data.  Lack of ability to identify types/location of enterprise data. Lack of robust data  stratification schema to categorize sensitive data. Exacerbated by cloud g y deployments, shadow IT organizations, mobile computing, and electronic records  management. Risk • Regulatory penalties• Regulatory penalties • Brand damage • Increased cost of compliance Recommendation Evaluate current data management program. Assess level of adequacy to current  business requirements and emerging regulations. Identify specific data management  controls and perform focused audit procedures.
  • 14. Risks in The Media WorldRisks in The Media World Cloud Computing IIssue Proliferation of external cloud computing solutions, corporate‐ and user‐based.  Different deployments available; data, applications, services. Risk • Administrative access • Data management – location/compliance/recovery/security • Dependent upon availability of cloud provider and internet connection • Investigative support• Investigative support  • Long‐term viability Recommendation Identify cloud computing strategies deployed or planned. Determine applications and  data impacted. Perform a risk assessment for the items impacted and determine the  organization’s risk tolerance. Identify controls that mitigate risks identified above
  • 15. Think….Think…. All media companies shouldAll media companies should  super‐size their computersuper size their computer  security to ensure that their  information is as safe and  secure as everything else theysecure as everything else they  dodo
  • 16. Think….Think…. Security rules are ineffective atSecurity rules are ineffective at  the prevention and deterrence  of serious breach/crime. They  can be very effective at solvingcan be very effective at solving  crime. We need to prevent as well!