Banks and other financial services firms need to recognize the threats of cyber risk in a different way. Many have put in place thick walls to protect themselves. But firms cannot be protected at all times from a cyber-related incident. So putting in place structures, technologies and processes to ensure resilience—or fast recovery—is as much or more important than simply putting more locks on the doors or building stronger walls. See www.accenture.com/CyberRisk for more.
15. Glossary
COBIT: Control Objectives for Information and Related Technology. COBIT® is
a trademark of ISACA® registered in the United States and other countries.
ISA: Information Society of Automation
ISO: International Organization for Standardization
IEC: International Electrotechnical Commission
NIST: National Institute of Standards and Technology
16. How to Make your Enterprise Cyber
Resilient
Disclaimer:
This presentation is intended for general informational purposes only and does not take into
account the reader’s specific circumstances, and may not reflect the most current
developments. Accenture disclaims, to the fullest extent permitted by applicable law, any
and all liability for the accuracy and completeness of the information in this presentation and
for any acts or omissions made based on such information. Accenture does not provide
legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice
from their own legal counsel or other licensed professionals.
About Accenture
Accenture is a global management consulting, technology services and outsourcing
company, with more than 358,000 people serving clients in more than 120 countries.
Combining unparalleled experience, comprehensive capabilities across all industries and
business functions, and extensive research on the world’s most successful companies,
Accenture collaborates with clients to help them become high-performance businesses and
governments. The company generated net revenues of US$31.0 billion for the fiscal year
ended Aug. 31, 2015. Its home page is www.accenture.com.
Accenture, its logo, and High Performance Delivered are trademarks of Accenture.
17. Learn more about cyber risk and resilience:
www.accenture.com/CyberRisk
Hinweis der Redaktion
Financial services organizations need to recognize the threats of cyber risk in a different way. Many have put in place thick walls to protect themselves. But the threats from a cyber event perspective are becoming more prolific. So although the walls are in place, the threats or activities to commit fraud or attack a firm are expanding.
Organizations cannot protect themselves at all times from a cyber-related incident. So putting in place structures, technologies and processes to ensure resilience—or fast recovery—is as much or more important than simply putting more locks on the doors or building stronger walls.
Historical Methods
Linear or Horizontal Approach is not working – This is Network or matrix problem of technology, process and people
Large Institutions lack the facts and processes to make and implement effective decisions about cyber resilience
Large institutions do not systematically understand which information assets need to be protected, who are their attackers, what is their appetite or which is the most effective set of defense mechanisms
Companies that spend more on cyber resiliency do not necessarily manage cyber resilience risk in a more mature way
New Paradigm
It is not possible to isolate the risk. The common notion of security implies isolation and it is impossible to draw a clear ring around cyber resilience.
Weakest links are often customers and employees and third parties
Not just a technology problem, but rather a technology, process and people problem
Cyber risk does not respect your organizational structure i.e. the operating model for identifying, measuring and managing the risk does not match how firms are being attached.
Firm that invest in and develop cyber capabilities to instill trust in customers, the public and its investors will have an competitive edge in the digital era
Improve Communicate with senior management about the risk organizations impact on the overall Cyber Risk Profile
Demonstrate the value of current and future Cyber/IT management activities
Improve capital management and profitability by putting Cyber/IT related capital to better use
Enable all the stakeholders to understand the contribution risk management makes to the firm and to understand the value of controls
Identify the outcomes by which we can assess effectiveness of program and controls
Option 0 – Do nothing, embedded with IT
Option 1- How compliance is organized, dec