Master Class Cyber Compliance

1. Master Class Cyber compliance Prof. Hernan Huwyler, MBA CPA

2. IE, top worldwide MBAs

3. Support IT in embedding compliance controls Challenge

4. There is not security in IT security Compliant but unprotected No framework is 100% breach-free Challenge

5. European Critical Infrastructure Directive Energy Transport New European strategy Banking Infrastructure Digital Health Water Waste Space Government 2008 2021

6. 1st Line IT Process and Contract Mgrs Governance 2nd Line Compliance Privacy, risks, info sec 3rd Line IT Audit

7. Implement a mobile and endpoint device management Work-from-Anywhere

8. Enhance requirements for cloud and eCommerce service providers Cloud and eCommerce

9. Audit internal and 3P controls against ransomware and spearphishing Privacy enforcement

10. Compliance register Control matrix Policies and procedures IT contracts End-to-end scope 1

11. SANS policy templates https://www.sans.org/information- security-policy/ 1

12. Create simple policies to buy software and an inventory of applications to prevent shadow IT Licensing Compliance 2

13. Implement a monthly reconciliation between the software inventory and the paid licenses Licensing Compliance 2

14. Implement and train simple policies to buy and approve software by the CISO to prevent shadow IT Licensing Compliance 2

15. Block accesses to rogue or risky cloud services sites (e.g. Dropbox, Google Docs) Licensing Compliance 2

16. Request to use probabilistic methodologies to quantify IT risks Corporate defense 3

17. Request to use probabilistic methodologies to quantify IT risks Corporate defense 3

18. Strength the scientific basis to invest (or not!) on data security controls for contractual, privacy and corporate criminal laws Corporate defense 3

19. “appropriate and proportionate technical and organisational measures” Corporate defense 3

20. The paucity of legal opinion addressing Monte Carlo techniques gives one pause at suggesting that Monte Carlo simulation will ever be challenged, much less successfully, on judicial review. Judges will likely be disinclined to delve into their intricacies, likely characterized as technical and scientific and subject to a longstanding judicial deference.” Susan Poulter Corporate defense 3

21. IT compliance register 4 GDPR, eCommerce directive Computer crime for corporate criminal responsibility IT services, licenses, and outsourcing contracts Sectorial regulations for essential services

22. Dumpster diving 5 Ensure physical documents and drives are safely destroyed

23. Ensure how backups are done and retain for data in the cloud Due diligence for cloud

24. Ensure who has access to the data in the cloud application Due diligence for cloud

25. Security settings in the cloud app are aligned to the internal policies Due diligence for cloud

26. Undestand the locations of the data in transit and at rest for privacy Due diligence for cloud

27. Request to separate company data from the cloud application to minimize risks Due diligence for cloud

28. Checklist model https://www.microsoft.com/en/trust- center/compliance/due-diligence-checklist Due diligence for cloud

29. Due diligence for cloud

30. Operators of essential services should have risk-based IT and compliance controls with international standards NIS Directive

31. Operators of essential services should detect and report securitity breaches without undue delay NIS Directive

32. Secure network NIS Directive Secure systems Continuity plans Incident response Penetration tests 3rd party management

33. Ensure clients read and accept the privacy policy before they provide personal data eCommerce compliance

34. Ensure customers are informed about the uses of the cookies eCommerce compliance

35. Verify that delivery periods, payment methods and cancellation options are communicated eCommerce compliance

36. Control that the clients can correct and accept the order in local language eCommerce compliance

37. Verify that prices include clear shipping costs and taxes eCommerce compliance

38. Monitor contracts and license payments for used software Computer crime

39. Protect the intellectual property of 3rd parties by employees and contractors Computer crime

40. Prevent and detect installed software for fraud and hacking abuse Computer crime

41. Computer crime

42. Data loss prevention tools prevent exfiltration with forensic evidence Tools

43. Secure email gateways can filter bulk phishing emails Tools

44. A data classification policy can ensure compliance while preventing risks Tools

45. eDiscovery helps to review the record of processing activities for GDPR compliance Tools

46. Enhanced multi-factor authentication prevents security breaches Tools

47. Our modular program Compliance Culture Compliance risks Program operations Privacy compliance Control assurance Blended

48. Our

49. Case method

Master Class Cyber Compliance

Du liest eine Vorschau.

Hier ansehen

Master Class Cyber Compliance

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie Master Class Cyber Compliance (20)

Weitere von Hernan Huwyler, MBA CPA (20)

Aktuellste (20)