Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management and Cyber Security
-
Upload
phil-agcaoili -
Category
Internet
-
view
319 -
download
1
Transcript of Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management and Cyber Security
![Page 1: Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management and Cyber Security](https://reader035.fdocuments.net/reader035/viewer/2022062822/587efd4f1a28ab35528b65a5/html5/thumbnails/1.jpg)
Enterprise Risk Management
In the face of mounting cyber security regulations
![Page 2: Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management and Cyber Security](https://reader035.fdocuments.net/reader035/viewer/2022062822/587efd4f1a28ab35528b65a5/html5/thumbnails/2.jpg)
Cyber Security
o Rules established by government
o A lot of attention right now
o Misconceptionso Struggle for
businesses to stay safeo Cyber economicso Company culture
![Page 3: Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management and Cyber Security](https://reader035.fdocuments.net/reader035/viewer/2022062822/587efd4f1a28ab35528b65a5/html5/thumbnails/3.jpg)
Government Approach
All Hazards
![Page 4: Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management and Cyber Security](https://reader035.fdocuments.net/reader035/viewer/2022062822/587efd4f1a28ab35528b65a5/html5/thumbnails/4.jpg)
ISO 31000Principles and guidelines to formalize enterprise risk management to accommodate multiple ‘silo-centric’ management systems
ISO 27005Assists the satisfactory implementation of information security based on a risk management approach
Risk Management for BusinessF.A.I.R.
![Page 5: Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management and Cyber Security](https://reader035.fdocuments.net/reader035/viewer/2022062822/587efd4f1a28ab35528b65a5/html5/thumbnails/5.jpg)
WHERE ARE YOU STARTING?Cyber Security
![Page 6: Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management and Cyber Security](https://reader035.fdocuments.net/reader035/viewer/2022062822/587efd4f1a28ab35528b65a5/html5/thumbnails/6.jpg)
HOW ARE YOU BALANCING PRIORITIES?
ERM and Cyber Security
![Page 7: Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management and Cyber Security](https://reader035.fdocuments.net/reader035/viewer/2022062822/587efd4f1a28ab35528b65a5/html5/thumbnails/7.jpg)
ARE YOUR EXECUTIVES ENGAGED?WHAT ARE THEY ASKING FOR?
![Page 8: Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management and Cyber Security](https://reader035.fdocuments.net/reader035/viewer/2022062822/587efd4f1a28ab35528b65a5/html5/thumbnails/8.jpg)
DOES TRADITIONAL RISK MANAGEMENT WORK WITH CYBER?What’s failing?Does all-hazards work outside of the government?
![Page 9: Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management and Cyber Security](https://reader035.fdocuments.net/reader035/viewer/2022062822/587efd4f1a28ab35528b65a5/html5/thumbnails/9.jpg)
The Argument for
Reasonable Security
![Page 10: Archer Users Group / Southern Risk Council 2016 Enterprise Risk Management and Cyber Security](https://reader035.fdocuments.net/reader035/viewer/2022062822/587efd4f1a28ab35528b65a5/html5/thumbnails/10.jpg)
Phil AgcaoiliDistinguished Fellow and Fellows Chairman, Ponemon Institute
Board of Advisors, PCI Security Standards Council (SSC)
Financial Services – Information Sharing & Analysis Center (FS-ISAC)Payments Processing Information Sharing Council (PPISC)
Contributor, NIST Cybersecurity Framework
Co-Founder & Board Member, Southern CISO Security Council
Founding Member, Cloud Security Alliance (CSA) Inventor & Co-Author
CSA Cloud Controls Matrix (ISO 27017/27018)Security, Trust and Assurance Registry (STAR), and CSA Open Certification Framework (OCF) – AICPA SOC 2
@hacksec https://www.linkedin.com/in/philA
Thanks