2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar

Aero Webinar Series
September 24, 2009
The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 1
Upcoming AIA/ISA Webinars

Information Sharing Modern Technology and Legal Structures featuring Jeff Brown,Director, Infrastructure Services and CISO Information Technology, Raytheon. To be presented on 10/22/09 Testing In A Real Environment Leads to Faster Cyber Security Innovation featuring General (Ret.) Charles Charlie Croom, Vice President of Cyber Security Solutions, Lockheed Martin Information Systems & Global Services and Curt Aubley, Chief Technology Officer CTO, Lockheed Martin Operations & Next Generation Solutions. To be presented on 11/5/09 Supply Chain Issues in Cyber Security A Framework for Moving Forward featuring Scott Borg, Director and Chief Economist (CEO) at the U.S. Cyberconsequences Unit. To be presented on 11/19/09 Legal Framework for Securing Unified Communications featuring Jeffrey Ritter, President, Waters Edge Consulting.
Page 2
Presenters
Moderator Ty R. Sagalow, Chief Innovation Officer, Zurich North America, ISA/ ANSI Financial Risk Project Leader Panelists Joe Buonomo, President, Direct Computer Resources, ISA/ANSI Financial Risk Project Leader Harry Oellrich, Managing Director, Head of the Cyber, Technology and Intellectual Property Practice, Guy Carpenter & Company, LLC Rick Kam, President, ID Experts Regan Adams, Esq., CIPP, Founder & CEO , Cyber Security Assurance, LLC
Page 3
The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask
Page 4
Agenda
Background: Setting the Scene Development of an Action Guide to analyze, manage, and transfer financial risk for cyber security Role Play Questions and Answers
Page 5
Background Setting the Scene

Cyber security is vital to the economic well-being of the U.S. What does cyber security really mean?
No standard definition, but one interpretation is the protection of any computer system, software program, and data against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional Cyber security attacks can come from internal networks, the Internet, or other private or public systems
Page 6
Background (continued)
Cyber-Security is a private-public partnership
Government at all levels use interconnected networks connected internally and externally and experiences the same issues as that of the private sector Government can be a role model for effective cyber security and use its procurement position to motivate best practices in the private sector Government can play both traditional regulatory role as well as a provider/supporter of incentives
Page 7
Background (continued)
Organizations use cyber systems for multiple purposes
Real-time tracking of supply chains Inventory management Improvement of employee efficiency Generation of on-line commerce
Twenty-five percent of Americas economic value up to $3 trillion a day moves over network connections each day
Page 8
Background
While organizations appreciate the benefits of the Internet, they have often failed to properly account for its financial risks
50% of Senior Executives said they did not know how much money was lost due to an attack Congressional Research Service estimates that the economic impact of cyber attacks on business has grown to over $226 billion annually Total average cost of a data breach grew to approximately $200 per record compromised in 2007
Page 9
Background
There is a substantial body of work dealing with the technical standards of cyber security Plenty of attention paid to important technical issues, such as data encryption and best-in-class security technologies BUT...to date, there has not been any comprehensive methodology for understanding and mitigating the financial losses associated with cyber risk
Page 10
Net Financial Risk Formula
Page 11
What Are Some of the Costs?

Failure of security can have costly consequences
Civil and criminal lawsuits Lost trade secrets/governmental secrets Breach of contract, breach of privacy Reputation damage Business interruption, lost income Increase likelihood of a terrorist attack
Page 12
Development of Financial Risk Action Guide

To promote understanding of financial risk, the American National Standards Institutes (ANSI) Homeland Security Standards Panel (HSSP) and the Internet Security Alliance (ISA) launched a workshop
Page 13
Development of Financial Risk Action Guide

The Goal
Create an Action Guide to analyze, manage, and transfer financial risk for Cyber Security
The Team
More than 30 industry leaders and governmental partners
The key to understanding the financial risks of cyber security is to fully embrace its multi-disciplinary nature, covering many areas of a company
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 14
Resolve: Multidisciplinary Feed to CFO

A CFO needs to know the key questions to ask to the major stakeholders in all corporate domains, including:
General Counsel Chief Risk Officer Chief Compliance Officer Chief Technology Officer Heads of Corporate Communications, Investor Relations, and Customer Service Head of Human Resources
Page 15
Time Table
The Timetable
First Workshop held in March 2008 Draft Action Guide prepared by teams representing the different disciplines Subsequent Workshops held in May and July Action Guide finalized in early August Publication was released in October 2008 National Cyber Awareness Month
Page 16
Action Guide: How to get it

The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask Release date: October 20, 2008 Free electronic copy of the document available at: webstore.ansi.org/ cybersecurity
Page 17
Ongoing Effort: Development of Financial Risk Answer Guide

The American National Standards Institutes (ANSI) Homeland Security Standards Panel (HSSP) and the Internet Security Alliance (ISA) launched a Phase II initiative to further inform and guide the C-suite community regarding the economics of cyber risk While Phase I focused on providing questions organizations/CFOs should be asking and provided guidance on the identification and quantification of the financial risk associated with cyber security, Phase II focuses on developing an implementation strategy/process for the Phase I questions. Additionally, this initiative is filling out that framework to the C-suite community make better informed decisions related to cyber risk from an economic standpoint.
Page 18
Time Table
The Timetable
First Workshop held in July 2009 Draft Action Guide prepared by teams representing the different disciplines Subsequent Workshops held in August and September Answer Guide to be finalized in October Publication release scheduled for November 2009
Email bfoer@isalliance.org to pre-order a free electronic copy
Page 19
Chief Information Officer
Role Play
CEO
Corporate Counsel
Played by Joe Buonomo, President, Direct Computer Resources
Played by Regan Adams, Esq., CIPP, Founder & CEO , Cyber Security Assurance, LLC
Risk Manager
Played by Ty R. Sagalow, Chief Innovation Officer, Zurich North America Insurance Company
Communications Officer
Played by Harry Oellrich, Managing Director and Head of the Cyber, Technology and Intellectual Property Practice, Guy Carpenter & Company, LLC
Played by Rick Kam, President, ID Experts
Page 20
Questions & Answers

Chief Information Officer Corporate Counsel
CEO
Played by Joe Buonomo, President, Direct Computer Resources Played by Regan Adams, Esq., CIPP, Founder & CEO , Cyber Security Assurance, LLC
Risk Manager
Played by Ty R. Sagalow, Chief Innovation Officer, Zurich North America Insurance Company
Communications Officer
Played by Harry Oellrich, Managing Director and Head of the Cyber, Technology and Intellectual Property Practice, Guy Carpenter & Company, LLC
Played by Rick Kam, President, ID Experts
Page 21

2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar

Transféré par

Droits d'auteur :

Formats disponibles

Aero Webinar Series

September 24, 2009

Upcoming AIA/ISA Webinars

Background Setting the Scene

Net Financial Risk Formula

What Are Some of the Costs?

Development of Financial Risk Action Guide

Development of Financial Risk Action Guide

Resolve: Multidisciplinary Feed to CFO

Action Guide: How to get it

Ongoing Effort: Development of Financial Risk Answer Guide

Chief Information Officer

Played by Joe Buonomo, President, Direct Computer Resources

Played by Rick Kam, President, ID Experts

Questions & Answers

Played by Rick Kam, President, ID Experts

Vous aimerez peut-être aussi