Académique Documents
Professionnel Documents
Culture Documents
The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 1
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 2
Presenters
Moderator Ty R. Sagalow, Chief Innovation Officer, Zurich North America, ISA/ ANSI Financial Risk Project Leader Panelists Joe Buonomo, President, Direct Computer Resources, ISA/ANSI Financial Risk Project Leader Harry Oellrich, Managing Director, Head of the Cyber, Technology and Intellectual Property Practice, Guy Carpenter & Company, LLC Rick Kam, President, ID Experts Regan Adams, Esq., CIPP, Founder & CEO , Cyber Security Assurance, LLC
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 3
The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 4
Agenda
Background: Setting the Scene Development of an Action Guide to analyze, manage, and transfer financial risk for cyber security Role Play Questions and Answers
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 5
Page 6
Background (continued)
Cyber-Security is a private-public partnership
Government at all levels use interconnected networks connected internally and externally and experiences the same issues as that of the private sector Government can be a role model for effective cyber security and use its procurement position to motivate best practices in the private sector Government can play both traditional regulatory role as well as a provider/supporter of incentives
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 7
Background (continued)
Organizations use cyber systems for multiple purposes
Real-time tracking of supply chains Inventory management Improvement of employee efficiency Generation of on-line commerce
Twenty-five percent of Americas economic value up to $3 trillion a day moves over network connections each day
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 8
Background
While organizations appreciate the benefits of the Internet, they have often failed to properly account for its financial risks
50% of Senior Executives said they did not know how much money was lost due to an attack Congressional Research Service estimates that the economic impact of cyber attacks on business has grown to over $226 billion annually Total average cost of a data breach grew to approximately $200 per record compromised in 2007
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 9
Background
There is a substantial body of work dealing with the technical standards of cyber security Plenty of attention paid to important technical issues, such as data encryption and best-in-class security technologies BUT...to date, there has not been any comprehensive methodology for understanding and mitigating the financial losses associated with cyber risk
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 10
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 11
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 12
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 13
The Team
More than 30 industry leaders and governmental partners
The key to understanding the financial risks of cyber security is to fully embrace its multi-disciplinary nature, covering many areas of a company
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance Page 14
Page 15
Time Table
The Timetable
First Workshop held in March 2008 Draft Action Guide prepared by teams representing the different disciplines Subsequent Workshops held in May and July Action Guide finalized in early August Publication was released in October 2008 National Cyber Awareness Month
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 16
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 17
Page 18
Time Table
The Timetable
First Workshop held in July 2009 Draft Action Guide prepared by teams representing the different disciplines Subsequent Workshops held in August and September Answer Guide to be finalized in October Publication release scheduled for November 2009
Email bfoer@isalliance.org to pre-order a free electronic copy
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 19
Role Play
CEO
Corporate Counsel
Played by Regan Adams, Esq., CIPP, Founder & CEO , Cyber Security Assurance, LLC
Risk Manager
Played by Ty R. Sagalow, Chief Innovation Officer, Zurich North America Insurance Company
Communications Officer
Played by Harry Oellrich, Managing Director and Head of the Cyber, Technology and Intellectual Property Practice, Guy Carpenter & Company, LLC
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 20
CEO
Played by Joe Buonomo, President, Direct Computer Resources Played by Regan Adams, Esq., CIPP, Founder & CEO , Cyber Security Assurance, LLC
Risk Manager
Played by Ty R. Sagalow, Chief Innovation Officer, Zurich North America Insurance Company
Communications Officer
Played by Harry Oellrich, Managing Director and Head of the Cyber, Technology and Intellectual Property Practice, Guy Carpenter & Company, LLC
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security Alliance
Page 21