2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar

7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar

1/21

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask

A publication of the American National Standards Institute and the Internet Security Alliance Page 1

Aero Webinar SeriesSeptember 24, 2009

The Financial Impact of Cyber Risk

50 Questions Every CFO Should Ask


2/21



Upcoming AIA/ISA Webinars

Information Sharing Modern Technology and Legal Structures featuringJeff Brown,Director, Infrastructure Services and CISO Information Technology,Raytheon. To be presented on 10/22/09

Testing In A Real Environment Leads to Faster Cyber SecurityInnovation featuring General (Ret.) Charles Charlie Croom, Vice President ofCyber Security Solutions, Lockheed Martin Information Systems & GlobalServices and Curt Aubley, Chief Technology Officer CTO, Lockheed MartinOperations & Next Generation Solutions. To be presented on 11/5/09

Supply Chain Issues in Cyber Security A Framework for MovingForward featuring Scott Borg, Director and Chief Economist (CEO) at the U.S.Cyberconsequences Unit. To be presented on 11/19/09

Legal Framework for Securing Unified Communications featuring JeffreyRitter, President, Waters Edge Consulting.


3/21



Presenters

Moderator Ty R. Sagalow, Chief Innovation Officer, Zurich North America, ISA/

ANSI Financial Risk Project Leader

Panelists Joe Buonomo, President, Direct Computer Resources, ISA/ANSI

Financial Risk Project Leader

Harry Oellrich, Managing Director, Head of the Cyber, Technology andIntellectual Property Practice, Guy Carpenter & Company, LLC

Rick Kam, President, ID Experts Regan Adams, Esq., CIPP, Founder & CEO , Cyber Security

Assurance, LLC


4/21






5/21



Agenda

Background: Setting the Scene

Development of an Action Guide to analyze, manage,and transfer financial risk for cyber security

Role Play Questions and Answers


6/21



Background

Setting the Scene

Cyber security is vital to the economic well-beingof the U.S.

What does cyber security really mean? No standard definition, but one interpretation is the

protection of any computer system, software program,

and data against unauthorized disclosure, transfer,

modification, or destruction, whether accidental or

intentional Cyber security attacks can come from internal networks,

the Internet, or other private or public systems


7/21



Background (continued)

Cyber-Security is a private-public partnership Government at all levels use interconnected networks

connected internally and externally and experiences the

same issues as that of the private sector

Government can be a role model for effective cybersecurity and use its procurement position to motivate best

practices in the private sector

Government can play both traditional regulatory role aswell as a provider/supporter of incentives


8/21



Background (continued)

Organizations use cyber systems for multiple purposes Real-time tracking of supply chains Inventory management Improvement of employee efficiency Generation of on-line commerce

Twenty-five percent of Americas economic value up to $3 trillion a day moves over network connectionseach day


9/21



Background

While organizations appreciate the benefits of theInternet, they have often failed to properly account

for its financial risks

50% of Senior Executives said they did not know how muchmoney was lost due to an attack

Congressional Research Service estimates that the economicimpact of cyber attacks on business has grown to over

$226 billion annually

Total average cost of a data breach grew to approximately$200 per record compromised in 2007


10/21


11/21



Net Financial Risk Formula


12/21



What Are Some of the Costs?

Failure of security can have costly consequences Civil and criminal lawsuits Lost trade secrets/governmental secrets Breach of contract, breach of privacy Reputation damage Business interruption, lost income Increase likelihood of a terrorist attack


13/21



Development of Financial Risk Action Guide

To promote understanding of financial risk, the AmericanNational Standards Institutes (ANSI) Homeland Security

Standards Panel (HSSP) and the Internet Security

Alliance (ISA) launched a workshop


14/21



Development of Financial Risk Action Guide

The Goal Create an Action Guide to analyze, manage, and transfer

financial risk for Cyber Security

The Team More than 30 industry leaders and governmental partners

The key to understanding the financial risks of cybersecurity is to fully embrace its multi-disciplinary nature,

covering many areas of a company


15/21


16/21



Time Table

The Timetable First Workshop held in March 2008 Draft Action Guide prepared by teams representing the

different disciplines

Subsequent Workshops held in May and JulyAction Guide finalized in early August Publication was released in October 2008

National Cyber Awareness Month


17/21



Action Guide: How to get it



Release date: October 20, 2008

Free electronic copy of the document

available at: webstore.ansi.org/

cybersecurity


18/21



Ongoing Effort: Development of

Financial Risk Answer Guide

The American National Standards Institutes (ANSI) Homeland SecurityStandards Panel (HSSP) and the Internet Security Alliance (ISA)

launched a Phase II initiative to further inform and guide the C-suite

community regarding the economics of cyber risk

While Phase I focused on providing questions organizations/CFOs shouldbe asking and provided guidance on the identification and quantification

of the financial risk associated with cyber security, Phase II focuses on

developing an implementation strategy/process for the Phase I questions.

Additionally, this initiative is filling out that framework to the C-suite

community make better informed decisions related to cyber risk from an

economic standpoint.


19/21



Time Table

The Timetable First Workshop held in July 2009 Draft Action Guide prepared by teams representing the

different disciplines

Subsequent Workshops held in August and SeptemberAnswer Guide to be finalized in October Publication release scheduled for November 2009

Email [email protected] to pre-order a free electronic copy


20/21



Role Play

Played by Rick Kam, President, ID Experts

Played by Ty R. Sagalow, ChiefInnovation Officer, Zurich North

America Insurance Company

Played by Regan Adams, Esq., CIPP, Founder &

CEO , Cyber Security Assurance, LLC

Corporate Counsel

CEO

Communications Officer

Chief Information Officer

Played by Joe Buonomo, President, Direct

Computer Resources

Played by Harry Oellrich, Managing Director andHead of the Cyber, Technology and IntellectualProperty Practice, Guy Carpenter & Company, LLC

Risk Manager


21/21



Questions & Answers

Played by Rick Kam, President, ID Experts

Played by Ty R. Sagalow, ChiefInnovation Officer, Zurich North

America Insurance Company

Played by Regan Adams, Esq., CIPP, Founder &

CEO , Cyber Security Assurance, LLC

Corporate Counsel

CEO

Communications Officer

Chief Information Officer

Played by Joe Buonomo, President, Direct

Computer Resources

Played by Harry Oellrich, Managing Director andHead of the Cyber, Technology and IntellectualProperty Practice, Guy Carpenter & Company, LLC

Risk Manager

2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar

Documents

Transcript of 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar