2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
-
Upload
isalliance -
Category
Documents
-
view
216 -
download
0
Transcript of 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
1/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 1
Aero Webinar SeriesSeptember 24, 2009
The Financial Impact of Cyber Risk
50 Questions Every CFO Should Ask
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
2/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 2
Upcoming AIA/ISA Webinars
Information Sharing Modern Technology and Legal Structures featuringJeff Brown,Director, Infrastructure Services and CISO Information Technology,Raytheon. To be presented on 10/22/09
Testing In A Real Environment Leads to Faster Cyber SecurityInnovation featuring General (Ret.) Charles Charlie Croom, Vice President ofCyber Security Solutions, Lockheed Martin Information Systems & GlobalServices and Curt Aubley, Chief Technology Officer CTO, Lockheed MartinOperations & Next Generation Solutions. To be presented on 11/5/09
Supply Chain Issues in Cyber Security A Framework for MovingForward featuring Scott Borg, Director and Chief Economist (CEO) at the U.S.Cyberconsequences Unit. To be presented on 11/19/09
Legal Framework for Securing Unified Communications featuring JeffreyRitter, President, Waters Edge Consulting.
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
3/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 3
Presenters
Moderator Ty R. Sagalow, Chief Innovation Officer, Zurich North America, ISA/
ANSI Financial Risk Project Leader
Panelists Joe Buonomo, President, Direct Computer Resources, ISA/ANSI
Financial Risk Project Leader
Harry Oellrich, Managing Director, Head of the Cyber, Technology andIntellectual Property Practice, Guy Carpenter & Company, LLC
Rick Kam, President, ID Experts Regan Adams, Esq., CIPP, Founder & CEO , Cyber Security
Assurance, LLC
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
4/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 4
The Financial Impact of Cyber Risk
50 Questions Every CFO Should Ask
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
5/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 5
Agenda
Background: Setting the Scene
Development of an Action Guide to analyze, manage,and transfer financial risk for cyber security
Role Play Questions and Answers
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
6/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 6
Background
Setting the Scene
Cyber security is vital to the economic well-beingof the U.S.
What does cyber security really mean? No standard definition, but one interpretation is the
protection of any computer system, software program,
and data against unauthorized disclosure, transfer,
modification, or destruction, whether accidental or
intentional Cyber security attacks can come from internal networks,
the Internet, or other private or public systems
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
7/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 7
Background (continued)
Cyber-Security is a private-public partnership Government at all levels use interconnected networks
connected internally and externally and experiences the
same issues as that of the private sector
Government can be a role model for effective cybersecurity and use its procurement position to motivate best
practices in the private sector
Government can play both traditional regulatory role aswell as a provider/supporter of incentives
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
8/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 8
Background (continued)
Organizations use cyber systems for multiple purposes Real-time tracking of supply chains Inventory management Improvement of employee efficiency Generation of on-line commerce
Twenty-five percent of Americas economic value up to $3 trillion a day moves over network connectionseach day
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
9/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 9
Background
While organizations appreciate the benefits of theInternet, they have often failed to properly account
for its financial risks
50% of Senior Executives said they did not know how muchmoney was lost due to an attack
Congressional Research Service estimates that the economicimpact of cyber attacks on business has grown to over
$226 billion annually
Total average cost of a data breach grew to approximately$200 per record compromised in 2007
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
10/21
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
11/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 11
Net Financial Risk Formula
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
12/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 12
What Are Some of the Costs?
Failure of security can have costly consequences Civil and criminal lawsuits Lost trade secrets/governmental secrets Breach of contract, breach of privacy Reputation damage Business interruption, lost income Increase likelihood of a terrorist attack
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
13/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 13
Development of Financial Risk Action Guide
To promote understanding of financial risk, the AmericanNational Standards Institutes (ANSI) Homeland Security
Standards Panel (HSSP) and the Internet Security
Alliance (ISA) launched a workshop
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
14/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 14
Development of Financial Risk Action Guide
The Goal Create an Action Guide to analyze, manage, and transfer
financial risk for Cyber Security
The Team More than 30 industry leaders and governmental partners
The key to understanding the financial risks of cybersecurity is to fully embrace its multi-disciplinary nature,
covering many areas of a company
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
15/21
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
16/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 16
Time Table
The Timetable First Workshop held in March 2008 Draft Action Guide prepared by teams representing the
different disciplines
Subsequent Workshops held in May and JulyAction Guide finalized in early August Publication was released in October 2008
National Cyber Awareness Month
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
17/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 17
Action Guide: How to get it
The Financial Impact of Cyber Risk
50 Questions Every CFO Should Ask
Release date: October 20, 2008
Free electronic copy of the document
available at: webstore.ansi.org/
cybersecurity
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
18/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 18
Ongoing Effort: Development of
Financial Risk Answer Guide
The American National Standards Institutes (ANSI) Homeland SecurityStandards Panel (HSSP) and the Internet Security Alliance (ISA)
launched a Phase II initiative to further inform and guide the C-suite
community regarding the economics of cyber risk
While Phase I focused on providing questions organizations/CFOs shouldbe asking and provided guidance on the identification and quantification
of the financial risk associated with cyber security, Phase II focuses on
developing an implementation strategy/process for the Phase I questions.
Additionally, this initiative is filling out that framework to the C-suite
community make better informed decisions related to cyber risk from an
economic standpoint.
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
19/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 19
Time Table
The Timetable First Workshop held in July 2009 Draft Action Guide prepared by teams representing the
different disciplines
Subsequent Workshops held in August and SeptemberAnswer Guide to be finalized in October Publication release scheduled for November 2009
Email [email protected] to pre-order a free electronic copy
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
20/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 20
Role Play
Played by Rick Kam, President, ID Experts
Played by Ty R. Sagalow, ChiefInnovation Officer, Zurich North
America Insurance Company
Played by Regan Adams, Esq., CIPP, Founder &
CEO , Cyber Security Assurance, LLC
Corporate Counsel
CEO
Communications Officer
Chief Information Officer
Played by Joe Buonomo, President, Direct
Computer Resources
Played by Harry Oellrich, Managing Director andHead of the Cyber, Technology and IntellectualProperty Practice, Guy Carpenter & Company, LLC
Risk Manager
-
7/31/2019 2009 09 24 Ty Sagalow Zurich ISA AIA Zurich 50 Questions Role Play Webinar
21/21
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask
A publication of the American National Standards Institute and the Internet Security Alliance Page 21
Questions & Answers
Played by Rick Kam, President, ID Experts
Played by Ty R. Sagalow, ChiefInnovation Officer, Zurich North
America Insurance Company
Played by Regan Adams, Esq., CIPP, Founder &
CEO , Cyber Security Assurance, LLC
Corporate Counsel
CEO
Communications Officer
Chief Information Officer
Played by Joe Buonomo, President, Direct
Computer Resources
Played by Harry Oellrich, Managing Director andHead of the Cyber, Technology and IntellectualProperty Practice, Guy Carpenter & Company, LLC
Risk Manager