Aero Webinar Series September 24, 2009 The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 1 A publication of the American National Standards Institute and the Internet Security Alliance
Upcoming AIA/ISA Webinars • Information Sharing — Modern Technology and Legal Structures featuring Jeff Brown,Director, Infrastructure Services and CISO Information Technology, Raytheon. To be presented on 10/22/09 • Testing In A “Real” Environment Leads to Faster Cyber Security Innovation featuring General (Ret.) Charles “Charlie” Croom, Vice President of Cyber Security Solutions, Lockheed Martin Information Systems & Global Services and Curt Aubley, Chief Technology Officer CTO, Lockheed Martin Operations & Next Generation Solutions. To be presented on 11/5/09 • Supply Chain Issues in Cyber Security — A Framework for Moving Forward featuring Scott Borg, Director and Chief Economist (CEO) at the U.S. Cyberconsequences Unit. To be presented on 11/19/09 • Legal Framework for Securing Unified Communications featuring Jeffrey Ritter, President, Waters Edge Consulting. The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 2 A publication of the American National Standards Institute and the Internet Security Alliance
Presenters • Moderator – Ty R. Sagalow, Chief Innovation Officer, Zurich North America, ISA/ ANSI Financial Risk Project Leader • Panelists – Joe Buonomo, President, Direct Computer Resources, ISA/ANSI Financial Risk Project Leader – Harry Oellrich, Managing Director, Head of the Cyber, Technology and Intellectual Property Practice, Guy Carpenter & Company, LLC – Rick Kam, President, ID Experts – Regan Adams, Esq., CIPP, Founder & CEO , Cyber Security Assurance, LLC The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 3 A publication of the American National Standards Institute and the Internet Security Alliance
The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 4 A publication of the American National Standards Institute and the Internet Security Alliance
Agenda • Background: Setting the Scene • Development of an Action Guide to analyze, manage, and transfer financial risk for cyber security • Role Play • Questions and Answers The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 5 A publication of the American National Standards Institute and the Internet Security Alliance
Background Setting the Scene • Cyber security is vital to the economic well-being of the U.S. • What does cyber security really mean? – No standard definition, but one interpretation is the protection of any computer system, software program, and data against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional – Cyber security attacks can come from internal networks, the Internet, or other private or public systems The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 6 A publication of the American National Standards Institute and the Internet Security Alliance
Background (continued) • Cyber-Security is a private-public partnership – Government at all levels use interconnected networks connected internally and externally and experiences the same issues as that of the private sector – Government can be a role model for effective cyber security and use its procurement position to motivate best practices in the private sector – Government can play both traditional regulatory role as well as a provider/supporter of incentives The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 7 A publication of the American National Standards Institute and the Internet Security Alliance
Background (continued) • Organizations use cyber systems for multiple purposes – Real-time tracking of supply chains – Inventory management – Improvement of employee efficiency – Generation of on-line commerce • Twenty-five percent of America’s economic value – up to $3 trillion a day – moves over network connections each day The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 8 A publication of the American National Standards Institute and the Internet Security Alliance
Background • While organizations appreciate the benefits of the Internet, they have often failed to properly account for its financial risks – 50% of Senior Executives said they did not know how much money was lost due to an attack – Congressional Research Service estimates that the economic impact of cyber attacks on business has grown to over $226 billion annually – Total average cost of a data breach grew to approximately $200 per record compromised in 2007 The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 9 A publication of the American National Standards Institute and the Internet Security Alliance
Background • There is a substantial body of work dealing with the technical standards of cyber security • Plenty of attention paid to important technical issues, such as data encryption and best-in-class security technologies • BUT...to date, there has not been any comprehensive methodology for understanding and mitigating the financial losses associated with cyber risk The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 10 A publication of the American National Standards Institute and the Internet Security Alliance
Net Financial Risk Formula The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 11 A publication of the American National Standards Institute and the Internet Security Alliance
What Are Some of the Costs? • Failure of security can have costly consequences – Civil and criminal lawsuits – Lost trade secrets/governmental secrets – Breach of contract, breach of privacy – Reputation damage – Business interruption, lost income – Increase likelihood of a terrorist attack The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 12 A publication of the American National Standards Institute and the Internet Security Alliance
Development of Financial Risk Action Guide • To promote understanding of financial risk, the American National Standards Institute’s (ANSI) Homeland Security Standards Panel (HSSP) and the Internet Security Alliance (ISA) launched a workshop The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 13 A publication of the American National Standards Institute and the Internet Security Alliance
Development of Financial Risk Action Guide • The Goal – Create an Action Guide to analyze, manage, and transfer financial risk for Cyber Security • The Team – More than 30 industry leaders and governmental partners • The key to understanding the financial risks of cyber security is to fully embrace its multi-disciplinary nature, covering many areas of a company The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 14 A publication of the American National Standards Institute and the Internet Security Alliance
Resolve: Multidisciplinary Feed to CFO • A CFO needs to know the key questions to ask to the major stakeholders in all corporate domains, including: – General Counsel – Chief Risk Officer – Chief Compliance Officer – Chief Technology Officer – Heads of Corporate Communications, Investor Relations, and Customer Service – Head of Human Resources The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 15 A publication of the American National Standards Institute and the Internet Security Alliance
Time Table • The Timetable – First Workshop held in March 2008 – Draft Action Guide prepared by teams representing the different disciplines – Subsequent Workshops held in May and July – Action Guide finalized in early August – Publication was released in October 2008 “National Cyber Awareness Month” The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 16 A publication of the American National Standards Institute and the Internet Security Alliance
Action Guide: How to get it The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask Release date: October 20, 2008 Free electronic copy of the document available at: webstore.ansi.org/ cybersecurity The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 17 A publication of the American National Standards Institute and the Internet Security Alliance
Recommend
More recommend