IT Risk - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

IT Risk

Description:

British Computer Society in Upper Canada IT Risk in the context of Data Privacy & Information Security Presented by Jason Hall Head of IT Risk RBC Capital Markets – PowerPoint PPT presentation

Number of Views:75
Avg rating:3.0/5.0
Slides: 11
Provided by: bcsu
Category:
Tags: crime | cyber | risk | software

less

Transcript and Presenter's Notes

Title: IT Risk


1
British Computer Society in Upper Canada IT Risk
in the context of Data Privacy Information
Security Presented by Jason Hall Head of IT
Risk RBC Capital Markets
2
IT Risk The Root of Information Security
Privacy
  • A REBRANDING OF INFORMATION SECURITY?

3
IT Risk
IT Risk defined the potential that a threat
exploits weaknesses of an asset resulting in
loss/harm to the organization
  • Historically Information Security synonymous
    with Information Technology Risks
  • IT Risk Information Security is once facet of a
    multitude of risk/controls that are relevant to
    your business
  • Includes Disaster Recovery/Resiliency, Change
    Management, etc
  • Constraints on a system/process
  • Integrated approaches are required to managing
    Technology related risks in your organization
  • Business involvement is critical

4
Business Drivers define which Risks are important
to your organization
External Malicious
Internal Malicious
  • Categories
  • Industrial Espionage
  • State Sponsored Terrorism
  • Organized Crime
  • Motivation
  • For Profit
  • Competitive Advantage
  • .because we can
  • Categories
  • Extortion (Organized Crime)
  • State Sponsored Terrorism
  • Motivation
  • For Profit
  • Pressure/Compromised Individuals
  • .because Im smarter than you think

External Non-Malicious
Internal Non-Malicious
  • Categories
  • Error in judgement
  • Speed to market
  • Simple Mistake
  • Motivation
  • Speed to Market
  • Unaware of consequences
  • Categories
  • Mother Nature
  • Regulatory Requirements
  • Motivation
  • Mother Nature
  • Regulation

8th Ave C
5
Right Size the Control Environment
  • Business Drivers focus the organization
  • Broad coverage covering constraints that are
    important
  • Concept of Risk Acceptance is a foundational
    Tool for IT Risk
  • Example
  • Business Driver - Intellectual Property provides
    a competitive advantage
  • Business Problem Transfer files from corporate
    laptop to client PCs
  • Technology Solution 150 for each encrypted USB
    Keys ensure that if a USB is lost/stolen data
    is protected
  • Business willing to accept the risk or pay to
    ensure that if a USB Key is stolen IP is secure?

6
External Non-Malicious Sandy asks challenging
questions of organizations
  • Challenges faced by NY based FIs
  • Manhattan based Data Centre
  • Regional DR/WAR Centres
  • Global Applications required for Market Open in
    SYD, HKG, LDN
  • Work Area Recovery Locations Impacted
  • Questions asked by Organizations
  • All the plans of war go out the window after the
    first shot is fired - Napoleon
  • Perfect Storm and/or Sequential Failures
  • Tertiary Facilities/Bunkers/WAR Locations
  • Vendors/Third Parties contractual obligations
  • Staffing - get the right people to the right
    location

7
Internal Non-Malicious
  • Challenges Faced By Knight Capital
  • Direct Financial Loss 440MM Reputational
    Loss Unknown Market Cap see below
  • Software Error resulted in the release of
    unintended trades on August. No restriction on
    volumes
  • Software Error occurred in first minutes
  • 35 Minutes lack of Kill Switch stops
    processing when limits are reached
  • Challenges asked of Organizations
  • Integrated Testing Strategies
  • Technology understanding Business Risk Profile
  • Independent Testing/Approvals

8
External Malicious
  • Huawei
  • Largest Telecommunications equipment maker in the
    world
  • Purported ties to Chinas Peoples Liberation
    Army and Communist Party
  • US Congressional committee has urged firms to
    stop doing business with Huawei based on security
    concerns
  • Australia blocked the company from tendering for
    contracts in its A38bn high-speed broadband
    network
  • Canada Prime Ministers Office signalled that
    the company would be excluded from government
    contracts
  • Is Canada Falling Behind..
  • Canada 155 million in cyber security funding
    Wednesday
  • U.K.it will put an extra 650 million (1.05
    billion) into cyber security over five years
  • 2008, the U.S. began to plough more than 10
    billion into cyber defence, and has since
    announced other cyber programs with
    multibillion-dollar budgets.

9
Internal Malicious
  • Developer at Goldman Sachs responsible for firm's
    high-frequency trading
  • Systems generate millions of dollars per year in
    profits
  • Last day working at Goldman SachsEmployee from
    his desk at Goldman Sachs, transferred
    proprietary computer code to an outside computer
    server in Germany.
  • After transferring the files, he attempted to
    delete evidence.
  • Developer flew to Chicago, Illinois, to attend
    meetings at Tezas offices, bringing with him his
    laptop computer and another storage device, each
    of which contained Goldman Sachs proprietary
    source code.

10
Summary
  • IT Risk builds upon the foundations established
    by Information Security
  • Engagement with the business is paramount to
    focusing on the right risks
  • Continue to Educate the business
  • Develop Risk Acceptance place accountability
    on the asset owner
Write a Comment
User Comments (0)
About PowerShow.com