Cyber security: What are the threats? · CERTIFICATE LEVEL OPPORTUNITY FOR ICAZ: ICAEW EXAM MODEL Accounting Assurance Business and Finance Law Management Information Principles of

BUSINESS WITH CONFIDENCE icaew.com© ICAEW 2014

Kirstin Gillon, ICAEW IT Faculty

Presentation to ICAZ Winter School 2014

Cyber security: What are the threats?

How should business respond?


IT Faculty

Broadband

Cyber

Roadshows

Other ICAEW

Trust

IT Value

IT Security

Cloud

Thought leadership

Member service

Other

Policy



Agenda

• The big picture

• 10 steps to cyber security

• The role of government

• Q&A


Why has cyber security got more important?

Digitisation of economies

and governments

Economic impact of

security failures


Cyber security


What’s new about cyber security?



4 Flags for Cyber Security

• Businesses should consider ‘cyber’ in all

their activities

• Businesses need to accept that their

security will be compromised

• Businesses should focus on their critical

information assets

• Most businesses don’t get the basics right


How can businesses protect themselves?

www.icaew.com/cyber


10 steps to cyber security for smaller firms

• Allocate responsibilities

– Identify key data and risks

– Ensure senior-level responsibility overall

• Protect your computers and network

– Implement firewalls

• Keep your computers up-to-date

– Ensure patches and updates are applied as soon as possible

• Control employee access to computers and documents

– Apply good password discipline – smart passwords and change

them regularly

• Protect against viruses

– Implement malware protection


10 steps to cyber security for smaller firms

• Extend security beyond the office

– Mobile risks

– Cloud risks

• Don’t forget disks and drives

– Risks of malware and loss

• Plan for the worst

– Know you have a problem

– Have a plan and clear responsibility

• Educate your team

– Training

• Keep records and test your security

– Ongoing processes


Key barriers to good practices

• Time and priority

– Awareness

– Specific risks to business

• Skills and knowledge

– Specialists

– Across businesses

• Changing people’s behaviour

• Complex IT environment


Role of governments - laws and regulation

• Old criminal offences

in new ways

• New criminal offences

– E.g. UK Computer

Misuse Act 1990

• Data protection

regulation

• Intellectual property

laws


Role of governments – other actions

• Protecting Critical

National Infrastructure

• Helping business to

improve their security

– Awareness

– Standards

– Information sharing

• Building skills base

– Specialists

– Individuals


Key messages

• Cyber security will be increasingly important to business

success

– Supply chains

– Customer relationships

– Deploying new technologies

• Getting the basics right goes a long way - it’s all about people

• Businesses can’t do it alone – need strong institutional

framework and co-operation across all sectors


ADVANCED

LEVEL

Case Study

Corporate ReportingStrategic Business

Management

PROFESSIONAL

LEVEL

Business Planning:

TaxationBusiness Strategy

Audit and Assurance

Financial

Accounting and

Reporting

Financial

ManagementTax Compliance

CERTIFICATE

LEVEL

OPPORTUNITY FOR ICAZ: ICAEW EXAM MODEL

Accounting AssuranceBusiness

and FinanceLaw

Management

Information

Principles of

Taxation

Exams in green can

be replaced with

ICAZ local variants*

*must meet ICAEW criteria for recognition towards ICAEW membership


Questions

[email protected]

+44 (0)20 7920 8538

www.icaew.com/cyber

www.icaew.com/informationsystems

www.icaew.com/itfac

A world leader

of the accountancy

and finance profession


Documents

Cyber security: What are the threats? · CERTIFICATE LEVEL OPPORTUNITY FOR ICAZ: ICAEW EXAM MODEL Accounting Assurance Business and Finance Law Management Information Principles of