Upload
dennis-leach
View
15
Download
0
Embed Size (px)
DESCRIPTION
Securing the Digital Environment Technology Risk Management - A Caribbean Perspective. Monday November 10 th 2014 Roshan Mohammed. Current State. Low business priority on securing digital assets Reactive Management - After the web site is hacked After the data has been taken - PowerPoint PPT Presentation
Citation preview
Securing the Digital Environment
Technology Risk Management - A Caribbean Perspective
Monday November 10th 2014
Roshan Mohammed
Current State
• Low business priority on securing digital assets
• Reactive Management - • After the web site is hacked• After the data has been taken• After employees take intellectual
property
• We perceive information security to be simple – • Can be done in-house by IT
Department• Firewall + Anti Virus = Secure
Network
Caribbean Incidents
Mar 20
Barbados
… Bank Records hacked
Mar 11
Bahamas
Hackers spark credit card chaos
Feb 6 Jamaica Hackers said to be found with DPP files
Feb 6 Barbados
Barbados police investigating missing data on oil industry
Jan 26
Jamaica … Hacked
Quoted mainly from the Trinidad Guardian - http://m.guardian.co.tt/business-guardian/2013-03-11/caribbean-cyberattacks-rise
Imminent Landscape
Legislation- Local - and International (SOX, PCI DSS, ISO)
Board Due Diligence Requirements – Pro Active Management of Risk- Managing Risk within the local technology ecosystem
Internet Operational Risk- Cybercrime
Technology Adoption- Stay-in-Business
Planning for Risk Management
• For my business, in my country, in my industry, in my region – what are the most critical technology risks?
• What strategic options do I have in approaching the mitigation of these risks?
• How do I future proof my investment in risk mitigation?
DO NOT
Invest in risk management technology without understanding your business risks.
Underestimate the technology risk in business activities. - JP Morgan
- Dropbox- Target
What can help
If you do not already have a risk management strategy, invest in getting one- Have a technology risk assessment done for your business- Make sure the strategy fits our Caribbean business model
Use the right tools- Best practice standards (ISO 27000, ISO 25999 etc)- You cannot manage what you do not measure
Use the right resources- Proven work history- Grow with the company over time.
The Results
Some of the questions that will be answered at the end of the strategic risk assessment.
• Policy and Procedures – • If these are in place, do they meet best practice guidelines?• Do they cover my greatest business risk areas?
• Technology• Is technology design and configuration sufficient to protect my
business?• Will my technology defenses grow with my business?
• People• Does my corporate culture embrace risk management, and if
not how can I achieve this?• Are my superusers actions being monitored?
Questions