© 2016 Crowe Horwath Peak
Crowe Horwath Peak IT Advisory
GigaCon Warsaw
September 19, 2017
Geert-Jan Krol, CISA
© 2017Crowe Horwath Peak
© 2016 Crowe Horwath Peak 22
Feel free…
#croweITA
@GeertJanKrol
© 2016 Crowe Horwath Peak 33
Technology is an accelerating force: law of accelerating returns (Kurzweil)
25.000 BC
15.000 years
5.000 years
2.500 years1.900 years325 years95 years
65 years 38 years 15 years
12 years
© 2016 Crowe Horwath Peak 44
© 2016 Crowe Horwath Peak 55
IT and the Loss of Governance
Co
mp
lexi
ty
FinancialLedger
ProcessesERP
External IntegrationWeb / Cloud / Chains
CommerceCRM
I
III
II
IV
?
DynamicsI. “minicomputers to pc” (age of mainframe / minicomputer). Registration. Cost of 1KB RAM $373
II-III.” windows to the web” (age of PC and Server Based Computing). Digitalization of processes
IV.” dotcom to today” (age of Enterprise Internet). Analytics and automation. Cost of 1 KB RAM $0,00095
© 2016 Crowe Horwath Peak 66
Trends in IT, developments that impact business models and
business operations
Devices,
mobility
Big data,
analytics, AI
Social
networks
Cloud services
© 2016 Crowe Horwath Peak 77
The modern digital age comes with many new business
opportunities, but how to stay in control?
• 2020: 50.000.000.000+ devices online
+
• “Smart” / IoT = vulnerable (security and asset management)
+
• System boundaries are fading away: who is in charge of the digital chain?
+
• Where is your data stored? Who has access?
+
• Trust and transparancy 3rd parties and external service providers?
=
• Business, Security, Privacy and Compliance issues!
© 2016 Crowe Horwath Peak 88
Cybercrime changes
•Then:
© 2016 Crowe Horwath Peak 99
•Now:
© 2016 Crowe Horwath Peak 1010
May 12th, 2017
© 2016 Crowe Horwath Peak 1111
Cybercrime is serious business!
© 2016 Crowe Horwath Peak 1212
Market Cap of Cybercrime
0100200300400500600700
Source: cybercrime cost from Allianz Cyber Risk Guide
Market Capitalization ($, Billions)
© 2016 Crowe Horwath Peak 1313
Hackers changed
•Then:
© 2016 Crowe Horwath Peak 1414
Hackers changed
•Now:
© 2016 Crowe Horwath Peak 1515
GDPR
© 2016 Crowe Horwath Peak
What is and what isn’t GDPR?
It’s the LAW, it’s not
optional
It’s about data of ALL
EU citiziens
It is NOT only IT It’s about all
DATA, also the
file cabinet!
It covers all DATA
FLOWS.
YOU are
responsible, not
the Authority
May 2018 is
implementation date.
Time to act is NOW
Non-
compliance is
EXPENSIVE
© 2016 Crowe Horwath Peak 1717
FINALLY: lessons learned from recent cyber attacks…
To patch or not to
patch? That’s not
even a question!
IT asset
management is here
to stay
From data protection
to real world
protection
Design, implement
and test business
continuity plans
Create awarenessBackup, backup your
backup and perform
restore tests
Authorizations and
segmentation
Acquire accredited
IT services (SOC /
ISAE)
Vulnerability
assessments and
pentesting
© 2016 Crowe Horwath Peak 1818
IT Advisory: service portfolio, derived from technological
developments and their opportunities and risks
IT Projects IT Security & Privacy IT Assurance
IT Strategy:
- IT Roadmap
- Portfolio and Programs
- Information Management
Information Security:
- Policy
- Plan
- Audit
SOC 1 / ISAE 3402:
- Audit + reporting
Quality Assurance:
- Risk analysis
- IT project assurance
Privacy:
- Privacy scan + audit
- GDPR May, 2018
- Privacy Impact
Assessments
- Data Processing
Agreements
SOC 1 / ISAE 3000:
- Audit + reporting
Project Management:
- Project advisory
- System acquisition
- System development
Security audit:
- Security scan + audit
- Tooling
Websecurity:
- Vulnerabilty assessment
- Pentesting
Transition, change Compliance,
Privacy, SecurityTrust, Transparancy
Strategy
Execution
© 2017 Crowe Horwath Peak 1919
Contact
088 2055 000
www.crowehorwathpeak.nl
Geert-Jan Krol
@GeertJanKrol
22 295 30 00
www.crowehorwath.pl
Marcin Kabaciński