SlideShare a Scribd company logo

Will the next systemic crisis be cyber?

Arrow Institute
Arrow Institute

2014 laure molinier euroclear Conférences Arrow institute par conferences institute http://conferences-institute.eu/

Presentations & Public Speaking
1 of 26
1 Will the next systemic crisis be cyber? Arrow Institute conference 25th September 2014 Laure Molinier Yannic Dulieu
2 Agenda • Why could a cyber attack cause the next systemic crisis? • How can Operational Risk management cover cyber risks? ► Enterprise Risk Management (ERM) framework and cyber risks management ► Risks identification ► Assessment and reporting ► Monitoring ► Response strategies • Main learnings and conclusions
A constantly evolving threats landscape Cyber « Hacktivism » Cyber War (Governments, army) Cyber Espionage “Script kiddies” Cyber Crime Script kiddies are sometimes portrayed in media as bored, lonely teenagers seeking recognition from their peers. Criminals Activists / Hacktivists 3 Disgruntle employees 3
4 Cyber threats are diverse and continually evolving… • Cyber-protests, or “hacktivism”, have become popular and continue to grow in frequency. ► Anonymous group, Operation Payback ► End-users with limited technical know-how ► Distributed denial of service attacks (DDoS) attacks or spam campaigns on selected companies and/or organisations • Social Engineers will get confidential information by manipulation or deceit. • Advanced Persistent Threats: sophisticated and clandestine means to gain continual intelligence/data on an individual, or group of individuals, companies or governments. • Highly targeted, thoroughly researched, amply funded, and tailored to a particular organisation using multiple attack vectors and using “low and slow” techniques to evade detection.
Companies are evolving… • Less control on the provider (no penetration-test allowed,…); • Centralization of data from multiple companies; • Privacy & Commercial issue (Patriot act…); • Business continuity concerns… 55
How much does it cost? We don’t know exactly but… Costs of cyber-crime to society are substantial. Some studies cite figures as high as $400 billion or $ 1 trillion! 0 100 200 300 400 500 600 700 800 900 1000 2011 2012 2013 2014 Impact on society Based on reported impacts only… ? x10 x10 66
7 How can Operational Risk manage cyber risks? • Euroclear case study • Enterprise Risk Management (ERM) framework and cyber risks management ► Risks identification ► Assessment and reporting ► Monitoring ► Response strategies 7
88 A growingly interconnected world • Euroclear is the world’s largest provider of settlement and related services for domestic and cross-border financial transactions. • Settle over 170 million transactions a year in 53 currencies. • We have links with 44 markets across the globe • > € 780 billion of collateral outstanding every day • > € 573 trillion transactions settled • > 2,000 financial institution clients from 90 countries • Hold client assets valued at €24 trillion. • 3,300 employees in 12 locations worldwide.
9 Market Infrastructure: Multicurrency settlement and asset servicing International CSDCentral Securities Depository (CSD) Settlement of a trade: – local buyer and local seller – in a domestic security – payment in the domestic currency Seller Settlement of a trade: – Wherever the counterparties are present – in any international security – payment in any currency Belgian Buyer Japanese Seller International Securities Euroclear UK & Ireland, France, Netherlands, Belgium, Nordics Euroclear Bank National Securities Buyer
10 Enterprise Risk Management (ERM) What is the goal? Organise the chaos to ensure continuity Regulation Competition Industry Eurozone New products Technology evolution Staff Natural threats ……. Client demand Technology issues Crisis Credit Liquidity Operational Market Business Strategic
11 The Euroclear Enterprise Risk Management (ERM) framework covers these areas of focus and ensures: • the right ownership and governance • a holistic approach • a dynamic approach • alignment with established market standards and regulations • coverage of business-as-usual and crisis management up to recovery and disaster Enterprise Risk Management Key principles 11
• What are the relevant potential threats? • Horizon scanning • Business engagement • Risk and scenario-based assessments on cyber • Government and peer information sharing fora. • Post-mortem assessment • How effective are our controls? • What is our maturity level? • Report Group Risk Profile and entity risk reports • Security programmes • Incident responses and crisis management • Simulation exercises Enterprise Risk Management in practice How does it apply to cyber threats? 12
BOARD Management Committee Group Risk Committee Local MC/ Division Heads/Risk Mgt Business Continuity Personnel Security Physical Security Logical Security Group Domain Security Manager Local Domain Security Manager Employees Line Management (1st Line of Defence) Audit and Compliance Governance framework • Chief Security officer oversees the implementation of the Security framework covering the 4 security domains and ensures: ► Clarity of accountability ► Same level of control across the group •Risk specialists provide: • Support to first line of defence (framework and tools) • Assurance to senior management on adequacy and effectiveness of controls. Supported by control functions in second and third lines of defence Supported by policies, procedures, control frameworks, tools, expert advice Risk management Governance & strategy 13
14 Awareness is key… • Global security awareness programme • « One Minute Security Managers » • E-learning modules and tests: ► Phishing, Smishing, Vishing… ► Mobile devices, working outside of the office ► Social engineering… Culture 14
Understanding the cyber threats Information Security risks (Reporting in Risk Management - Risk Universe) Logical security risks (Reported via the Corporate Risk analysis) “Cyber” related risks (Cyber Risk analysis) Identify & assess 15
Finding your way through many information sources… Establishing a cyber threat list Mitigation factors reference source is: The SANS TOP 20 critical controls for effective cyber defence. Many sources of external Information sources •US Department of Homeland Security (DHS) •Deloitte cyber threats list •Australian DoD •Information Security Forum (ISF) •SANS TOP 20 (controls) •ENISA cyber threats list •Febelfin threat list regarding mobile computing (used by the NBB) •BSI threat catalogue (German Gov.) Identify & assess 16
About 100 cyber threats grouped in 10 families: 1. Threats to building infrastructure (including SCADA) & personnel 2. Threats to IT networks 3. Threats to IT systems / servers 4. Threats to fixed end-points (such as workstations & thin clients) 5. Threats related to mobile computing (corporate laptops/iPads, mobiles, BYOD,...) 6. Threats to electronic communications / data in transit. 7. Threats to business applications 8. Social Media & Social Engineering threats 9. Threats related to removable medias 10. Threats related to web hosting, together with SaaS Building a manageable threats ListIdentify & assess 17
Perform the risk assessment • Measure coverage and effectiveness of controls • Determine maturity levels • Combine self assessment (HSA, RCSA) with second / third lines • Identify gaps and potential improvements Cyber Threats 1 2 3 4 5 6 7 8 9 10 Residual risk H, M, L 18 Identify & assess Inherent risk H H H M L C M H … N Mitigation Controls* 2,3,6,8,16 2,8,14 3,12,18 1,7,20 … … … … … … Asset … N * SANS TOP 20 Controls for effective cyber defence, Internal Control framework, ISO 27002, etc. Identified gaps and potential improvements
Complement with scenario based analysis Developing realistic scenarios around key business services and measuring readiness. Identify & assess Data theft or copying Data corruption / manipulation Denial of service attack Malware impacting services availablity Key business services 1 2 3 4 5 Financial gain Intelligence Markets destabilisation Business disruption Make a point RESULTS (reflected in framework and response plans) IMPACT ANALYSIS
Measure & report • Merge results from both approaches (technical assessment + scenarios) • Measure company’s readiness to cyber attacks • Report Group Risk Profile and entity risk reports Measure & report Risk based priorities Exception based reporting 0 10 20 30 40 50 60 70 80 90 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr DDoS protection Awareness Zoning Security programmes •Prevention: IPS, Patching, zoning, Data leakage prevention; awareness •Detection: IPS, .. •Response: incident response, DDoS protection, testing 20 Residual risks Identified control gaps & potential improvements Results from scenario based analysis
Security incidents’ response • Escalation structure integrated into crisis management • Managing « potential » risks Respond 21
22 Integration into company’s crisis management structureRespond
23 Corporate response plans •Company’s corporate response plans covering ►Situation assessment ►Strategic intent! ►Technical response and ►Business response ►Communication to all audiences & stakeholders (clients, business counterparties, internal staff, regulators, board, press) • Security incidents simulation and testing Respond Task Monitoring and incident management Assess criticality, escalate and appoint coordinator Convene X-Silver or local Silver Team and inform GOLD Activate the crisis meeting (follow CM guidelines) - Assign chair/Review team composition. - Start log of actions. Perform situation briefing INITIAL IMPACT ASSESSMENT Get initial situational appraisal from IT: • (1) What has happened? • (2) Where? What are the entities / business services (potentially) impacted? • (3) When was it discovered? • (4) What is the impact? Will it get worse and how? • (5) What have we done to deal with it? Who is involved? • (6) What decisions / actions need to be taken? • Reference: crisis report format • Dependent on initial appraisal, what is the strategic intent: “Take such actions as to protect staff, business operations and safeguard our reputation” • Assess (potential) business impact: services unavailability, • Identify upcoming deadlines • What are the available BCPs? • Notify the insurer? Emergency number of the ‘CyberEdge’ policy • Activate X-Silver team (if not yet done) and ensure that other local Silver teams are activated Cyber response plan (extract)
24 A few challenges •Monitoring the threats to adapt strategies to their rapid evolution: ► Finding your way through multiple information sources ► Prioritising investments (defensive vs reactive) •Capturing potential impacts and activating responses in time •Adapting business continuity & recovery plans to manage conflicting objectives: ► Demanding Recovery Time Objectives (restart as soon as possible) sometimes in contradiction with the technical response and the time needed to resolve cyber incident ► Minimising the business impact will potentially conflict the objective to protect the company’s business and reputation (eg: isolating, closing communication channels) ► Maintaining channels of communication with key stakeholders •Finally, cyber threats also present many challenges for national and international regulators (adapting their framework, legislation, cross border cooperation…)
25 Conclusions •The risk framework needs to be adapted to better capture and report on cyber related risks (threats, controls and measurement) •Operational Risk Managers have an important role to play in cyber risks management. •Business engagement is essential! ► To understand the business impact of the threats and prioritise your security investments ► To support your awareness campaign (tone of the top) •Monitor threats as they are constantly moving and re-assess your protection regularly and your business continuity strategy. •Your turn will come whatever the strength of your defences, so getting ready and testing is crucial.
26

Recommended

Risk Dashboard
Risk Dashboard Risk Dashboard
Risk Dashboard Michel Rochette
 
Modern operational risk
Modern operational riskModern operational risk
Modern operational riskSaifullah Malik
 
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...Chiang Mai University School of Public Policy
 
Riskmgm
RiskmgmRiskmgm
RiskmgmRavi Kumar
 
Introduction to Operational Risk Management for Bank Junior Officers in India
Introduction to Operational Risk Management for Bank Junior Officers in IndiaIntroduction to Operational Risk Management for Bank Junior Officers in India
Introduction to Operational Risk Management for Bank Junior Officers in Indiamlvenkat
 
Risk Monitoring Solution
Risk Monitoring SolutionRisk Monitoring Solution
Risk Monitoring Solutionmax.h
 
June event - Operational risk management - IT Career
June event - Operational risk management - IT CareerJune event - Operational risk management - IT Career
June event - Operational risk management - IT CareerFriends4Growth Group
 
ORM Operational Risks Management
ORM Operational Risks ManagementORM Operational Risks Management
ORM Operational Risks ManagementTariq minhas
 

Recommended

Risk Dashboard
Risk Dashboard Risk Dashboard
Risk Dashboard Michel Rochette
 
Modern operational risk
Modern operational riskModern operational risk
Modern operational riskSaifullah Malik
 
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...
Nepal Banking Risk Management March 2015 for senior Rastraiya Banijya Bank em...Chiang Mai University School of Public Policy
 
Riskmgm
RiskmgmRiskmgm
RiskmgmRavi Kumar
 
Introduction to Operational Risk Management for Bank Junior Officers in India
Introduction to Operational Risk Management for Bank Junior Officers in IndiaIntroduction to Operational Risk Management for Bank Junior Officers in India
Introduction to Operational Risk Management for Bank Junior Officers in Indiamlvenkat
 
Risk Monitoring Solution
Risk Monitoring SolutionRisk Monitoring Solution
Risk Monitoring Solutionmax.h
 
June event - Operational risk management - IT Career
June event - Operational risk management - IT CareerJune event - Operational risk management - IT Career
June event - Operational risk management - IT CareerFriends4Growth Group
 
ORM Operational Risks Management
ORM Operational Risks ManagementORM Operational Risks Management
ORM Operational Risks ManagementTariq minhas
 
Role of a Chief Risk Officer
Role of a Chief Risk OfficerRole of a Chief Risk Officer
Role of a Chief Risk OfficerMichel Rochette
 
Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Sadia Razzaq
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Managementarsqureshi
 
Credit Value Adjustment
Credit Value AdjustmentCredit Value Adjustment
Credit Value Adjustmentnikatmalik
 
Bank risk management
Bank risk managementBank risk management
Bank risk managementAshima Thakur
 
operational risk managemnt
operational risk managemntoperational risk managemnt
operational risk managemntAshima Thakur
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)Bushra Angbeen
 
Gestion des risques opérationnels: Le transfert du risque à l'assureur, compo...
Gestion des risques opérationnels: Le transfert du risque à l'assureur, compo...Gestion des risques opérationnels: Le transfert du risque à l'assureur, compo...
Gestion des risques opérationnels: Le transfert du risque à l'assureur, compo...Arrow Institute
 
Amplexor Customer Experience Management seminar Technical overview Euroclear ...
Amplexor Customer Experience Management seminar Technical overview Euroclear ...Amplexor Customer Experience Management seminar Technical overview Euroclear ...
Amplexor Customer Experience Management seminar Technical overview Euroclear ...Amplexor
 
Evolution des risques opérationnels, plongée dans un nouvel environnement!
Evolution des risques opérationnels, plongée dans un nouvel environnement!Evolution des risques opérationnels, plongée dans un nouvel environnement!
Evolution des risques opérationnels, plongée dans un nouvel environnement!Arrow Institute
 
Quel Cadre opérationnel cohérent pour la gestion des risques opérationnels?
Quel Cadre opérationnel cohérent pour la gestion des risques opérationnels?Quel Cadre opérationnel cohérent pour la gestion des risques opérationnels?
Quel Cadre opérationnel cohérent pour la gestion des risques opérationnels?Arrow Institute
 
Rapport final - Mémoire de fin d'études - Bâle III - Nouvelle réglementation ...
Rapport final - Mémoire de fin d'études - Bâle III - Nouvelle réglementation ...Rapport final - Mémoire de fin d'études - Bâle III - Nouvelle réglementation ...
Rapport final - Mémoire de fin d'études - Bâle III - Nouvelle réglementation ...Youcef Benchicou
 
[Gestion des risques et conformite] de bale ii à bale iii
[Gestion des risques et conformite] de bale ii à bale iii[Gestion des risques et conformite] de bale ii à bale iii
[Gestion des risques et conformite] de bale ii à bale iiionepoint x weave
 
Positionnement de la fonction conformité dans les établissement financiers
Positionnement de la fonction conformité dans les établissement financiersPositionnement de la fonction conformité dans les établissement financiers
Positionnement de la fonction conformité dans les établissement financiersArrow Institute
 
Comment faire face aux visites inopinées des autorités de contrôle?
Comment faire face aux visites inopinées des autorités de contrôle?Comment faire face aux visites inopinées des autorités de contrôle?
Comment faire face aux visites inopinées des autorités de contrôle?Arrow Institute
 
De la nécéssaire évolution de nos méthodes de travail, en tant que profession...
De la nécéssaire évolution de nos méthodes de travail, en tant que profession...De la nécéssaire évolution de nos méthodes de travail, en tant que profession...
De la nécéssaire évolution de nos méthodes de travail, en tant que profession...Arrow Institute
 
Règlement / Livraison et conservation des titres: Evolution des infrastructur...
Règlement / Livraison et conservation des titres: Evolution des infrastructur...Règlement / Livraison et conservation des titres: Evolution des infrastructur...
Règlement / Livraison et conservation des titres: Evolution des infrastructur...Arrow Institute
 
Formation des dirigeants d’entreprises jan 2013 v3-2
Formation des dirigeants d’entreprises jan 2013 v3-2Formation des dirigeants d’entreprises jan 2013 v3-2
Formation des dirigeants d’entreprises jan 2013 v3-2Cédric Lefebvre
 
Le Management par les Processus
Le Management par les ProcessusLe Management par les Processus
Le Management par les ProcessusArrow Institute
 
Juqu'où la responsabilité du compliance officer peut-elle être engagée?
Juqu'où la responsabilité du compliance officer peut-elle être engagée? Juqu'où la responsabilité du compliance officer peut-elle être engagée?
Juqu'où la responsabilité du compliance officer peut-elle être engagée? Arrow Institute
 
Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1
Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1
Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1Valdes Nzalli
 
Matinée Cybercriminalité
Matinée CybercriminalitéMatinée Cybercriminalité
Matinée CybercriminalitéEvenements01
 

More Related Content

What's hot

Role of a Chief Risk Officer
Role of a Chief Risk OfficerRole of a Chief Risk Officer
Role of a Chief Risk OfficerMichel Rochette
 
Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Sadia Razzaq
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Managementarsqureshi
 
Credit Value Adjustment
Credit Value AdjustmentCredit Value Adjustment
Credit Value Adjustmentnikatmalik
 
Bank risk management
Bank risk managementBank risk management
Bank risk managementAshima Thakur
 
operational risk managemnt
operational risk managemntoperational risk managemnt
operational risk managemntAshima Thakur
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)Bushra Angbeen
 

What's hot (7)

Role of a Chief Risk Officer
Role of a Chief Risk OfficerRole of a Chief Risk Officer
Role of a Chief Risk Officer
 
Risk management ppt 111p (training module)
Risk management ppt 111p (training module)Risk management ppt 111p (training module)
Risk management ppt 111p (training module)
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Management
 
Credit Value Adjustment
Credit Value AdjustmentCredit Value Adjustment
Credit Value Adjustment
 
Bank risk management
Bank risk managementBank risk management
Bank risk management
 
operational risk managemnt
operational risk managemntoperational risk managemnt
operational risk managemnt
 
Operational risk management (orm)
Operational risk management (orm)Operational risk management (orm)
Operational risk management (orm)
 

Viewers also liked

Gestion des risques opérationnels: Le transfert du risque à l'assureur, compo...
Gestion des risques opérationnels: Le transfert du risque à l'assureur, compo...Gestion des risques opérationnels: Le transfert du risque à l'assureur, compo...
Gestion des risques opérationnels: Le transfert du risque à l'assureur, compo...Arrow Institute
 
Amplexor Customer Experience Management seminar Technical overview Euroclear ...
Amplexor Customer Experience Management seminar Technical overview Euroclear ...Amplexor Customer Experience Management seminar Technical overview Euroclear ...
Amplexor Customer Experience Management seminar Technical overview Euroclear ...Amplexor
 
Evolution des risques opérationnels, plongée dans un nouvel environnement!
Evolution des risques opérationnels, plongée dans un nouvel environnement!Evolution des risques opérationnels, plongée dans un nouvel environnement!
Evolution des risques opérationnels, plongée dans un nouvel environnement!Arrow Institute
 
Quel Cadre opérationnel cohérent pour la gestion des risques opérationnels?
Quel Cadre opérationnel cohérent pour la gestion des risques opérationnels?Quel Cadre opérationnel cohérent pour la gestion des risques opérationnels?
Quel Cadre opérationnel cohérent pour la gestion des risques opérationnels?Arrow Institute
 
Rapport final - Mémoire de fin d'études - Bâle III - Nouvelle réglementation ...
Rapport final - Mémoire de fin d'études - Bâle III - Nouvelle réglementation ...Rapport final - Mémoire de fin d'études - Bâle III - Nouvelle réglementation ...
Rapport final - Mémoire de fin d'études - Bâle III - Nouvelle réglementation ...Youcef Benchicou
 
[Gestion des risques et conformite] de bale ii à bale iii
[Gestion des risques et conformite] de bale ii à bale iii[Gestion des risques et conformite] de bale ii à bale iii
[Gestion des risques et conformite] de bale ii à bale iiionepoint x weave
 
Positionnement de la fonction conformité dans les établissement financiers
Positionnement de la fonction conformité dans les établissement financiersPositionnement de la fonction conformité dans les établissement financiers
Positionnement de la fonction conformité dans les établissement financiersArrow Institute
 
Comment faire face aux visites inopinées des autorités de contrôle?
Comment faire face aux visites inopinées des autorités de contrôle?Comment faire face aux visites inopinées des autorités de contrôle?
Comment faire face aux visites inopinées des autorités de contrôle?Arrow Institute
 
De la nécéssaire évolution de nos méthodes de travail, en tant que profession...
De la nécéssaire évolution de nos méthodes de travail, en tant que profession...De la nécéssaire évolution de nos méthodes de travail, en tant que profession...
De la nécéssaire évolution de nos méthodes de travail, en tant que profession...Arrow Institute
 
Règlement / Livraison et conservation des titres: Evolution des infrastructur...
Règlement / Livraison et conservation des titres: Evolution des infrastructur...Règlement / Livraison et conservation des titres: Evolution des infrastructur...
Règlement / Livraison et conservation des titres: Evolution des infrastructur...Arrow Institute
 
Formation des dirigeants d’entreprises jan 2013 v3-2
Formation des dirigeants d’entreprises jan 2013 v3-2Formation des dirigeants d’entreprises jan 2013 v3-2
Formation des dirigeants d’entreprises jan 2013 v3-2Cédric Lefebvre
 
Le Management par les Processus
Le Management par les ProcessusLe Management par les Processus
Le Management par les ProcessusArrow Institute
 
Juqu'où la responsabilité du compliance officer peut-elle être engagée?
Juqu'où la responsabilité du compliance officer peut-elle être engagée? Juqu'où la responsabilité du compliance officer peut-elle être engagée?
Juqu'où la responsabilité du compliance officer peut-elle être engagée? Arrow Institute
 
Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1
Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1
Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1Valdes Nzalli
 
Matinée Cybercriminalité
Matinée CybercriminalitéMatinée Cybercriminalité
Matinée CybercriminalitéEvenements01
 
Evolution du contrôle interne bancaire en France
Evolution du contrôle interne bancaire en FranceEvolution du contrôle interne bancaire en France
Evolution du contrôle interne bancaire en FranceArrow Institute
 
Une approche Lean Innovante pour le pilotage métier
Une approche Lean Innovante pour le pilotage métierUne approche Lean Innovante pour le pilotage métier
Une approche Lean Innovante pour le pilotage métierArrow Institute
 
Il y a 3000 ans, des contrats d’Epargne et Crédits Rotatifs par Associations ...
Il y a 3000 ans, des contrats d’Epargne et Crédits Rotatifs par Associations ...Il y a 3000 ans, des contrats d’Epargne et Crédits Rotatifs par Associations ...
Il y a 3000 ans, des contrats d’Epargne et Crédits Rotatifs par Associations ...Arrow Institute
 
ASFWS 2011 : Maîtriser les risques opérationnels de ses applications. Quels s...
ASFWS 2011 : Maîtriser les risques opérationnels de ses applications. Quels s...ASFWS 2011 : Maîtriser les risques opérationnels de ses applications. Quels s...
ASFWS 2011 : Maîtriser les risques opérationnels de ses applications. Quels s...Cyber Security Alliance
 

Viewers also liked (20)

Gestion des risques opérationnels: Le transfert du risque à l'assureur, compo...
Gestion des risques opérationnels: Le transfert du risque à l'assureur, compo...Gestion des risques opérationnels: Le transfert du risque à l'assureur, compo...
Gestion des risques opérationnels: Le transfert du risque à l'assureur, compo...
 
Amplexor Customer Experience Management seminar Technical overview Euroclear ...
Amplexor Customer Experience Management seminar Technical overview Euroclear ...Amplexor Customer Experience Management seminar Technical overview Euroclear ...
Amplexor Customer Experience Management seminar Technical overview Euroclear ...
 
Evolution des risques opérationnels, plongée dans un nouvel environnement!
Evolution des risques opérationnels, plongée dans un nouvel environnement!Evolution des risques opérationnels, plongée dans un nouvel environnement!
Evolution des risques opérationnels, plongée dans un nouvel environnement!
 
Quel Cadre opérationnel cohérent pour la gestion des risques opérationnels?
Quel Cadre opérationnel cohérent pour la gestion des risques opérationnels?Quel Cadre opérationnel cohérent pour la gestion des risques opérationnels?
Quel Cadre opérationnel cohérent pour la gestion des risques opérationnels?
 
Rapport final - Mémoire de fin d'études - Bâle III - Nouvelle réglementation ...
Rapport final - Mémoire de fin d'études - Bâle III - Nouvelle réglementation ...Rapport final - Mémoire de fin d'études - Bâle III - Nouvelle réglementation ...
Rapport final - Mémoire de fin d'études - Bâle III - Nouvelle réglementation ...
 
[Gestion des risques et conformite] de bale ii à bale iii
[Gestion des risques et conformite] de bale ii à bale iii[Gestion des risques et conformite] de bale ii à bale iii
[Gestion des risques et conformite] de bale ii à bale iii
 
Positionnement de la fonction conformité dans les établissement financiers
Positionnement de la fonction conformité dans les établissement financiersPositionnement de la fonction conformité dans les établissement financiers
Positionnement de la fonction conformité dans les établissement financiers
 
Comment faire face aux visites inopinées des autorités de contrôle?
Comment faire face aux visites inopinées des autorités de contrôle?Comment faire face aux visites inopinées des autorités de contrôle?
Comment faire face aux visites inopinées des autorités de contrôle?
 
De la nécéssaire évolution de nos méthodes de travail, en tant que profession...
De la nécéssaire évolution de nos méthodes de travail, en tant que profession...De la nécéssaire évolution de nos méthodes de travail, en tant que profession...
De la nécéssaire évolution de nos méthodes de travail, en tant que profession...
 
Règlement / Livraison et conservation des titres: Evolution des infrastructur...
Règlement / Livraison et conservation des titres: Evolution des infrastructur...Règlement / Livraison et conservation des titres: Evolution des infrastructur...
Règlement / Livraison et conservation des titres: Evolution des infrastructur...
 
Formation des dirigeants d’entreprises jan 2013 v3-2
Formation des dirigeants d’entreprises jan 2013 v3-2Formation des dirigeants d’entreprises jan 2013 v3-2
Formation des dirigeants d’entreprises jan 2013 v3-2
 
Le Management par les Processus
Le Management par les ProcessusLe Management par les Processus
Le Management par les Processus
 
Juqu'où la responsabilité du compliance officer peut-elle être engagée?
Juqu'où la responsabilité du compliance officer peut-elle être engagée? Juqu'où la responsabilité du compliance officer peut-elle être engagée?
Juqu'où la responsabilité du compliance officer peut-elle être engagée?
 
Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1
Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1
Cam cybersec fgi_reseaux_sociaux_et_securite_version_1.1
 
Matinée Cybercriminalité
Matinée CybercriminalitéMatinée Cybercriminalité
Matinée Cybercriminalité
 
Evolution du contrôle interne bancaire en France
Evolution du contrôle interne bancaire en FranceEvolution du contrôle interne bancaire en France
Evolution du contrôle interne bancaire en France
 
BÂLE III
BÂLE IIIBÂLE III
BÂLE III
 
Une approche Lean Innovante pour le pilotage métier
Une approche Lean Innovante pour le pilotage métierUne approche Lean Innovante pour le pilotage métier
Une approche Lean Innovante pour le pilotage métier
 
Il y a 3000 ans, des contrats d’Epargne et Crédits Rotatifs par Associations ...
Il y a 3000 ans, des contrats d’Epargne et Crédits Rotatifs par Associations ...Il y a 3000 ans, des contrats d’Epargne et Crédits Rotatifs par Associations ...
Il y a 3000 ans, des contrats d’Epargne et Crédits Rotatifs par Associations ...
 
ASFWS 2011 : Maîtriser les risques opérationnels de ses applications. Quels s...
ASFWS 2011 : Maîtriser les risques opérationnels de ses applications. Quels s...ASFWS 2011 : Maîtriser les risques opérationnels de ses applications. Quels s...
ASFWS 2011 : Maîtriser les risques opérationnels de ses applications. Quels s...
 

Similar to Will the next systemic crisis be cyber?

EU/US boards’ approach to cyber risk governance - webinar presentation
EU/US boards’ approach to cyber risk governance - webinar presentationEU/US boards’ approach to cyber risk governance - webinar presentation
EU/US boards’ approach to cyber risk governance - webinar presentationFERMA
 
Satori Whitepaper: Threat Intelligence - a path to taming digital threats
Satori Whitepaper: Threat Intelligence - a path to taming digital threatsSatori Whitepaper: Threat Intelligence - a path to taming digital threats
Satori Whitepaper: Threat Intelligence - a path to taming digital threatsDean Evans
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challengeFERMA
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetMarcoTechnologies
 
2023 ITM Short Course - Week 1.pdf
2023 ITM Short Course - Week 1.pdf2023 ITM Short Course - Week 1.pdf
2023 ITM Short Course - Week 1.pdfDorcusSitali
 
Using Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital RiskUsing Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital RiskSurfWatch Labs
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsinLabFIB
 
Does IT Security Matter?
Does IT Security Matter?Does IT Security Matter?
Does IT Security Matter?Luke O'Connor
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
 
2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philAPhil Agcaoili
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 

Similar to Will the next systemic crisis be cyber? (20)

EU/US boards’ approach to cyber risk governance - webinar presentation
EU/US boards’ approach to cyber risk governance - webinar presentationEU/US boards’ approach to cyber risk governance - webinar presentation
EU/US boards’ approach to cyber risk governance - webinar presentation
 
Satori Whitepaper: Threat Intelligence - a path to taming digital threats
Satori Whitepaper: Threat Intelligence - a path to taming digital threatsSatori Whitepaper: Threat Intelligence - a path to taming digital threats
Satori Whitepaper: Threat Intelligence - a path to taming digital threats
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology Conference
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
 
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - Fortinet
 
2023 ITM Short Course - Week 1.pdf
2023 ITM Short Course - Week 1.pdf2023 ITM Short Course - Week 1.pdf
2023 ITM Short Course - Week 1.pdf
 
Using Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital RiskUsing Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital Risk
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
Cyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutionsCyber Security - awareness, vulnerabilities and solutions
Cyber Security - awareness, vulnerabilities and solutions
 
Does IT Security Matter?
Does IT Security Matter?Does IT Security Matter?
Does IT Security Matter?
 
Strategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity RisksStrategic Leadership for Managing Evolving Cybersecurity Risks
Strategic Leadership for Managing Evolving Cybersecurity Risks
 
Ctia course outline
Ctia course outlineCtia course outline
Ctia course outline
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 

More from Arrow Institute

Regulatory reporting in the light of the SSM: Industry and supervisors new ch...
Regulatory reporting in the light of the SSM: Industry and supervisors new ch...Regulatory reporting in the light of the SSM: Industry and supervisors new ch...
Regulatory reporting in the light of the SSM: Industry and supervisors new ch...Arrow Institute
 
De Bâle II à Bâle III : cette nouvel réglementation implique-t-elle un change...
De Bâle II à Bâle III : cette nouvel réglementation implique-t-elle un change...De Bâle II à Bâle III : cette nouvel réglementation implique-t-elle un change...
De Bâle II à Bâle III : cette nouvel réglementation implique-t-elle un change...Arrow Institute
 
Les divergenes nationales dans l'application de Bâle III: Etat des lieux de l...
Les divergenes nationales dans l'application de Bâle III: Etat des lieux de l...Les divergenes nationales dans l'application de Bâle III: Etat des lieux de l...
Les divergenes nationales dans l'application de Bâle III: Etat des lieux de l...Arrow Institute
 
La nouvelle réglementation Bâle III implique-t-elle un changement des busines...
La nouvelle réglementation Bâle III implique-t-elle un changement des busines...La nouvelle réglementation Bâle III implique-t-elle un changement des busines...
La nouvelle réglementation Bâle III implique-t-elle un changement des busines...Arrow Institute
 
Problématique qualité sous solvailité 2
Problématique qualité sous solvailité 2Problématique qualité sous solvailité 2
Problématique qualité sous solvailité 2Arrow Institute
 
Risques emergents vs Contraintes reglementaires
Risques emergents vs Contraintes reglementairesRisques emergents vs Contraintes reglementaires
Risques emergents vs Contraintes reglementairesArrow Institute
 
Criminalité financière et risques numériques
Criminalité financière et risques numériquesCriminalité financière et risques numériques
Criminalité financière et risques numériquesArrow Institute
 
La coopération internationale dans la lutte à la corruption
La coopération internationale dans la lutte à la corruptionLa coopération internationale dans la lutte à la corruption
La coopération internationale dans la lutte à la corruptionArrow Institute
 
Lutte contre la criminialité financière: Quelles évolutions pour les outils?
Lutte contre la criminialité financière: Quelles évolutions pour les outils?Lutte contre la criminialité financière: Quelles évolutions pour les outils?
Lutte contre la criminialité financière: Quelles évolutions pour les outils?Arrow Institute
 
Impact de la fiscalité sur le comportement des clients et évolution de l'offr...
Impact de la fiscalité sur le comportement des clients et évolution de l'offr...Impact de la fiscalité sur le comportement des clients et évolution de l'offr...
Impact de la fiscalité sur le comportement des clients et évolution de l'offr...Arrow Institute
 
Digital & private Bank: Shaken or stirred?
Digital & private Bank: Shaken or stirred? Digital & private Bank: Shaken or stirred?
Digital & private Bank: Shaken or stirred? Arrow Institute
 
Le digital : Ami ou ennemi du Banquier Privé?
Le digital : Ami ou ennemi du Banquier Privé? Le digital : Ami ou ennemi du Banquier Privé?
Le digital : Ami ou ennemi du Banquier Privé? Arrow Institute
 
Esquisse d'une gestion de patrimoine durable
Esquisse d'une gestion de patrimoine durableEsquisse d'une gestion de patrimoine durable
Esquisse d'une gestion de patrimoine durableArrow Institute
 
Quelles sont les relations entre la banque privée et les multi Family Office ...
Quelles sont les relations entre la banque privée et les multi Family Office ...Quelles sont les relations entre la banque privée et les multi Family Office ...
Quelles sont les relations entre la banque privée et les multi Family Office ...Arrow Institute
 
Présentation arrow camaris
Présentation arrow camarisPrésentation arrow camaris
Présentation arrow camarisArrow Institute
 

More from Arrow Institute (15)

Regulatory reporting in the light of the SSM: Industry and supervisors new ch...
Regulatory reporting in the light of the SSM: Industry and supervisors new ch...Regulatory reporting in the light of the SSM: Industry and supervisors new ch...
Regulatory reporting in the light of the SSM: Industry and supervisors new ch...
 
De Bâle II à Bâle III : cette nouvel réglementation implique-t-elle un change...
De Bâle II à Bâle III : cette nouvel réglementation implique-t-elle un change...De Bâle II à Bâle III : cette nouvel réglementation implique-t-elle un change...
De Bâle II à Bâle III : cette nouvel réglementation implique-t-elle un change...
 
Les divergenes nationales dans l'application de Bâle III: Etat des lieux de l...
Les divergenes nationales dans l'application de Bâle III: Etat des lieux de l...Les divergenes nationales dans l'application de Bâle III: Etat des lieux de l...
Les divergenes nationales dans l'application de Bâle III: Etat des lieux de l...
 
La nouvelle réglementation Bâle III implique-t-elle un changement des busines...
La nouvelle réglementation Bâle III implique-t-elle un changement des busines...La nouvelle réglementation Bâle III implique-t-elle un changement des busines...
La nouvelle réglementation Bâle III implique-t-elle un changement des busines...
 
Problématique qualité sous solvailité 2
Problématique qualité sous solvailité 2Problématique qualité sous solvailité 2
Problématique qualité sous solvailité 2
 
Risques emergents vs Contraintes reglementaires
Risques emergents vs Contraintes reglementairesRisques emergents vs Contraintes reglementaires
Risques emergents vs Contraintes reglementaires
 
Criminalité financière et risques numériques
Criminalité financière et risques numériquesCriminalité financière et risques numériques
Criminalité financière et risques numériques
 
La coopération internationale dans la lutte à la corruption
La coopération internationale dans la lutte à la corruptionLa coopération internationale dans la lutte à la corruption
La coopération internationale dans la lutte à la corruption
 
Lutte contre la criminialité financière: Quelles évolutions pour les outils?
Lutte contre la criminialité financière: Quelles évolutions pour les outils?Lutte contre la criminialité financière: Quelles évolutions pour les outils?
Lutte contre la criminialité financière: Quelles évolutions pour les outils?
 
Impact de la fiscalité sur le comportement des clients et évolution de l'offr...
Impact de la fiscalité sur le comportement des clients et évolution de l'offr...Impact de la fiscalité sur le comportement des clients et évolution de l'offr...
Impact de la fiscalité sur le comportement des clients et évolution de l'offr...
 
Digital & private Bank: Shaken or stirred?
Digital & private Bank: Shaken or stirred? Digital & private Bank: Shaken or stirred?
Digital & private Bank: Shaken or stirred?
 
Le digital : Ami ou ennemi du Banquier Privé?
Le digital : Ami ou ennemi du Banquier Privé? Le digital : Ami ou ennemi du Banquier Privé?
Le digital : Ami ou ennemi du Banquier Privé?
 
Esquisse d'une gestion de patrimoine durable
Esquisse d'une gestion de patrimoine durableEsquisse d'une gestion de patrimoine durable
Esquisse d'une gestion de patrimoine durable
 
Quelles sont les relations entre la banque privée et les multi Family Office ...
Quelles sont les relations entre la banque privée et les multi Family Office ...Quelles sont les relations entre la banque privée et les multi Family Office ...
Quelles sont les relations entre la banque privée et les multi Family Office ...
 
Présentation arrow camaris
Présentation arrow camarisPrésentation arrow camaris
Présentation arrow camaris
 

Recently uploaded

PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYPHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYpruthirajnayak525
 
Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxJohnree4
 
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power
 
Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Escort Service
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSebastiano Panichella
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 
Chizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxChizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxogubuikealex
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationNathan Young
 
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...Henrik Hanke
 
Quality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMQuality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMCharmi13
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxmavinoikein
 
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comSaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comsaastr
 
miladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxmiladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxCarrieButtitta
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...漢銘 謝
 
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRachelAnnTenibroAmaz
 
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...marjmae69
 
Early Modern Spain. All about this period
Early Modern Spain. All about this periodEarly Modern Spain. All about this period
Early Modern Spain. All about this periodSaraIsabelJimenez
 
Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸mathanramanathan2005
 
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRINDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRsarwankumar4524
 

Recently uploaded (20)

PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYPHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
 
Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptx
 
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
 
Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 
Chizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxChizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptx
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism Presentation
 
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
DGT @ CTAC 2024 Valencia: Most crucial invest to digitalisation_Sven Zoelle_v...
 
Quality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMQuality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEM
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptx
 
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comSaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
 
miladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxmiladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptx
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
 
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
 
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
 
Early Modern Spain. All about this period
Early Modern Spain. All about this periodEarly Modern Spain. All about this period
Early Modern Spain. All about this period
 
Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸
 
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRINDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
 

Will the next systemic crisis be cyber?

  • 1. 1 Will the next systemic crisis be cyber? Arrow Institute conference 25th September 2014 Laure Molinier Yannic Dulieu
  • 2. 2 Agenda • Why could a cyber attack cause the next systemic crisis? • How can Operational Risk management cover cyber risks? ► Enterprise Risk Management (ERM) framework and cyber risks management ► Risks identification ► Assessment and reporting ► Monitoring ► Response strategies • Main learnings and conclusions
  • 3. A constantly evolving threats landscape Cyber « Hacktivism » Cyber War (Governments, army) Cyber Espionage “Script kiddies” Cyber Crime Script kiddies are sometimes portrayed in media as bored, lonely teenagers seeking recognition from their peers. Criminals Activists / Hacktivists 3 Disgruntle employees 3
  • 4. 4 Cyber threats are diverse and continually evolving… • Cyber-protests, or “hacktivism”, have become popular and continue to grow in frequency. ► Anonymous group, Operation Payback ► End-users with limited technical know-how ► Distributed denial of service attacks (DDoS) attacks or spam campaigns on selected companies and/or organisations • Social Engineers will get confidential information by manipulation or deceit. • Advanced Persistent Threats: sophisticated and clandestine means to gain continual intelligence/data on an individual, or group of individuals, companies or governments. • Highly targeted, thoroughly researched, amply funded, and tailored to a particular organisation using multiple attack vectors and using “low and slow” techniques to evade detection.
  • 5. Companies are evolving… • Less control on the provider (no penetration-test allowed,…); • Centralization of data from multiple companies; • Privacy & Commercial issue (Patriot act…); • Business continuity concerns… 55
  • 6. How much does it cost? We don’t know exactly but… Costs of cyber-crime to society are substantial. Some studies cite figures as high as $400 billion or $ 1 trillion! 0 100 200 300 400 500 600 700 800 900 1000 2011 2012 2013 2014 Impact on society Based on reported impacts only… ? x10 x10 66
  • 7. 7 How can Operational Risk manage cyber risks? • Euroclear case study • Enterprise Risk Management (ERM) framework and cyber risks management ► Risks identification ► Assessment and reporting ► Monitoring ► Response strategies 7
  • 8. 88 A growingly interconnected world • Euroclear is the world’s largest provider of settlement and related services for domestic and cross-border financial transactions. • Settle over 170 million transactions a year in 53 currencies. • We have links with 44 markets across the globe • > € 780 billion of collateral outstanding every day • > € 573 trillion transactions settled • > 2,000 financial institution clients from 90 countries • Hold client assets valued at €24 trillion. • 3,300 employees in 12 locations worldwide.
  • 9. 9 Market Infrastructure: Multicurrency settlement and asset servicing International CSDCentral Securities Depository (CSD) Settlement of a trade: – local buyer and local seller – in a domestic security – payment in the domestic currency Seller Settlement of a trade: – Wherever the counterparties are present – in any international security – payment in any currency Belgian Buyer Japanese Seller International Securities Euroclear UK & Ireland, France, Netherlands, Belgium, Nordics Euroclear Bank National Securities Buyer
  • 10. 10 Enterprise Risk Management (ERM) What is the goal? Organise the chaos to ensure continuity Regulation Competition Industry Eurozone New products Technology evolution Staff Natural threats ……. Client demand Technology issues Crisis Credit Liquidity Operational Market Business Strategic
  • 11. 11 The Euroclear Enterprise Risk Management (ERM) framework covers these areas of focus and ensures: • the right ownership and governance • a holistic approach • a dynamic approach • alignment with established market standards and regulations • coverage of business-as-usual and crisis management up to recovery and disaster Enterprise Risk Management Key principles 11
  • 12. • What are the relevant potential threats? • Horizon scanning • Business engagement • Risk and scenario-based assessments on cyber • Government and peer information sharing fora. • Post-mortem assessment • How effective are our controls? • What is our maturity level? • Report Group Risk Profile and entity risk reports • Security programmes • Incident responses and crisis management • Simulation exercises Enterprise Risk Management in practice How does it apply to cyber threats? 12
  • 13. BOARD Management Committee Group Risk Committee Local MC/ Division Heads/Risk Mgt Business Continuity Personnel Security Physical Security Logical Security Group Domain Security Manager Local Domain Security Manager Employees Line Management (1st Line of Defence) Audit and Compliance Governance framework • Chief Security officer oversees the implementation of the Security framework covering the 4 security domains and ensures: ► Clarity of accountability ► Same level of control across the group •Risk specialists provide: • Support to first line of defence (framework and tools) • Assurance to senior management on adequacy and effectiveness of controls. Supported by control functions in second and third lines of defence Supported by policies, procedures, control frameworks, tools, expert advice Risk management Governance & strategy 13
  • 14. 14 Awareness is key… • Global security awareness programme • « One Minute Security Managers » • E-learning modules and tests: ► Phishing, Smishing, Vishing… ► Mobile devices, working outside of the office ► Social engineering… Culture 14
  • 15. Understanding the cyber threats Information Security risks (Reporting in Risk Management - Risk Universe) Logical security risks (Reported via the Corporate Risk analysis) “Cyber” related risks (Cyber Risk analysis) Identify & assess 15
  • 16. Finding your way through many information sources… Establishing a cyber threat list Mitigation factors reference source is: The SANS TOP 20 critical controls for effective cyber defence. Many sources of external Information sources •US Department of Homeland Security (DHS) •Deloitte cyber threats list •Australian DoD •Information Security Forum (ISF) •SANS TOP 20 (controls) •ENISA cyber threats list •Febelfin threat list regarding mobile computing (used by the NBB) •BSI threat catalogue (German Gov.) Identify & assess 16
  • 17. About 100 cyber threats grouped in 10 families: 1. Threats to building infrastructure (including SCADA) & personnel 2. Threats to IT networks 3. Threats to IT systems / servers 4. Threats to fixed end-points (such as workstations & thin clients) 5. Threats related to mobile computing (corporate laptops/iPads, mobiles, BYOD,...) 6. Threats to electronic communications / data in transit. 7. Threats to business applications 8. Social Media & Social Engineering threats 9. Threats related to removable medias 10. Threats related to web hosting, together with SaaS Building a manageable threats ListIdentify & assess 17
  • 18. Perform the risk assessment • Measure coverage and effectiveness of controls • Determine maturity levels • Combine self assessment (HSA, RCSA) with second / third lines • Identify gaps and potential improvements Cyber Threats 1 2 3 4 5 6 7 8 9 10 Residual risk H, M, L 18 Identify & assess Inherent risk H H H M L C M H … N Mitigation Controls* 2,3,6,8,16 2,8,14 3,12,18 1,7,20 … … … … … … Asset … N * SANS TOP 20 Controls for effective cyber defence, Internal Control framework, ISO 27002, etc. Identified gaps and potential improvements
  • 19. Complement with scenario based analysis Developing realistic scenarios around key business services and measuring readiness. Identify & assess Data theft or copying Data corruption / manipulation Denial of service attack Malware impacting services availablity Key business services 1 2 3 4 5 Financial gain Intelligence Markets destabilisation Business disruption Make a point RESULTS (reflected in framework and response plans) IMPACT ANALYSIS
  • 20. Measure & report • Merge results from both approaches (technical assessment + scenarios) • Measure company’s readiness to cyber attacks • Report Group Risk Profile and entity risk reports Measure & report Risk based priorities Exception based reporting 0 10 20 30 40 50 60 70 80 90 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr DDoS protection Awareness Zoning Security programmes •Prevention: IPS, Patching, zoning, Data leakage prevention; awareness •Detection: IPS, .. •Response: incident response, DDoS protection, testing 20 Residual risks Identified control gaps & potential improvements Results from scenario based analysis
  • 21. Security incidents’ response • Escalation structure integrated into crisis management • Managing « potential » risks Respond 21
  • 22. 22 Integration into company’s crisis management structureRespond
  • 23. 23 Corporate response plans •Company’s corporate response plans covering ►Situation assessment ►Strategic intent! ►Technical response and ►Business response ►Communication to all audiences & stakeholders (clients, business counterparties, internal staff, regulators, board, press) • Security incidents simulation and testing Respond Task Monitoring and incident management Assess criticality, escalate and appoint coordinator Convene X-Silver or local Silver Team and inform GOLD Activate the crisis meeting (follow CM guidelines) - Assign chair/Review team composition. - Start log of actions. Perform situation briefing INITIAL IMPACT ASSESSMENT Get initial situational appraisal from IT: • (1) What has happened? • (2) Where? What are the entities / business services (potentially) impacted? • (3) When was it discovered? • (4) What is the impact? Will it get worse and how? • (5) What have we done to deal with it? Who is involved? • (6) What decisions / actions need to be taken? • Reference: crisis report format • Dependent on initial appraisal, what is the strategic intent: “Take such actions as to protect staff, business operations and safeguard our reputation” • Assess (potential) business impact: services unavailability, • Identify upcoming deadlines • What are the available BCPs? • Notify the insurer? Emergency number of the ‘CyberEdge’ policy • Activate X-Silver team (if not yet done) and ensure that other local Silver teams are activated Cyber response plan (extract)
  • 24. 24 A few challenges •Monitoring the threats to adapt strategies to their rapid evolution: ► Finding your way through multiple information sources ► Prioritising investments (defensive vs reactive) •Capturing potential impacts and activating responses in time •Adapting business continuity & recovery plans to manage conflicting objectives: ► Demanding Recovery Time Objectives (restart as soon as possible) sometimes in contradiction with the technical response and the time needed to resolve cyber incident ► Minimising the business impact will potentially conflict the objective to protect the company’s business and reputation (eg: isolating, closing communication channels) ► Maintaining channels of communication with key stakeholders •Finally, cyber threats also present many challenges for national and international regulators (adapting their framework, legislation, cross border cooperation…)
  • 25. 25 Conclusions •The risk framework needs to be adapted to better capture and report on cyber related risks (threats, controls and measurement) •Operational Risk Managers have an important role to play in cyber risks management. •Business engagement is essential! ► To understand the business impact of the threats and prioritise your security investments ► To support your awareness campaign (tone of the top) •Monitor threats as they are constantly moving and re-assess your protection regularly and your business continuity strategy. •Your turn will come whatever the strength of your defences, so getting ready and testing is crucial.
  • 26. 26