A Silver Bullet Solution or a Risk

CYBER INSURANCE

Kollam, Aug 19, 2016

We Are

A Reality Check On The Past Present & Future of National Security & Cybersecurity

.in

Kollam, Aug 19, 2016

Can Cyber Insurance enforce change in the cybersecurity DNA of organizations?

Kollam, Aug 19, 2016

In India – IT Act asks for “reasonable security”

PSUs, Enterprises seek - ISO27001, - PCI-DSS, - ISO22301, - Guidelines from RBI, SEBI, IDRBT

Kollam, Aug 19, 2016

The Risks are many too…

RansomwareBusiness Email CompromiseInsider ThreatEspionageAPT etc

Kollam, Aug 19, 2016

Some Cyber Insurance “Issues”

SONY – claim by movie producer after 2 years

TARGET – ongoing litigation

Kollam, Aug 19, 2016

•What will a policy cover • ISMS, BCP, IAM, Devices, Insider threat, IP, Server,

Endpoints, Mistakes, Accidents, Disasters, Ransomware, Spam, Malware, Change Management, Database, Phishing, Whaling, Spear Phishing …

• If the organization has an ISMS is it SECURE• Does ISMS include ransomware, or, Phishing include

whaling etc•Who will assess the incident – is assessor qualified•Organization has to make public announcement and lodge a formal complaint

Kollam, Aug 19, 2016

Cyber Insurance Brings Promise of lowering the risk

Kollam, Aug 19, 2016

How can Insurance enforce Security ?

Kollam, Aug 19, 2016

- Organization HAS to have effective controls

- Security has to be “in the spirit and DNA”

- Management has to assume full responsibility

- Governance and traceability- Common and automated

platforms that are prescribed by Insurer

Kollam, Aug 19, 2016

- While Insurance will de-risk an individual or an organization

- INSURANCE IS A RISK TOO

Kollam, Aug 19, 2016

Decide wisely• You are ISO27001 certified – does this make you a good

candidate for insurance• Will the assessor be willing to accept your security

status / control design and effectiveness and settle your claim

• Think far and wide when you buy• Discuss common ground for assessment with your insurer• Assess your insurers maturity while the insurer assesses

yours• Optimize your controls system to align with insurance

needs

Kollam, Aug 19, 2016

Kollam, Aug 19, 2016

A Br

ief I

ntro

duct

ion

Dinesh O BarejaCISA, CISM, ITIL, ISMS, Cert ERM, Cert IPR

• Principal Advisor – Pyramid Cyber Security & Forensic Pvt Ltd• Co-Founder – Open Security Alliance , IndiaWatch, Indian Honeynet

Project,• Ex Cyber Surveillance Advisor – CDRC (Jharkhand Police – Special Branch)

Enterprise & Government Policy Development; Cyber Security Strategy, Design, Architecture; Current State Security Assessment, Audit & Optimization; Governance, Risk Management;.. etc

ABOUT ME

Kollam, Aug 19, 2016

Who

professional infosec expertise and passion to demolish the hype and enable real-life balance in cybersecurity policy, strategy, training and operations at the national, enterprise or individual level – we bring the

A Reality Check On The Past Present & Future of National Security & Cybersecurity

ABO

UT

US

Wh

at

Whe

re

E dinesh@opensecurityalliance.org

@bizspriteL: linkedin.com/in/dineshbareja +91.9769890505 dineshobareja dineshobareja infosecgallery.blgspot.com securambling.blogspot.com

.in

Kollam, Aug 19, 2016

BECA simple risk that compromises the integrity of emails being exchanged by you (?) internally or with a supplier or buyer. Leads to loss of money (payment) when the transaction is consummated!