partnership with a cfo: on the front line of cybersecurity
TRANSCRIPT
SESSION ID:
#RSAC
Terry Ragsdale
Partnership with a CFO:On the Front Line ofCybersecurity
GRC-T11
CFOLSQ Funding Group
Dr. Christopher PiersonCSO and GCViewpost@DrChrisPierson
#RSAC
Setting the Stage
2
#RSAC
Setting the Stage
3
Ernst & Young: Americas March 2014 CFO: need to know insights for CFOs
PwC's 2015 Annual Corporate Directors Survey
enRaged?enRaged?
#RSAC
Setting the Stage
4
Ernst & Young: Partnering for performance Part 3: the CFO and the CIO
#RSAC
Setting the Stage
5
4 Key Areas:Understanding DriversEducating PartnersCompelling ArgumentsGovernance & Team
#RSAC
Understanding Drivers
#RSAC
Understanding the Drivers
7
CFO Goals:Business OpportunitiesGenerate ProfitBusiness PredictabilityBoard & Investor RelationsFunding/Capital Raises
CSO/CISO Goals:Not in the NewsReduce Risk/Keep SafeBusiness Enabler
#RSAC
Understanding the Drivers
8
Execution:Trusting the NumbersMaking them Confess
Enablement:House in OrderFunding the Strategy
Development:Defining the StrategyTelling the Story
EY-CFO-need-to-know-Insights-for-CFOs
#RSAC
Understanding the Drivers
9
Risk ReductionFrequencySeverityLikelihood
Metrics to Illustrate
Customer Trust
Ignoring the 0.1% Risks
#RSAC
Educating Partners
#RSAC
Educating Partners: News
11
Cybersecurity Incidents:Your SectorNationwide
Risk Management Data
Risk Data from Insurers
Financial/GAAP PublicationsTarget CFO Testifying before Congress in 2015
#RSAC
Educating Partners: Technology
12
Focus on Consumer Tech
Focus on Impact not TechRisk not Security (directly)Bring back to Business
Transition to Company
#RSAC
Educating Partners: Board/Executives
13
Intense BoardAttention
Reputational ImpactDiffers
Credibility is aBusiness Value
SEC OversightShareholderDerivative SuitsKPMG: Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom
#RSAC
Compelling Arguments
#RSAC
Compelling Arguments: What works?
15
Financial Arguments?Cost SavingsRisk Details
Security Studies/Risk Studies?Breach CostsCybercrime CostsLitigation Costs
Evidence of Current/Past Issues?Tied to Past Control Costs
#RSAC
Compelling Arguments: What works?
16
Tying Controls to Business Goals?
Shifting CapEx to OpEx (from Balance Sheet)?
Streamlining Efficiencies?
Current News?
Fear Mongering?
#RSAC
Compelling Arguments: What works?
17
#RSAC
Compelling Arguments: Hypothetical
18
MDM Management & Encryption
Average Cost of Data Breach in U.S. $154 yr./record
Average Number of Records on Devices – 1,000
Costs of Encryption and MDM per device is $250/yr. per device
#RSAC
Governance & Team
#RSAC
Governance & Team: Risks, Options
20
How do you Communicatethe Risk?
Tracking Results
Ensuring Controls andBudget Solve forMeaningful Business
Tie Business Wins toTeam Efforts
#RSAC
Now What? Application
#RSAC
Start Now Weeks & Months Ahead Within One YearCollecting NewsworthyArticles
Business Goals, Priorities, andOpportunities for Cyberthrough Business Evolution
Tie budget to true risks thathave surfaced recently –especially among competitors
Reviewing Consulting, Board,GAAP, NACD, and FinancialGuidance Materials(KPMG, EY, PwC, and Deloitte)
Review and Track MonetaryResearch (Ponemon, Gartner,Data Breach)
Transition budget from CapExto OpEx models wherepossible and show 3-5 yr. costsavings
Personal technologies to latchonto in terms of risk orbusiness advantage
Options for Enterprise RiskManagement partnerships orcommittees
Getting Board and ExecutiveManagement Interest andcreate business value
Research your CFO, Boardmembers, other Execs
Meet with the CFO when youdo not need anything
Seek financial learningopportunities; help CFO
Time to Apply!
22
#RSAC
Thanks & Contact
23
Dr. Christopher PiersonChief Security Officer & [email protected]
Terry RagsdaleChief Financial OfficerLSQ Funding [email protected]