Pure IT CUSOAXFI Cyber Security TrackSession 2: Shatter your Illusion of Security

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

Kyle Stutzman

VP Business DevelopmentPure IT CUSO

Insert “Jenga” picture

Gate without fenceAnd gate through slide blocking the purpose

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

Insert “Jenga” picture

Gate without fenceAnd gate through slide blocking the purpose

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

Insert “Jenga” picture

Gate without fenceAnd gate through slide blocking the purpose

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

A conversation for ExecutivesBusiness leadersSecurity Leaders

To implement with your credit union team.

Financial Services Incidents/Breaches in 2018

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

Financial Services Incidents/Breaches in 2018

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

Do CEOs and Executives care? YES!

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

Framework and Gaps

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

Cybersecurity is more than…

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

Is Security an IT function or a whole CU function?

Security Officer or Role is where do they sit in the organization?

Security Training?for staff?for Board?for Security role?

How is access for new hires and terminations handled?

Gap Discussion & Questions

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

Is your Security Program part of your IT and Business Strategy?

Part of your BCP plan?

How did the last Cyber Security tabletop exercise go? Who was involved?

When was your last incident? How did you perform? Who evaluated the performance and what changes were made?

Gap Discussion & Questions

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

How are you handling Cybersecurity Basics? Vulnerability scans, patching, updates, remediation

What is done with independent security scans and results? Is management and the board informed?

Is your executive team involved in security review and due diligence?

How is your board engaged?

Test: What is the board’s role in a security incident or breach? Who will they talk to, share information with, and what actions will they take?

Gap Discussion & Questions

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

When is Security involved in new process reviews? New solutions and tools?

Vendor due diligence involvement?

Gap Discussion & Questions

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

• Get the CEO and Board engaged if they are not (Security officers must provide business value and risk information)

• Spend resources on tools that are current and next gen technology• Use industry resources and vendors to supplement and mature your

programs• Set a strategy and security roadmap, followed with performance

conversations and adjustments along the way.• Good security practices involve everyone in the company.• Prepare for an incident and breach so you can contain it, minimize

risk, and continue services to your members and communities.

Group Discussion:Conclusion & Takeaways

AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019

Pureitcuso.com

Kyle.Stutzman@pureitcuso.com