2 stutzman - shattering your illusion of security€¦ · • good security practices involve...
TRANSCRIPT
Pure IT CUSOAXFI Cyber Security TrackSession 2: Shatter your Illusion of Security
AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019
Kyle Stutzman
VP Business DevelopmentPure IT CUSO
Insert “Jenga” picture
Gate without fenceAnd gate through slide blocking the purpose
AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019
AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019
Insert “Jenga” picture
Gate without fenceAnd gate through slide blocking the purpose
AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019
Insert “Jenga” picture
Gate without fenceAnd gate through slide blocking the purpose
AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019
A conversation for ExecutivesBusiness leadersSecurity Leaders
To implement with your credit union team.
Financial Services Incidents/Breaches in 2018
AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019
Financial Services Incidents/Breaches in 2018
AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019
Do CEOs and Executives care? YES!
AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019
AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019
Framework and Gaps
AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019
Cybersecurity is more than…
AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019
Is Security an IT function or a whole CU function?
Security Officer or Role is where do they sit in the organization?
Security Training?for staff?for Board?for Security role?
How is access for new hires and terminations handled?
Gap Discussion & Questions
AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019
Is your Security Program part of your IT and Business Strategy?
Part of your BCP plan?
How did the last Cyber Security tabletop exercise go? Who was involved?
When was your last incident? How did you perform? Who evaluated the performance and what changes were made?
Gap Discussion & Questions
AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019
How are you handling Cybersecurity Basics? Vulnerability scans, patching, updates, remediation
What is done with independent security scans and results? Is management and the board informed?
Is your executive team involved in security review and due diligence?
How is your board engaged?
Test: What is the board’s role in a security incident or breach? Who will they talk to, share information with, and what actions will they take?
Gap Discussion & Questions
AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019
When is Security involved in new process reviews? New solutions and tools?
Vendor due diligence involvement?
Gap Discussion & Questions
AXFI CYBER SECURITY SESSION 2: PURE IT CUSO © 2019
• Get the CEO and Board engaged if they are not (Security officers must provide business value and risk information)
• Spend resources on tools that are current and next gen technology• Use industry resources and vendors to supplement and mature your
programs• Set a strategy and security roadmap, followed with performance
conversations and adjustments along the way.• Good security practices involve everyone in the company.• Prepare for an incident and breach so you can contain it, minimize
risk, and continue services to your members and communities.
Group Discussion:Conclusion & Takeaways