際際滷

際際滷Share a Scribd company logo

Cybersecurity and Data Protection Executive Briefing

Download as PPTX, PDF
RFA
RFA

23rd February, Italian Chamber of Commerce and Industry, RFA and 3 Lines of Defence Consulting presented at an executive briefing on cybersecurity and data protection. Topics covered included cyber threats, principles of data processing and GDPR.

1 of 20
Downloaded 10 times
CYBERSECURITY AND DATA PROTECTION
RFA GLOBAL TECHNOLOGY CONSULTANCY 30 Years Founded in 1989 550+ Clients 200+Engineers Latest certifications 24/7/365 Monitoring & Support GLOBAL OPERATIONS EMEA HQ in London WORLD CLASS LEADERSHIP TEAM
RFA FOCUS AREAS Cloud Innovation Automation
RFA SERVICES IT Service Management Cloud Design & Migration Managed Private & Public Cloud Development & Workflow Automation Compliance & RegTech Application Design & Hosting
3 LINES OF DEFENCE CONSULTING Compliance Risk Management Governance
3 LINES OF DEFENCE CONSULTING FINANCIAL SERVICES MULTINATIONAL CORPORATES PROFESSIONAL SERVICES SECTORS Compliance Financial crime prevention Governance / Ethics Legal / Expert Witness Operational risk COO Info Security Investigations SKILLS
DATA IS ESSENTIAL TO LIFE AND BUSINESS Environment Data is one of your most valuable assets Clients and staff expect fast systems and responses Millennials and children DATA DRIVEN WORLD Dangers Clients are less loyal No one is safe; large, small, mid sized businesses
WHAT IS DATA PROTECTION IN A DATA DRIVEN WORLD? Soft copy Hard copy Humans Hardware Protecting the information Ensuring the information is used correctly Security when adding, storing, deleting or removing data Protecting the firm, clients and third parties
WHY DOES DATA PROTECTION MATTER? Correct thing to do! Potential target Reputational risk / client retention Client expectations Proportionate risk based approach Legal / regulatory requirements
WHEN IT GOES WRONG? Australian Government Filing Cabinets Target Outsourcer risk (70m customers) Uber Ransom (57m clients/drivers) Morrisons Published payroll data Equifax SEC Laptops are always going missing
REGULATORY REQUIREMENTS GENERAL DATA PROTECTION REGULATION
GDPR: THE FACTS Who is affected? Personal Data Data Controllers and Data Processors Consent
APPROACHING GDPR RISK MANAGEMEN T TECHNOLOGY RISK THIRD PARTY RISK FRAUD & MISCONDUCT RISK CYBER RISK CRISIS MANAGEMENT RISK COMPLIANCE RISK PRIVACY BY DESIGN An approach to projects that promotes privacy and data protection compliance from the start.
WHAT DOES THIS MEAN?
GAINING CONSENT POST GDPR Read our privacy statement Why we collect this information When you contact us, we collect this information to ensure we can respond appropriately, specifically we collect: Name: So we know how to address you. Your details will also be transferred to our customer relationship system and your name will form part of your unique identifier. Why we collect this information Phone: So we have a method of contacting you. This will also be transferred to our customer relationship system.Why we collect this information Subject: This will help categorise the contacts we have. It may also help us to understand common questions we receive, which can be answered in our FAQ section. Why we collect this information Description: This will also be transferred to our customer relationship system so if you contact us again, we have a history of our communications with you. Why we collect this information Email: So that we can contact you in an alternative way. This will also be transferred to our customer relationship system.Why we collect this information Company Name: So that we know which company you work for and can associate you with other contacts from the same company, and tailor the information that we send you.Privacy Statement None of the information provided through this form will be used for other reasons than to answer your query. It will not be shared with any third party. This information will be deleted 1 year after our last contact with you. If you do not want us to store your data please select the Send No data retained button. Otherwise you are consenting to the above. Send No data retained SendCancel
PRINCIPLES OF DATA PROCESSING Processed lawfully, fairly and in a transparent manner Adequate, relevant and limited to what is necessary Accurate and where necessary, kept up to date Retained only for as long as necessary Collected for specified, explicit and legitimate purposes Processed in an appropriate manner to maintain security
5 STEP ACTION PLAN Data Analysis Technology Infrastructure Review Policy Review Supply Chain Review Building an Implementation Team
KEY TAKEAWAYS Data What data do you have and where is it stored? What do you use it for? Have you classified it as public, sensitive, confidential? How long can you keep the data for? Infrastructure Where is your data held? Do you use any cloud or outsourced technology service providers? Are your systems and networks secure? Processes Do you have Senior Management Systems and Controls SYSC, DR and Business Continuity plans in place, or a Cyber Incident Response Plan? Do you include cybersecurity training in your staff onboarding process? People Who do you share data with? Do you have a team in place to steer GDPR implementation? Do you have the right skills in house to ensure your data is protected and compliant?
Final Comment The cost and effort associated with building resilience and a solid data protection strategy can be high However, the cost of failure is far worse
WHO CAN I CALL FOR HELP? Simon Elvidge, Managing Director 3 Lines of Defence Consulting Tel: 020 7129 1270 Email: simon.elvidge@3ldc.com George Ralph, Managing Director RFA (UK) Ltd Tel: 0207 093 5000 Email gralph@rfa.com

More Related Content

Cybersecurity and Data Protection Executive Briefing

  • 2. RFA GLOBAL TECHNOLOGY CONSULTANCY 30 Years Founded in 1989 550+ Clients 200+Engineers Latest certifications 24/7/365 Monitoring & Support GLOBAL OPERATIONS EMEA HQ in London WORLD CLASS LEADERSHIP TEAM
  • 3. RFA FOCUS AREAS Cloud Innovation Automation
  • 4. RFA SERVICES IT Service Management Cloud Design & Migration Managed Private & Public Cloud Development & Workflow Automation Compliance & RegTech Application Design & Hosting
  • 5. 3 LINES OF DEFENCE CONSULTING Compliance Risk Management Governance
  • 6. 3 LINES OF DEFENCE CONSULTING FINANCIAL SERVICES MULTINATIONAL CORPORATES PROFESSIONAL SERVICES SECTORS Compliance Financial crime prevention Governance / Ethics Legal / Expert Witness Operational risk COO Info Security Investigations SKILLS
  • 7. DATA IS ESSENTIAL TO LIFE AND BUSINESS Environment Data is one of your most valuable assets Clients and staff expect fast systems and responses Millennials and children DATA DRIVEN WORLD Dangers Clients are less loyal No one is safe; large, small, mid sized businesses
  • 8. WHAT IS DATA PROTECTION IN A DATA DRIVEN WORLD? Soft copy Hard copy Humans Hardware Protecting the information Ensuring the information is used correctly Security when adding, storing, deleting or removing data Protecting the firm, clients and third parties
  • 9. WHY DOES DATA PROTECTION MATTER? Correct thing to do! Potential target Reputational risk / client retention Client expectations Proportionate risk based approach Legal / regulatory requirements
  • 10. WHEN IT GOES WRONG? Australian Government Filing Cabinets Target Outsourcer risk (70m customers) Uber Ransom (57m clients/drivers) Morrisons Published payroll data Equifax SEC Laptops are always going missing
  • 12. GDPR: THE FACTS Who is affected? Personal Data Data Controllers and Data Processors Consent
  • 13. APPROACHING GDPR RISK MANAGEMEN T TECHNOLOGY RISK THIRD PARTY RISK FRAUD & MISCONDUCT RISK CYBER RISK CRISIS MANAGEMENT RISK COMPLIANCE RISK PRIVACY BY DESIGN An approach to projects that promotes privacy and data protection compliance from the start.
  • 14. WHAT DOES THIS MEAN?
  • 15. GAINING CONSENT POST GDPR Read our privacy statement Why we collect this information When you contact us, we collect this information to ensure we can respond appropriately, specifically we collect: Name: So we know how to address you. Your details will also be transferred to our customer relationship system and your name will form part of your unique identifier. Why we collect this information Phone: So we have a method of contacting you. This will also be transferred to our customer relationship system.Why we collect this information Subject: This will help categorise the contacts we have. It may also help us to understand common questions we receive, which can be answered in our FAQ section. Why we collect this information Description: This will also be transferred to our customer relationship system so if you contact us again, we have a history of our communications with you. Why we collect this information Email: So that we can contact you in an alternative way. This will also be transferred to our customer relationship system.Why we collect this information Company Name: So that we know which company you work for and can associate you with other contacts from the same company, and tailor the information that we send you.Privacy Statement None of the information provided through this form will be used for other reasons than to answer your query. It will not be shared with any third party. This information will be deleted 1 year after our last contact with you. If you do not want us to store your data please select the Send No data retained button. Otherwise you are consenting to the above. Send No data retained SendCancel
  • 16. PRINCIPLES OF DATA PROCESSING Processed lawfully, fairly and in a transparent manner Adequate, relevant and limited to what is necessary Accurate and where necessary, kept up to date Retained only for as long as necessary Collected for specified, explicit and legitimate purposes Processed in an appropriate manner to maintain security
  • 17. 5 STEP ACTION PLAN Data Analysis Technology Infrastructure Review Policy Review Supply Chain Review Building an Implementation Team
  • 18. KEY TAKEAWAYS Data What data do you have and where is it stored? What do you use it for? Have you classified it as public, sensitive, confidential? How long can you keep the data for? Infrastructure Where is your data held? Do you use any cloud or outsourced technology service providers? Are your systems and networks secure? Processes Do you have Senior Management Systems and Controls SYSC, DR and Business Continuity plans in place, or a Cyber Incident Response Plan? Do you include cybersecurity training in your staff onboarding process? People Who do you share data with? Do you have a team in place to steer GDPR implementation? Do you have the right skills in house to ensure your data is protected and compliant?
  • 19. Final Comment The cost and effort associated with building resilience and a solid data protection strategy can be high However, the cost of failure is far worse
  • 20. WHO CAN I CALL FOR HELP? Simon Elvidge, Managing Director 3 Lines of Defence Consulting Tel: 020 7129 1270 Email: simon.elvidge@3ldc.com George Ralph, Managing Director RFA (UK) Ltd Tel: 0207 093 5000 Email gralph@rfa.com