Professional Documents
Culture Documents
Cybersecurity & Data Privacy 2
Cybersecurity & Data Privacy 2
risks.
be transformed
6/5/2023
Is this familiar
to you?
be transformed
6/5/2023 2
Common cyber threats and attack vectors
A Weak and or compromised credentials
46%
B Misconfiguration
Cybersecurity Governance
• Program governance • Organizational model • Steering committee structure • Tone at the top • Regulatory and legal landscape • Cybersecurity strategy
Secure
Program management Data protection Identity and access management Infrastructure security
a) Policies, standards, baselines, guidelines, a) Data classification a) Account provisioning a) Hardening standards
and procedures b) Data security strategy b) Privileged user management b) Security design/architecture
b) Talent and Budget management c) Information records management c) Access certification c) Configuration management
c) Asset management d) Enterprise content management d) Access management and d) Network defense
d) Change management e) Data quality management governance e) Security operations management
e) Program reporting f) Data loss prevention e) Generic account management
f) Risk and compliance management
Vigilant Resilient
Threat and vulnerability management Monitoring Crisis management Enterprise resiliency
a) Threat modeling and intelligence a) Security Log Management (SLM) a) Response planning a) Business Impact Analysis (BIA)
b) Penetration testing b) Security Information and Event b) Tabletop exercises b) Business Continuity Planning
c) Vulnerability management Management (SIEM) c) War game exercises (BCP)
d) Emerging threats (e.g., mobile c) Cyber risk analytics d) Incident response and forensics c) Disaster Recovery Planning (DRP)
devices) d) Metrics and reporting e) Crisis communication plan
f) Third-party responsibilities be transformed
*The summitSECURITY cyber assurance framework is aligned with industry standards and maps to NIST, ISO, COSO, ITIL, and CIS CSC. Alternative adequate frameworks may be used.
Cyber assurance risk assessment for improved governance Risk Assessment
Client Industry
Program Management
Data Protection
Monitoring
Current Maturity
Availability
be transformed
Payment Card Industry (PCI)
1. Anyone who stores, process, or transmits credit card
data must be PCI compliant
2. Common PCI validation requirements
▪ Report on Compliance (ROC)
▪ Self-Assessment Questionnaire (SAQ)
▪ Letter of Attestation
▪ Quarterly PCI scans
3. Sample PCI Data Security Standards Requirements
▪ Annual Penetration Testing (DSS 11.3)
▪ Security Awareness Training (DSS 12.6)
▪ Quarterly PCI scans (DSS 11.2)
be transformed
6/5/2023 9
People are not the
weakest link - they are
the primary attack vector.
be transformed
be transformed
Questions & Answers
Q&A
Mustapha B Mugisa, Mr Strategy
strategy@summitcl.com
be transformed