Title: Year in Review: Headlines
1Year in ReviewHeadlines Predictions
- Alta Associates Inc.5th Annual Executive Womens
ForumInformation Security, Risk Management
Privacy
- September 21, 2007
Presenters Nicole Degnan, Merrill Lynch Paula
Hamm, Symantec Corp Laura Koetzle, Forrester Rese
arch
2Agenda
- Introductions
- Looking Back Year In Review
- 2007 EWF Survey Results What You Told Us
- Peeking Forward 2008 Predictions
3Who We Are
- Nicole Degnan
- Director, Business Risk Management, Merrill
Lynch
- Paula Hamm
- VP, Business Critical Education Services,
Symantec Corp
- Laura Koetzle
- VP, Forrester Research
4Who You Are Survey Results
- What is your primary function?
- Risk Management
- Compliance
- Information Security
- Privacy
- Other
5Looking Back Year In Review
6Looking Back Year In Review
- In what could be one of the biggest and most
far-reaching cases involving the loss of
confidential data, this company revealed that it
was the victim of a security breach that has left
customers around the world exposed to fraud and
identity theft.
- 260,000 customers impacted
- 6 billion loss
- September 18th, 2006
- Retail Store
7(No Transcript)
8Looking Back Year In Review
- Announced that it had discovered 51 cases of
criminal activity and 3.45 billion in fraudulent
loans.
- 6.45 billion loss
- June 27th, 2006
- Bank
9(No Transcript)
10Looking Back Year In Review
- A password-protected file server, containing
insurance information submitted by brokers on
behalf of various employers, was stolen from
inside a locked room.
- 930,000 people impacted
- 1.6 billion loss
- February 9th, 2006
- Insurance
11(No Transcript)
12Looking Back Year In Review
- A fund that, as losses mounted, simply spun out
of control, leading to one of the biggest trading
debacles in Wall Street's history.
- 6 billion loss
- September 18th, 2006
- Hedge Fund
13U.S. Regulators Sue Amaranth for Natural Gas
Price Manipulation
- CNBC
14Looking Back Year In Review
- 2.4 billion in cash and stock was paid due to an
earnings-manipulation scandal during 2004.
- 2.4 billion loss
- February 8th, 2006
- Telecom
15(No Transcript)
16Looking Back Year In Review
- Laptop containing the names, Social Security
numbers, and dates of birth of government
employees were stolen.
- 26.5 million people impacted
- May 3rd, 2006
- Government
17Veterans Affairs Hires ID Analytics Professionals
to Perform Data Breach Analysis
-WSJ
18Looking Back Year In Review
- Members received letters informing them that
their credit-card information was sold by an
employee to a federal agent as part of an
undercover sting operation.
- Number effected not yet determined
- May of 2007
- Arts Entertainment
19Disney Movie Club Members Victimized in Latest
Data-Breach Horror Show
-Network World
20Looking Back Year In Review
- The third largest commercial bank in the United
States allegedly discarded personal financial
details belonging to its customers in garbage
bags left outside five branch offices in New York
City.
- April 30th, 2007
- Identity Theft
- Bank
21Chase Video
222007 EWF Survey Results
232007 Survey Results What You Told Us
- What is your companys biggest challenge to
streamlining risk, information security, and
privacy programs?
- Management Buy-in
- No Technology/Tool
- Internal Politics
242007 Survey Results What You Told Us
- How would you rate your companys use of
resources to efficiently review, test and report
on risk activities?
- Poor
- Limited
- Satisfactory
- Very Good
- Excellent
- Dont Know
252007 Survey Results What You Told Us
- How would you rate the quality of information
used to support your information security,
privacy and risk management programs?
- Poor
- Limited
- Satisfactory
- Very Good
- Excellent
- Dont Know/ Not Applicable
26Peeking Forward 2008 Predictions
272007 Survey Results What You Told Us
- What are the big 3 predictions for 2008?
- Data leaks continue to result in massive volumes
of stolen account data from financial
institutions
- Portable devices create new areas of exposure
- Stolen confidential information sold in the US
and China
28Peeking Forward 2008 Predictions
- Financial fraud at US (and, potentially UK)
sub-prime lenders will involve high-ranking
people at banks and hedge funds. (5)
- Another entire country/economic block will suffer
a coordinated, politically-motivated wide-ranging
attack (dDoS with botnet, etc) similar to the one
that Estonia suffered recently (April-May 2007).
(8) - Economic overheating in China will disrupt the
nascent market for managed security services
there (itll disrupt everything else, too). (4)
- Incidences of IP theft and corporate espionage
will continue in India, including by employees of
captive centers. (9)
- New financial centers in regions without a
tradition of clean regulation (e.g. Dubai) will
suffer financial fraud and be targets for
politically-motivated cyber terrorist attacks.
(7) - A sophisticated attack on the Internet
infrastructure and industrial systems will
disrupt not only mission critical systems, but
also the backup systems resulting in a
catastrophe which causes loss of life. (8) - New models of integrated risk management will be
developed to comprehensively address risk across
disciplines of security, compliance, availability
and performance. (13)
29Year in ReviewLooking BackPeeking Forward
- Alta Associates Inc.5th Annual Executive Womens
ForumInformation Security, Risk Management
Privacy
- September 21, 2007
Presenters Nicole Degnan, Merrill Lynch Paula
Hamm, Symantec Corp Laura Koetzle, Forrester Rese
arch