Sarah Garrett - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Sarah Garrett

Description:

Nationwide Building Society has both a strong security culture and a very ... Chequebook bound with different customer names and account numbers ... – PowerPoint PPT presentation

Number of Views:133
Avg rating:3.0/5.0
Slides: 18
Provided by: gill96
Category:

less

Transcript and Presenter's Notes

Title: Sarah Garrett


1
Steve Nowell
Director Business Protection, Nationwide
Sarah Garrett
Senior Manager, Information Security,Policy
Comms, Nationwide
2
(No Transcript)
3
Nationwide Maintaining Public Confidence
From here 14 February 2007
To here. 14 February 2008
Nationwide Building Society has both a strong
security culture and a very detailed and
comprehensive documented ISMS with which to
achieve and maintain the international standard
ISO 27001.
4
Nationwide Maintaining Public Confidence
What do we have to protect
Over 13 million customers
Assets over 178bn
Over 900 retail outlets, telephone
internet services
19 thousand employees
5
Nationwide Maintaining Public Confidence
Regaining Public Confidence
CUSTOMERS
Staff
Branches
Assets
6
Nationwide Maintaining Public Confidence
Strategy and Objectives
Provide a demonstrable system of internal control
for security conforming to ISO 27001
Asset Mgmt
Change Mgmt
Risk Mgmt
Incident Mgmt
Assets
Inputs
Management Information
Risk Appetite
Mandatory Docs
ISMS
Risk Prioritisation
Risk Acceptance
Required Controls
Outputs
Awareness
Risk Reduction
Level of Assurance
Staff
Branches
Customers
7
Nationwide Maintaining Public Confidence
Governance
Graham Beale Chief Executive
Individual Accountability at Senior Level
Stuart Bernau Group Retail Director
Matthew Wyles Non Retail Director
Mark Rennison Group Finance Director
John Sutherland Sales Marketing Director
David Rigney Group Operations Director
Tony Prestedge Group Dev Director
Steve Nowell Business Protection Divisional
Director
Business Continuity
Information Security
Special Investigations
Assets
Branches
Customers
8
Nationwide Maintaining Public Confidence
Governance Committees and Reporting
CEO
Group Risk Committee
Feedback Route
Escalation Route
Operational Risk Committee
Business Continuity Risk Oversight Committee
Fraud Risk Oversight Committee
Information Security Risk Oversight Committee
Risk Oversight Committees
Assets
Branches
Customers
9
Nationwide Maintaining Public Confidence
Governance Committees and Reporting
Key Risk Indicators agreed at the beginning of
the year
Review of KRIs to reflect current environment

Action plan to bring KRIs in line with Risk
Appetite
Assets
Branches
Customers
10
Nationwide Maintaining Public Confidence
Governance Committees and Reporting
Incidents
No matter how good you are..while you employ
people.. incidents still happen
Customer information left in a greengrocers
Laptop left in a car overnight
Chequebook bound with different customer names
and account numbers
Tote box fell off the back of a third party
vehicle
Papers left on train
Assets
Branches
Customers
11
Nationwide Maintaining Public Confidence
Re-structured Team
EMPLOYEES
  • Increased resource from 40 to 60 FTE
  • Increased focus and professionalism

Assets
Branches
Customers
12
Nationwide Maintaining Public Confidence
Society-wide Engagement
Specialised local Support
EMPLOYEES
Information Security Co-ordinators (ISC)
Operational Risk Officer (ORO)
Local Access Password Mgmt
Assess local risk exposure Manage Incidents
Central Policy Communications Team to provide
consistent and imaginative messages across the
group.
Assets
Branches
Customers
13
Nationwide Maintaining Public Confidence
Society-wide Engagement
All Employees
Individual Accountability at All Levels
EMPLOYEES
Personal Responsibilities Statement
examples
..I never reveal, store in unprotected form, or
share passwords nor I use easily recognisable
passwords.
..I always lock or log off my PC or mobile
device when not in use, even for a short period
of time.
Information Security Test
examples
The police phone up for some information on a
customer, can we provide this?
What do you do if you are unable to comply with
the Information Security Policy?
Assets
Branches
Customers
14
Nationwide Maintaining Public Confidence
ISO 27001 Certification
Information Security Management System
Assessed February 2008
BRANCHES
Initial certification achieved April 2008
Roll out of assessment during 2008
and 2009 for areas processing high volumes of
customer data
Provides independent assurance that our
information is handled in controlled and secure
way
Assets
Staff
Customers
15
Nationwide Maintaining Public Confidence
Regaining public confidence requires
  • Clear strategy and objectives
  • Strong governance
  • Well organised and resourced IS team
  • Security aware organisation
  • Third party validation

CUSTOMERS
be constantly ahead of the game never
complacent
Staff
Branches
Assets
16
(No Transcript)
17
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Sarah Garrett" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!