roles of the owner controller and cfo in data security
TRANSCRIPT
![Page 1: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/1.jpg)
Roles of the Owner, Controller and CFO
in Data Security
Reduce Risk by Taking Action
![Page 2: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/2.jpg)
Program Discussion
• Key statistics in cyber security
• Survey questions and results
• Why Owners, Controllers and CFOs are getting involved in data security
• Key components in data security and information technology risk management
• Best practices for managing information technology
• Risks and mitigations involved with the use of mobile devices and cloud computing
Roles of the Owner, Controller and CFO in Data Security 2
![Page 3: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/3.jpg)
Key Statistics in Cyber Security
Roles of the Owner, Controller and CFO in Data Security 3
![Page 4: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/4.jpg)
Survey Results
How often do you encounter technology-related questions or concerns in your role at the company?
Roles of the Owner, Controller and CFO in Data Security 4
0% 20% 40% 60% 80% 100%
Never
Minimally
Frequently / regularly
![Page 5: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/5.jpg)
Survey Results
What is your top concern regarding your role in data security?
• Securing the environment– Protecting company and investor information
– Keeping customer and employee information secure
• Having the right people in place– Monitoring outside IT firm management
– Finding resources
• Don’t know what my role is– Staying up to date on changing technology / current threats
– Knowing the right questions to ask
• Losing important data
• Risk management – reputational and fraud
Roles of the Owner, Controller and CFO in Data Security 5
![Page 6: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/6.jpg)
Survey Results
How confident are you in understanding the risk associated with information technology?
Roles of the Owner, Controller and CFO in Data Security 6
0% 20% 40% 60% 80%
Not at all
Somewhat confident
Very confident
![Page 7: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/7.jpg)
Survey Results
What do you see as your top technology initiatives? Ranked from 1 to 3 (1 being top initiative).
Roles of the Owner, Controller and CFO in Data Security 7
0.0 0.5 1.0 1.5 2.0 2.5 3.0
Managing IT risk andcompliance
Managing and retaining data
Securing the IT environment
![Page 8: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/8.jpg)
Survey Results
Technology Priorities for U.S. Accounting Professionals - AICPA survey results -
1. Securing the IT environment
8th time at #1 in past 10 surveys
2. Managing and retaining data
3. Ensuring privacy
4. Managing IT risks and compliance
5. Preventing and responding to computer fraud
Roles of the Owner, Controller and CFO in Data Security 8
![Page 9: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/9.jpg)
Controllers and CFOs are Getting Involved
Not securing data results in serious threats
• Strategic losses
• Regulatory penalties
• Brand reputation damage
Roles of the Owner, Controller and CFO in Data Security 9
As overseers of corporate financial performance, Controllers and CFOs must have on their radars the financial impact that results from data breaches.
![Page 10: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/10.jpg)
The Role of Finance in Data Security
The – a more holistic approach to financial health
• Designing budgets that allocate adequate resources
• Working with IT to design comprehensive data governance plans
• Demanding organization-wide compliance with these plans
• Ensure data supports the company’s financial gain while minimizing its role in any loss
Roles of the Owner, Controller and CFO in Data Security 10
![Page 11: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/11.jpg)
Key Components in Data Security
• Security is all about perception
• Balance – Cost, user access, protection complexity
• Physical, logical, social
• Data
– At rest
– In transit
• Assessment
– Perimeter
– Intrusion detection
Roles of the Owner, Controller and CFO in Data Security 11
![Page 12: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/12.jpg)
Best Practices for Managing IT
• IT as a strategic asset not a cost
• IT Spending levels
• Security
• Governance
• Your company’s place on the adoption curve
• Training
• Constituent touch points
• Be a power user
Roles of the Owner, Controller and CFO in Data Security 12
![Page 13: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/13.jpg)
Risks and Mitigations of Mobile Devices
• Inventory
• Device encryption
• Password enforcement
• Inactivity time out
• Ability to wipe device
• Mobile Device Management (MDM) software
Roles of the Owner, Controller and CFO in Data Security 13
![Page 14: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/14.jpg)
Risks and Mitigations of Cloud Computing
• Build a risk classification of applications and data
• Risk = Threat X vulnerability X consequence
• AICPA SOC 2 report (formerly SAS70, now SSAE16 )
• Applications’ data locations
• Use reputable data centers
• Develop policies
• Monitor use
• Purchase data breach insurance
• Training
Roles of the Owner, Controller and CFO in Data Security 14
![Page 15: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/15.jpg)
Risks and Mitigations of Cloud Computing
Roles of the Owner, Controller and CFO in Data Security 15
![Page 16: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/16.jpg)
Certifications
Roles of the Owner, Controller and CFO in Data Security 16
![Page 17: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/17.jpg)
Service Organization Controls
• SOC 1 – financial reporting
• SOC 2 – security
• SOC 3 – seal and summary report. No carve-outs.
• Type I – point in time
• Type II – functionality over a period of time
• Inclusive vs. carved-out; “subservice provider”
• Three tiered
• User controls – both IT admin and end users
• NDA’s
Roles of the Owner, Controller and CFO in Data Security 17
![Page 18: Roles of the Owner Controller and CFO in Data Security](https://reader031.vdocuments.mx/reader031/viewer/2022030318/5a6d1cde7f8b9ab8418b55d3/html5/thumbnails/18.jpg)
Questions
Questions?
Julie Eisenhauer
Peter Henley
http://slideshare.com/clarknuber
Roles of the Owner, Controller and CFO in Data Security 18