Understanding Information Risk Management at Nationwide
Learn about the importance of information risk management at Nationwide, including the threats faced by all companies, the specific risks in the financial services industry, and the measures taken to protect sensitive data.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Nationwide Information Risk Management (IRM) M. Travis Michalak Nationwide Financial AVP Information Risk Management May 12, 2015
Agenda 1. Do You Need to Be Concerned? 2. Information Risk at Nationwide 3. What Can You Do to Better Protect Yourself and Your Sensitive Data 4. Questions 1
Understanding the threat landscape ALL COMPANIES ARE ALL AT RISK. NO MATTER THE SIZE OR INDUSTRY. Data from September 2009 3
Understanding the threat landscape 9 15% INCREASE IN THREAT ACTIVITY IN THE FINANCIAL SERVICES INDUSTRY 33% OF BREACHES WERE DISCOVERED INTERNALLY MILLION+ PEOPLE EXPERIENCE IDENTITY THEFT EVERY YEAR 8 2.5 BILLION RECORDS COMPROMISED OVER THE PAST FIVE YEARS 1IN 5 ORGANIZATIONS HAVE BEEN ATTACKED Data from September 2009 MONTHS IS THE AVERAGE TIME AN ADVANCED THREAT GOES UNDETECTED ON A VICTIM S NETWORK 62% INCREASE IN BREACHES 4
Understanding the threat landscape Why is Security an NF Technology Trend? The Threat is Intensifying Organized Crime, Hactivists, Nation State, Industrial Espionage, Insider Threat, Careless Employees all pose Threats to the Financial Services sector Technology Landscape is Changing Fast Introduction to new technologies such as Mobile, Cloud Computing, Data Analytics are introducing new security challenges Our Business Partners and Customers Expect Security & Trust Many of our customers (e.g., State & County Public Retirement Plans) are asking for this functionality to better protect their consumers information Data from September 2009 There are expanding methods and portals where weaknesses are exposed including, E-Mail / Web, Web User Interface, Identity Compromise, Physical Access & Social Engineering Vulnerabilities and Attack Vectors are Expanding 5
Information Risk at Nationwide Operational Risk is just one Risk Type of our Enterprise Risk Management (ERM) Framework IT Operational Risk Managed by Information Risk Management What does IT Operational Risk Management cover? Information Security IT operational risk management facilitates Nationwide s efforts to: 1) Protect confidential information 2) Have systems and businesses that are recoverable 3) Be prepared to respond to a crisis 4) Be in compliance with regulations and Nationwide policies. Continuity Management Crisis Management Compliance & Regulatory
Information Security at Nationwide TOP 10 MOST TRUSTED COMPANY The Ponemon Institute, which conducts independent research on privacy, data protection and information security, has named Nationwide one of the top 10 Most Trusted Companies for privacy every year for the past 10 years. Nationwide is proud of this recognition and takes information security and privacy very seriously. DEDICATED TEAM OF PROFESSIONALS Nationwide has over 150 dedicated trained information risk management professionals who are continuously focused ensuring we help protect the private information and help assure the availability of systems AWARD-WINNING SECURITY & PRIVACY TRAINING Nationwide IT has an award-winning information security and privacy training and awareness program.
Business Continuity at Nationwide COMPREHENSIVE BUSINESS & SYSTEMS RECOVERY PROGRAM In an effort to meet the expectations of our members, we strive to provide continuous service operations. Nationwide uses a comprehensive Business Continuity and System Recovery program where recovery plans are reviewed, updated and tested on a regular basis TOP TIER IV DATA CENTER Our recently opened Data Center in New Albany, Ohio (Data Center East) has qualified as a Tier IV facility, the highest possible rating LEED CERTIFIED Nationwide committed early in its planning cycle to apply for Leadership in Energy and Environmental Design (LEED) certification for Data Center East
Information Security at Nationwide Current Defense in Depth Strategy We provide different protections across all different layers Intrusion Detection / Intrusion Prevention Security Policies & Standards Education & Awareness (Regulations) Workstation Security Network Security Software Security Server Security Perimeter Security Database Security Event & Incident Management
What Can You Do to Better Protect Yourself and Your Sensitive Data? 11
Mobile Device Protection Use a start up and auto-lock passcode Never leave your device unattended and transport it in a hidden area Avoid conducting financial transactions over public wireless networks Only install applications from legitimate application stores Understand what data (location, contacts, access to social networks) the application can access on your device before you download Download the latest operating system updates and security software (if applicable) to help defend against viruses, malware and other online threats Enable location tracking and remote wipe software if available Do not tamper with your Smartphone s operating system (e.g. jailbreaking)
Secure your WIFI Secure your WIFI with WPA2 and a strong password Secure access to the wireless router Change the wireless network name Turn off remote and wireless access to the router s settings Enable a Guest network Update your firmware Search online
Recognize & Avoid Phishing Red Flags Check the sender Dear Customer Bad spelling and grammar Urgent requests Be careful with website links Be suspicious of attachments Requests for sensitive information Sound too good to be true?
Social Media Tips Consider what you post Control visibility and privacy Routinely check your settings Respond to a breach
Other Ways to Protect Turn on WPA2 Make passwords long and strong Unique account, unique password Keep a clean machine Automate software updates Admin user account only to complete a specific task Consider the information you post on social sites Enable a firewall (Personal Firewall) Limit use of administrator accounts Protect your $$ Don t be tricked into opening an attachment or providing confidential information about yourself Never provide your user ID & password via a clicked-on link from an email or text When in doubt, throw it out
Questions M. Travis Michalak Associate Vice President Nationwide Financial Information Risk Management michalm@nationwide.com 614-677-6809 1 Nationwide Plaza 3-17-202 Columbus OH 43215 Thank You! 17
