Embed Size (px)
Citation preview
Welcome to CES Government 20149th Annual Premier Policy ForumTuesday, January 7, 2014: Day 2
Protecting Critical Infrastructure: Financial Institutions Enterprise-Level Information Protection Management
Moderator: Mark ConnellyChief Information Security OfficerThomson Reuters
Dr. Barry West, PhDChief Information Officer and Deputy Chief Management OfficerPension Benefit Guaranty Corporation (PBGC)
Joseph SniadoSenior Vice President and Chief Information OfficerStandard & Poor's Ratings Services - McGraw Hill Financial
PROTECTING CRITICAL INFRASTRUCTURE: FINANCIAL INSTITUTIONS
ISSUES, TRENDS AND THE PRIVATE SECTOR
Mark Connelly, Chief Information Security Officer
OUR BUSINESS
Financial & Risk IP & ScienceTax & AccountingLegal
Trading
Investors
Marketplac
es
Governance Risk & Compliance
Life
Sciences
Scientific & Scholarly Research
Intellectual
Property
Knowledge
Solutions
Professiona
l
Corporate
Governmen
t
Large Law
Firms
Governmen
t
General
Counsels
Small Law
Firms
4
Reuters News
Media
Global Growth & Operations
5
BUSINESS OVERVIEW
MANY CEO’S ARE GETTING IT
6
“The complexity and criticality of information security
and its governance demand that it be elevated to the
highest organizational levels. As a critical resource,
information must be treated like any other asset
essential to the survival and success of the
organization.”
- A ‘CEO’
…OR YOU’LL HAVE A BAD DAY AT THE OFFICE
7
Protecting Critical Infrastructure: Financial Institutions Enterprise-Level Information Protection Management
Moderator: Mark ConnellyChief Information Security OfficerThomson Reuters
Dr. Barry West, PhDChief Information Officer and Deputy Chief Management OfficerPension Benefit Guaranty Corporation (PBGC)
Joseph SniadoSenior Vice President and Chief Information OfficerStandard & Poor's Ratings Services - McGraw Hill Financial
Permission to reprint or distribute any content from this presentation
requires the prior written approval of Standard & Poor’s. Copyright © 2013
by Standard & Poor’s Financial Services LLC. All rights reserved.
Standard & Poor’s
Ratings Services: An Overview
Joe Sniado
Senior Vice President
Chief Information Officer
January 7, 2014
Standard & Poor’s Ratings Services is a leading provider of independent credit ratings and analysis, offering a combination of global perspective and local insight.
• We are part of McGraw Hill Financial ― a high-growth, high-margin benchmarks, content and analytics company serving the capital and commodity markets.
• Standard & Poor’s Ratings Services has 1,400+ analysts covering 129 countries
• More than 1.1 million ratings outstanding
• $3.5 trillion in new debt rated in 2012
• We believe that there is a marketplace need for financial information and transparency.
• Provides investors with benchmarks for comparability
• We continuously update and refine our processes to align with developments in the marketplace, enabling us to offer insightful opinions that help market participants make more informed investment decisions.
Who We Are
Credit Ratings Are Credit Ratings Are Not
What Are Credit Ratings And What Do They Do?
• A forward-looking opinion about the ability of an issuer to pay back investors in full and on time
• Strives to be globally comparable across sectors
• Incorporates views on relative likelihood of default that are applied to entities (issuers) and securities (issues)
• One of many inputs available to investors as part of their decision-making process
• A guarantee of credit quality or default probability
• Investment advice or recommendation (buy, sell or hold)
• A measure of liquidity or price
• A way of defining “good” or “bad” companies
• An audit of the company
What Credit Ratings Do
They foster the development and smooth functioning of capital markets by providing transparent
information and insight to market participants. Smooth functioning of the capital markets allows:
• People to start and grow businesses, improvements to infrastructure, manufacturers to build
factories and create jobs
Additionally, credit ratings provide investors with:
• Common terminology to describe different levels of creditworthiness (e.g., AAA), independent
opinions and information to help make more informed investment decisions
Challenges
• Need to Know (Regulatory Requirements) vs. Collaboration and Sharing (Knowledge Management)
• Expanding Risk Surface Area Due to Consumerization, Outsourcing, Cloud and Other Trends
• Accelerated Digitization of our Business Has Increased the Threat Profile From the Inside-Out AND the Outside-In
Copyright © 2014 by Standard & Poor’s Financial Services LLC. All rights reserved.
No content (including ratings, credit-related analyses and data, valuations, model, software or other application or output therefrom) or any part thereof (Content) may be modified,
reverse engineered, reproduced or distributed in any form by any means, or stored in a database or retrieval system, without the prior written permission of Standard & Poor’s
Financial Services LLC or its affiliates (collectively, S&P). The Content shall not be used for any unlawful or unauthorized purposes. S&P and any third-party providers, as well as their
directors, officers, shareholders, employees or agents (collectively S&P Parties) do not guarantee the accuracy, completeness, timeliness or availability of the Content. S&P Parties
are not responsible for any errors or omissions (negligent or otherwise), regardless of the cause, for the results obtained from the use of the Content, or for the security or
maintenance of any data input by the user. The Content is provided on an “as is” basis. S&P PARTIES DISCLAIM ANY AND ALL EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE, FREEDOM FROM BUGS,
SOFTWARE ERRORS OR DEFECTS, THAT THE CONTENT’S FUNCTIONING WILL BE UNINTERRUPTED OR THAT THE CONTENT WILL OPERATE WITH ANY SOFTWARE
OR HARDWARE CONFIGURATION. In no event shall S&P Parties be liable to any party for any direct, indirect, incidental, exemplary, compensatory, punitive, special or
consequential damages, costs, expenses, legal fees, or losses (including, without limitation, lost income or lost profits and opportunity costs or losses caused by negligence) in
connection with any use of the Content even if advised of the possibility of such damages.
Credit-related and other analyses, including ratings, and statements in the Content are statements of opinion as of the date they are expressed and not statements of fact. S&P’s
opinions, analyses and rating acknowledgment decisions (described below) are not recommendations to purchase, hold, or sell any securities or to make any investment decisions,
and do not address the suitability of any security. S&P assumes no obligation to update the Content following publication in any form or format. The Content should not be relied on
and is not a substitute for the skill, judgment and experience of the user, its management, employees, advisors and/or clients when making investment and other business decisions.
S&P does not act as a fiduciary or an investment advisor except where registered as such. While S&P has obtained information from sources it believes to be reliable, S&P does not
perform an audit and undertakes no duty of due diligence or independent verification of any information it receives.
To the extent that regulatory authorities allow a rating agency to acknowledge in one jurisdiction a rating issued in another jurisdiction for certain regulatory purposes, S&P reserves
the right to assign, withdraw or suspend such acknowledgement at any time and in its sole discretion. S&P Parties disclaim any duty whatsoever arising out of the assignment,
withdrawal or suspension of an acknowledgment as well as any liability for any damage alleged to have been suffered on account thereof.
S&P keeps certain activities of its business units separate from each other in order to preserve the independence and objectivity of their respective activities. As a result, certain
business units of S&P may have information that is not available to other S&P business units. S&P has established policies and procedures to maintain the confidentiality of certain
non-public information received in connection with each analytical process.
S&P may receive compensation for its ratings and certain analyses, normally from issuers or underwriters of securities or from obligors. S&P reserves the right to disseminate its
opinions and analyses. S&P's public ratings and analyses are made available on its Web sites, www.standardandpoors.com (free of charge), and www.ratingsdirect.com and
www.globalcreditportal.com (subscription), and may be distributed through other means, including via S&P publications and third-party redistributors. Additional information about our
ratings fees is available at www.standardandpoors.com/usratingsfees.
STANDARD & POOR’S, S&P, GLOBAL CREDIT PORTAL and RATINGSDIRECT are registered trademarks of Standard & Poor’s Financial Services LLC.
Protecting Critical Infrastructure: Financial Institutions Enterprise-Level Information Protection Management
Moderator: Mark ConnellyChief Information Security Officer
Thomson Reuters
Dr. Barry West, PhDChief Information Officer and Deputy Chief Management OfficerPension Benefit Guaranty Corporation (PBGC)
Joseph SniadoSenior Vice President and Chief Information OfficerStandard & Poor's Ratings Services - McGraw Hill Financial
What is the PBGC?
Pension Benefit Guaranty Corporation (PBGC)
Federal government corporation
Established under Title IV of the Employee Retirement Income Security Act
of 1974 (ERISA)
Governance:
Headed by a Director who is appointed by the President and confirmed
by the Senate.
Board of Directors: Departments of Labor, Commerce, and Treasury
(Labor is Chair)
Mission is to encourage the continuation and maintenance of private-sector
defined benefit pension plans, provide timely and uninterrupted payment of
pension benefits, and keep the insurance premiums at a minimum
What is the PBGC?
Pension Benefit Guaranty Corporation (PBGC)
Protects the pensions of approximately 43 million workers and retirees in more
than 24,000 private-sector defined benefit pension plans
Ensure a specified monthly retirement benefit, usually based on salary or a stated
dollar amount and years of service
Self-financed and receives no funds from general tax revenues
FY 2013: collected over $3 billion in premiums from more than 24,000 ongoing plans
had about $85 billion in investments under management, and
posted over $2.6 billion in investment earnings
paid over 850,000 participants nearly $5.5 billion in pension benefits
paid out $89 million to benefit another 50,000 participants in multiemployer
pension plans
received a 90 rating from The American Customer Satisfaction Index (ACSI), a
rating of 80 or above is considered excellent
PBGC’s IT Strategic Direction
“A Look Into Our Future”
Moderator: Charlie Armstrong Assistant Commissioner and Chief Information Officer
U.S. Customs and Border Protection
Scott TotzkeSenior Vice President, BlackBerry Security Group BlackBerry
Honorable Ian Liddell-GraingerMember of Parliament, United Kingdom
The Cyber Threat Matrix: Interactive Discussion
Cultural Barriers to Information Protection • Technology and Acquisition: Can Government Keep Pace?
• Policy and Politics on a Global Scale
• The Challenges of Security in Today’s Mobile World
The Challenges of Security in
Today's Mobile World
January 7, 2013
Sc o t t To t z ke
SVP, B lac k Ber ry Sec u r i t y G roup
Agenda
Key Mobility Trends
Security Risks
Cyber Security Policy
BlackBerry’s Security Solution
Key Trends in Enterprise Mobility
Powerful low-cost device options
serve multiple purposes
BYOD brings management,
security and cost challenges
Add cloud, apps and more: it’s
a complex mobility management
scenario
Mobile Device Security Risks Are IncreasingInformation, Assets and Business Processes Are Being Mobilized
Sensitive back-end systems
being mobilized:
›ERP
›CRM/SFA
›Asset mgmt & logistics
›Intranet/content servers
›Medical IS
›Financial IS
›Critical communications
›DRP
Stage 1:Mobilizing
KnowledgeWorker Desktop
Stage 2:Mobilizing Data
Center Value
Stage 3:Redefining
Business withMobility
UCC Business Process Re-engineeringInstant
MessagingPurpose Built Apps
Intranet
Maturity
Bu
sin
ess
Val
ue
What a Cyber Security policy should accomplish
End to End Security must be a pillar
Protect and secure networks
Secure personal and work data
Provide transparency and assure protections
Can’t ignore the basics:
Management
Asset Control
Secure Connectivity
Secure your data + network
Enable applications
BlackBerry
iOS Android
Delivering the purpose-built, multi-platform security government needs
BlackBerry Enterprise Service 10
Centralized & simplified management through one platform
Personal Owned/BYOD and Government Deployed
BlackB
erry Secure In
frastructu
re
Device Management
Security App & Content Management
Unified Comms & Collaboration
BlackBerry® Technical Support Services
•The #1 solution for high-end security needs. BlackBerry 10 combined with BES10 offers the most secure end-to-end mobility platform
•Comprehensive, multi-platform device, security and app management through a single console with the highest levels of security available
•A simple, scalable and cost-effective extension of your existing investments in BES
•Deploy, manage and control government and BYOD on multiple platforms
•Renowned global support services come standard
Cyber Threat Matrix
Threat
Detection
ResponseResolution & Remediation
Prevention
