CYPER SECURITY

profileBfh
FinalPresentation-StakeholderPresentationTemplate-Fall2022-1-1.pptx

1

Final Presentation Instructions (Delete before submitting)

Setup: Pick the title slide that aligns with your organization (Healthcare, Manufacturing, Non-profit or Legal) and delete the others:

Make up a name for your organization (it can be fake) and enter it where prompted on the title slide

Enter presenter names on the title slide where prompted

Instructions

Part 1: Cyber Risk Profile (1-2 slides)

Use the “Cyber Insurance Application” and “Organization Description & Profile” document provided for your organization to identify cyber risk profile elements that could drive cyber insurance need. For this section please include:

One or two Technology and/or Applications that are essential for your organization that need to be protected (Hint use the “Components” section on pg. 1 of the “Organization Description & Profile” document to answer this question).

Any applicable laws, regulations, contract requirements, etc.

2-3 cybersecurity control gaps (i.e. things that they are not doing to protect the organization that they should have in place).

Hint – Use assignment 2 to complete this section. All you need to do here is pick these items from your assignment 2 responses and put them on 1-2 slides.

Part 2: Cyber Insurance Need (2-3 slides)

Identify a few key coverage elements that you believe are essential for your organization (3-4 is fine)

Using the Cyber Risk Profile information you prepared in Section 1 to explain how the coverage elements you selected align with the risk profile elements you identified.

Hint – Use Lecture 4 “Cyber Insurance Need & Strategy” slides to identify essential coverage elements. You may not need to create anything new for these slides. Work with your partner(s) to use what you already prepared for Assignment 3 to complete this section.

1

2

Instructions Continued

Part 3: Coverage Review and Recommendations (1-2 Slides)

Use the sample “UBTech CySure Declarations Page” and the “Travelers Cyber Risk Policy Form Sample” to answer these questions

Do you believe the policy limit quoted issufficient for your organization (no wrong answer here, just want your opinion). I recommend you use the Chubb Cyber Index Cyber Risk Calculator for additional guidance - https://chubbcyberindex.com/#/cyber-risk-calculators

Are the essential coverages you identified in section 1 covered by this policy?

Are there any coverages NOT included that you recommend your organization should have?

Part 4: Cyber Incident Response & Claims (2-3 slides)

Summarize the essential elements if cyber incident response

Outline the Core, Escalation and External roles your organizations should have on their incident response team.

Provide some examples of how cyber insurance enables cyber incident response and helps organizations improve their cyber risk profile. Pick a few examples that align with the cyber risk profile elements you identified in section 1 to complete this.

Hint – You can use Assignment 5 to complete this section, no need to recrate anything new here if not necessary. Just be sure to collaborate with your partner(s) to collaborate on the slides/content to use.

2

3

Grading & Presentation Guidelines

I will be grading each presentation these guidelines:

Did you pick a name for your organization? (5 points)

Did you cover the 3 required risk profile elements listed in the instructions for section 1?

Did you explain how the essential coverage elements you picked align with your organizations risk profile?

Did you answer the 3 questions listed in the instructions for section 3?

Did you explain how cyber insurance can help YOUR organization improve their cyber risk profile and respond to a cyber incident?

Did each person in your group speak during the presentation?

Presentation Guidelines:

All presentations must be submitted to me in Sakai no later than 5:00 PM on December 8th.

Presentations should be between 7-10 content slides (not including title slide and any section breaks)

Each team will present on the date randomly assigned. See the Final Presentation Assignments and Schedule document HERE to find your partner and presentation date.

Presentations should be 20 minutes max. I will be enforcing a hard stop at 20 minutes so please be sure to monitor your time.

All files for this assignment are posted in the Assignment link as well as in the course FILES.

Spacely’s Sprockets

Ben Tharp, Banan Alqethami and Grayson Muscalli

Prepared For:

Presented by:

4

5

Cyber Risk Profile

5

Payroll and Accounting

While not as material as the AWS remote support and control system it does hold confidential information of your partners and employees

The main concern is ransomware. This is due to the cost production disruption. Other threats while possible would be better conducted on a different type of business.

AWS Custom remote support and control system

Any risk to this would stop the company from producing revenue as it serves as an internet of things access point to the company's manufacturing platform

The accounting system can also hold valuable financial information which could put the company at a competitive disadvantage

6

Cyber Risk Profile

6

Recognized Control Gaps

The AWS platform supporting manufacturing and the accounting and payroll platform do not utilize MFA and aren’t managed by a CASB.

Most Agreements and Contracts include data privacy/security provisions

Legal and Regulatory Requirements

Department of Defense DFARS/Cybersecurity Maturity Model Certification (CMMC)

Business impact analysis would provide a full account of exactly what could go wrong and how long it would take to become a problem inclusive of the magnitude of the problem.

CMMC and other government related, mostly tied to NIST CSF or 800.53

Leadership Involvement in findings should be enhanced to better allocate resources

7

Cyber Insurance Need

7

First Party Coverage and Expense Reimbursement

Designed to mitigate risk associated with first party expenses in relation to a cyber incident. These can include regulatory investigation, fines and privacy breach expenses

Business Interruption and Extra Expense

Designed to mitigate risk associated loss of Revenue in the event of a cyber incident inclusive of the cost associated with resuming production

Cybercrime

Designed to mitigate risk associated with a number bad actor related incidents including identity theft, ransomware, electronic theft and computer fraud

8

Cyber Insurance Need

8

First Party Coverage and Expense Reimbursement

Designed to mitigate risk associated with first party expenses in relation to a cyber incident. These can include regulatory investigation, fines and privacy breach expenses

Business Interruption and Extra Expense

Designed to mitigate risk associated loss of Revenue in the event of a cyber incident inclusive of the cost associated with resuming production

Cybercrime

Designed to mitigate risk associated with a number bad actor related incidents including identity theft, ransomware, electronic theft and computer fraud

First Party Coverage and Expense Reimbursement

9

Cyber Insurance Need

9

Associated Risk

Expensive proprietary 3D printing technology

Contractual liability of a cyber event

Mitigation

Coverage element will help to cover any cost associated with contractual fines and investigation due a cyber event given the cost of the 3D printing technology handled by the company the loss of that data could be a significant cost

Coverage will mitigate any cost associated with any forensic investigation needed in event of a cyber incident

Business Interruption and Extra Expense

10

Cyber Insurance Need

10

Associated Risk

The main risk associated for cybercrime would be ransomware which would target the production line

Mitigation

The primary risk associated with a manufacturing firm is the loss of revenue due to a production stoppage

Coverage element will reimburse company for loss of revenue, extremely important for a manufacturing firm that relies solely on production for revenue

Associated cost of getting the company back to production are included in coverage

This would also include in reasonable expense above and beyond normal operations, which would likely be required considering the third-party software used in running the IOT platform used in the company’s manufacturing process

Cybercrime

11

Cyber Insurance Need

11

Associated Risk

Loss of revenue associated with a stoppage in production

Mitigation

Reimbursement for funds paid to a cyber-criminal threatening malicious actions related to data and computer networks, and/or demanding ransom for release of encrypted data

This in conjunction with business interruption coverage would mitigate most of the risk caused by a ransomware attack that would stop production

Having this coverage would allow for either a quick resolution to a ransomware attack or to be reimbursed for the lost revenue

12

Cyber Incident Response & Recommendations

12

image1.png

image2.png

image5.png

image6.svg

.MsftOfcThm_Background1_Fill_v2 { fill:#FFFFFF; }