Upload File

cyber security disclosures - pension research council€¦ · 4. asset management 5. human resource...

  • Home
  • Documents
  • Cyber Security Disclosures - Pension Research Council€¦ · 4. Asset Management 5. Human Resource Security 6. Physical and Environmental Security 7. Communications & Operations
14
Cyber Security Disclosures The SPARK Institute

Upload: others

Post on 22-Jun-2020

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Cyber Security Disclosures - Pension Research Council€¦ · 4. Asset Management 5. Human Resource Security 6. Physical and Environmental Security 7. Communications & Operations

Cyber Security Disclosures

The SPARK Institute

Page 2: Cyber Security Disclosures - Pension Research Council€¦ · 4. Asset Management 5. Human Resource Security 6. Physical and Environmental Security 7. Communications & Operations

Presenters

Allison Itami Ben Taylor

Page 3: Cyber Security Disclosures - Pension Research Council€¦ · 4. Asset Management 5. Human Resource Security 6. Physical and Environmental Security 7. Communications & Operations

Contents

• Evaluating Cyber Security Today• Regulatory Environment

• Gramm Leach Bliley• Title V Privacy• ERISA• International Regulations• Governmental Plans• State Statutes

• Filling the Regulatory Void• Background• SPARK Data Security Oversight Board (DSOB)• Development Process• Framework Flexibility• Third Party Attestations

• SOC2• AUP

• Control Objectives• How It Works

• Tools for Plan Sponsors, Plan Consultants and Plan Attorneys

Page 4: Cyber Security Disclosures - Pension Research Council€¦ · 4. Asset Management 5. Human Resource Security 6. Physical and Environmental Security 7. Communications & Operations

Today’s Measure of Cyber Security

Adequacy

Behind Closed Doors

Evaluators Traditionally Not Trained as Experts

Destructive Information Cycle

Page 5: Cyber Security Disclosures - Pension Research Council€¦ · 4. Asset Management 5. Human Resource Security 6. Physical and Environmental Security 7. Communications & Operations

Regulatory Environment

Gramm Leach Bliley

ERISA

International Regulations

Governmental Plans

State Statutes

Page 6: Cyber Security Disclosures - Pension Research Council€¦ · 4. Asset Management 5. Human Resource Security 6. Physical and Environmental Security 7. Communications & Operations

Background & History

Proliferation of Questions

Intimacy of Questions & Secrecy of Answers

Refusal to Answer to Protect Other Clients

Page 7: Cyber Security Disclosures - Pension Research Council€¦ · 4. Asset Management 5. Human Resource Security 6. Physical and Environmental Security 7. Communications & Operations

Development Process

Collaborated

Examined Possibilities

Decided on an Approach

SPARK Data Security Oversight Board

Page 8: Cyber Security Disclosures - Pension Research Council€¦ · 4. Asset Management 5. Human Resource Security 6. Physical and Environmental Security 7. Communications & Operations

Third Party Attestations

First Priority

Page 9: Cyber Security Disclosures - Pension Research Council€¦ · 4. Asset Management 5. Human Resource Security 6. Physical and Environmental Security 7. Communications & Operations

Flexibility

Security Framework Flexibility• Agreement on a single

framework is not possible

• A single framework is NOT Desirable

• Diverse Frameworks make a stronger defense

Page 10: Cyber Security Disclosures - Pension Research Council€¦ · 4. Asset Management 5. Human Resource Security 6. Physical and Environmental Security 7. Communications & Operations

Easily Understood

Page 11: Cyber Security Disclosures - Pension Research Council€¦ · 4. Asset Management 5. Human Resource Security 6. Physical and Environmental Security 7. Communications & Operations

SPARK’s 16 Control Objectives

1. Risk Assessment and Treatment2. Security Policy3. Organizational Security4. Asset Management5. Human Resource Security6. Physical and Environmental Security7. Communications & Operations Management8. Access Control9. Information Systems Acquisition Development10.Incident & Event Management11.Business Resiliency12.Compliance13.Mobile14.Encryption15.Supplier Risk16.Cloud Security

Page 12: Cyber Security Disclosures - Pension Research Council€¦ · 4. Asset Management 5. Human Resource Security 6. Physical and Environmental Security 7. Communications & Operations

How It Works

Record Keeper Hires Third Party Independent Auditor

Auditor Uses SPARK’s 16 Control Objectives

Auditor Creates a SOC2 or AUP Report for Consultants and Plan Sponsors

Plan Consultant or Plan Sponsor Uses Report to Grade Record Keepers

Page 13: Cyber Security Disclosures - Pension Research Council€¦ · 4. Asset Management 5. Human Resource Security 6. Physical and Environmental Security 7. Communications & Operations

Next Steps

Communicate to Plan Sponsors, Consultants and Attorneys

Implement New Best Practice Disclosures for Cyber Security & Data Protection

Share with Retirement Community, Learn and Continually Improve the Process

Page 14: Cyber Security Disclosures - Pension Research Council€¦ · 4. Asset Management 5. Human Resource Security 6. Physical and Environmental Security 7. Communications & Operations

Questions


SOCIAL SECURITY AND THE PRIVATE PENSION SYSTEM: THE

The Highland Council Pension Fund - audit-scotland.gov.uk · accounts to the modal accounts to ensure adequacy of disclosures and best practice. Grant Thornton have extensive pension

[11] Pension Security

enron, pension policy, and social security privatization

Social Security: The Government Pension Offset (GPO) ·  · 2016-10-21Social Security: The Government Pension Offset ... 1 The GPO is often confused with the Windfall Elimination

BulgArIAn AssocIAtIon of supplementAry pensIon securIty ...assoc.pension.bg/public/19@fen_almanah_eng.pdf · 2 10 years Bulgarian Association of Supplementary Pension Security Companies

Pension Plans and Social Security

ESSAYS ON INFORMATION SECURITY FROM AN … · essays on information security from an economic perspective: information security disclosures, investors ... introduction ... figure

Best Practice Policies for Trustees and Pension Systems · Enhancing Public Retiree Pension Plan Security: Best Practice Policies for Trustees and Pension Systems

Social Security (Health Care/Pension/Social Welfare) Preface JICA complied the thematic guidelines for social security (health care/pension/social welfare) with the purpose of presenting

Indicators of Pension Benefits of Social Security … Indicators of Pension Benefits of Social Security State ... indicators of pension benefits across the distribution ... (do pensioners

Faltering national pension reform and old-age security mix ... Y_faltering pension... · Faltering national pension reform and old-age security mix in Taiwan . Yei-Whei Lin . Department

Social Security Administration Windfall Elimination Provision & Government Pension Offset Windfall Elimination Provision & Government Pension Offset

DR. SHARAD ASTHANA...Management of Contributions to Defined-Benefit Pension Plans from ERISA Disclosures and Market Response to the Disclosures [Chairman: Dr. Robert Freeman] Ph.D

A quarterly report from JLT Pension Capital …/media/files/sites/...The FTSE 100 and their pension disclosures A quarterly report from JLT Pension Capital Strategies JLT Pension Capital

Retirement Income Security: Hybrid Pension Plans Merit ...Retirement Income Security: Hybrid Pension Plans Merit Further Attention Spring 2008 Adam Lee ... generously gave their time,

Canada Pension Plan and Old Age Security Overview

Service Canada Canada Pension Plan and Old Age Security

New Brighton Fire Dept. Relief Association Public Pension ... · New Brighton Fire Dept. Relief Association Public Pension Plan Investment Information Disclosures December 31, 1996

Privacy & Security Tiger Team: Accounting of Disclosures Recommendations December 4, 2013

Public Signals, Voluntary Disclosures, and Security Prices/media/Files/MSB/... · Public Signals, Voluntary Disclosures, and Security Prices Davide Cianciaruso, ... following earnings

BULGARIAN ASSOCIATION OF SUPPLEMENTARY PENSION SECURITY COMPANIES

SOCIAL SECURITY & PENSION REFORM

Economics Pension Social Security

Social Security: The Government Pension Offset (GPO)

PENSION BENEFIT GUARANTY CORPORATIONImproving retirement security and preserving the defined benefit pension system are high priorities of the Obama Administration. The Pension Benefit

Income Security Programs Old Age Security Canada Pension Plan International Agreements

ADVISORY COUNCIL ON EMPLOYEE WELFARE AND PENSION … · ADVISORY COUNCIL ON EMPLOYEE WELFARE AND PENSION BENEFIT PLANS REPORT OF THE WORKING GROUP ON FEE AND RELATED DISCLOSURES TO

My Device. My Security. PENSION CYBER SPOTLIGHT

The Social Security Windfall Elimination and Government Pension

Vulnerability Disclosures: Law and Ethics in Security Research

Pension Funds boosting Indian social security system

Pension and Social Security Schemes in Pakistan

Corporate Pension Social Security in Japan 11.12.2015

Public Pension Systems and Social Security in the US