Isaca birmingham
1 / 32

ISACA Birmingham - PowerPoint PPT Presentation

  • Uploaded on

ISACA Birmingham. Michael Kiefer General Manager Agenda:. Who owns listening/auditing the Internet? How does the Internet Ecosystem effect on an organization? Who owns brand, revenue or reputation risk? Departmental risk opportunities

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'ISACA Birmingham' - shaman

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Isaca birmingham

ISACA Birmingham

Michael Kiefer

General Manager


  • Who owns listening/auditing the Internet?

  • How does the Internet Ecosystem effect on an organization?

  • Who owns brand, revenue or reputation risk?

  • Departmental risk opportunities

  • Is the Internet is a Board issue, not a departmental issue?

Quote of the day
Quote of the Day:

There are known known's. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don't know. But there are also unknown unknowns. There are things we don't know we don't know.

--Donald Rumsfeld--

The basic message is simple
The basic message is simple:

“Cyberspace is its own medium with its own rules. Cyberattacks, for instance, are enabled not through the generation of force but by the exploitation of the enemy’s vulnerabilities. Permanent effects are hard to produce. The medium is fraught with ambiguities about who attacked and why, about what they achieved and whether they can do so again. Something that works today may not work tomorrow (indeed, precisely because it did work today). Thus, deterrence and warfighting tenets established in other media do not necessarily translate reliably into cyberspace. Such tenets must be rethought. This monograph is an attempt to start this rethinking.”

Rand Report to USAF, 2009

A growing threat
A Growing Threat

By the end of 2010, criminals will routinely use the Internet to extort funds from organizations, threatening to damage their corporate reputation by ensuring that routine online search requests will return negative or even libelous results……

"If your business depends on a positive Internet reputation, then you have little choice than to explicitly manage that reputation online. The Internet is like a bad-news Petri dish; negative information multiplies and spreads with frightening speed and becomes virtually impossible to erase.“


2009 internet world by second outside the firewall
2009 Internet World by SECOND..Outside the Firewall

2 New Blogs Created

2 Million e-mails Sent

7 PCs Sold

1,157 Videos Viewed on YouTube

7 People Logon For the First Time

11,000 Songs Shared

Internet ecosystem
Internet Ecosystem


Service Providers

Legal Counsel



Law Enforcement

Web Hosting


1b losses
$1B losses

Who here is next?

I've recommended Dell computers for many years. But my confidence in them was shaken when I got a new laptop in Fall 2004, and I ended up in "Dell Hell"

Stella seeks support to shed ‘wife beater’ image


Audit why
Audit? Why?

Complainant alleges that it owns federal common law trademark rights in the term xxxxx based on use in commerce in the United States and consumer recognition of the mark.

Complainant alleges that the disputed domain names <> and <> are identical or confusingly similar to its trademark.

Complainant contends that Respondent lacks rights or legitimate interests in the disputed domain names. Complainant indicates that Respondent has not been authorized to use its trademark in the disputed domain names, and that Respondent has not made any bona fide offer of goods or services under the trademark.

Complainant alleges that Respondent registered and has used the disputed domain names in bad faith. Complainant argues that Respondent has attempted to disrupt Complainant’s business by preventing Complainant from using the disputed domain names, and by directing providing “dead links” to Internet users that may falsely create the impression that Complainant is no longer sponsoring events. Complainant further argues that Respondent acted in bad faith because he transferred the disputed domain names from Complainant without its knowledge or consent, and at least initially hid his identity behind a privacy shield.


10m annual loss each who owns
$10M annual loss each, who owns?

  • Soft ROI:

  • Identity theft via brands

    • offers

    • job boards

    • contests

  • False endorsement claims

  • Corporate reputation attacks

  • “Pump & Dump”

  • Real or impersonator employee commentary

  • 10% customer dissatisfaction

  • Customers die

  • Definable ROI:

  • Counterfeit product marketing and sales

    • product

    • coupons

    • manuals

  • Channel/Antitrust ?

    • MAP

    • Gray Market

  • Unauthorized agents posing as authorized

  • Traffic diversion schemes & SEO

  • Document “leakage”


  • A trillion dollar / year market or 10% of GGDP

  • Counterfeit activities are usually not audited or monetized!

    • If $1 million was missing from inventory or cash, an investigation would be launched, the law would get involved, the board would be notified.

    • The Internet is the communication and monetization vehicle of the perps.

    • $100M/year or more eBay alone in manuals*

*mk estimate 2009 consumer products only

Online traffic diversion
Online Traffic Diversion

  • Business to Consumer example of Online Diversion cost

    • Average monthly online visitors to your site 30,000

    • Average monthly visitors diverted 10%, 3000

    • Conversion rate to offending sites 1.5%

    • Average monthly customers lost (2) * (3) = 45

    • Annual loss of 540 customers (45*12 months)

    • Value/Customer $300

    • Total cost of online diversion to competition $162K

      If $162,000 in cash was missing, would you investigate?

Reputational loss
Reputational Loss

  • Disney, September 28th, 2009 market cap of $51+B at $28.+/share

  • Disney Online, 163M videos viewed/Google, August 2009*

  • and by the way….




  • * as reported by comScore, Inc. September 28th, 2009

  • 18

    Market cap loss
    Market Cap Loss

    Teck Cominco, February 10th, 2009 market cap of $16B at $27+/share

    (Diversified resource company committed to responsible mining and mineral development with major business units focused on copper, metallurgical coal, zinc, gold and energy)

    Email Pump/Dump email scam linking to Yahoo! Finance

    Falsified financials found on Yahoo Finance


    Stella loss
    Stella Loss

    • Estimated $400 million in annual lost revenue

    • Overall damage to brand estimated at $1 billion

    • Blog/Discussion Storm went undetected for six months

    • No controls or processes in place to monitor domains and sub-domains, email spam, Internet chatter, brand logos, names, links, etc.

    • Restart UK

      • New Agency

      • New Executive team

      • New Brand diligence

    Counterfeit revenue loss risk
    Counterfeit Revenue Loss & Risk

    US Health Science Summit Nov 2008

    $3.3 Trillion WW spend

    10% of all global prescriptions counterfeit

    Internet “Threat Assessment” Result:

    $20B+ Pharma

    $800M product

    22,000+ infraction websites*

    Cost to company estimated at $80M Net Sales Annually @ 70%+ margin

    Action: Nothing - $4M to fix not in budget, channel issue and making number

    Reputational loss1
    Reputational Loss

    Reputation Damage:

    The website is discussing a sex scandal that took place between a Merrill Lynch executive and a super model

    Act mitigation strategies
    Act: Mitigation Strategies

    Effective Action Plans are a combination of subject matter expertise with online intelligence.

    What if
    What if?

    we added 5% in top line revenue?

    we moved the meter on customer satisfaction, would that make a difference and lower our call center costs?

    our channels were clean and trusted, what would the ROI be?

    an antitrust case was logged and how would it effect us?

    we lost our reputation? (60% of market cap)

    experienced a 10% market cap loss, what would we pay for that insurance?

    Bottom Line: CEO’s and Boards are now INVOLVED, as MARKET VALUES are affected…NO ONE OWNS it!


    Vendor requirements

    Listen to the Internet continuously in host languages

    Internet Data Mining capability

    Understand & Embrace Social Media

    Track Internet Linkages & Associations

    24x7 Internet Incident Response

    Relationships with the 4,000+ Global Internet Service Providers & Certs

    Monitoring of your marks and messaging (IP and Images)

    Global Enterprise visibility & workflow

    Vendor Requirements


    Isaca birmingham


    Thank You and Questions?


    Isaca birmingham

    UNIQUE Capabilities

    “As blogs, message boards and social network sites continue to dominate the Internet culture, brand-monitoring services and security vendors must extend their technologies and services to cover these areas.  Only Brandimensions and Cyveillance offer such services.”  

    Gartner, Notes on Brand Monitoring firms