Principal, Security & Privacy Services, Deloitte & Touche LLP
Rich Baich is a Principal in Deloitte & Touche LLP’s Security & Privacy Service, where he leads our Global Cyber Threat and Vulnerability Management practice. He is a leading security and privacy practitioner for the financial services industry and a contributor to our Center for Security and Privacy Solutions. Most recently, he co-authored the paper entitled Cyber Crime: A Clear and Present Danger.He has led multi-national teams in both the private and public sector, advising global organizations to effectively and efficiently balance risk, technology and data management decisions with data protection, regulatory compliance issues, privacy and security controls. Rich’s operational experience includes designing, assessing and delivering security and privacy regulatory remediation strategies.
As former chief information security officer (CISO) for ChoicePoint, Rich held enterprise-wide responsibility for the architecture, design, risk, business continuity and implementation of information and technology security. He also served as the organization’s official executive representative to internal and external customers, audit, regulatory and law enforcement on information security matters.
Rich’s security leadership roles include naval information warfare officer for the National Security Agency (NSA), Senior Director for Professional Services at Network Associates (now McAfee) and after 9/11, as Special Assistant to the Deputy Director for the National Infrastructure Protection Center (NIPC) at the Federal Bureau of Investigation (FBI). He is currently serving as a Commander in the Information Operations Directorate at NORAD/Northern Command Headquarters in Colorado Springs, Colorado. Prior assignments include tours within the Real Time Military Analysis Center, the Reserve Armed Forces Threat Center, the Center for Information Dominance and the Information Operations Technology Center (IOTC).
In 2005, Rich authored Winning as a CISO a leadership sourcebook for security executives. He received the "Information Security Executive of the Year in Georgia" award in 2004 for his security and pioneering leadership. He is currently serves as an advisor for Congresswomen Myrick's Homeland Security Taskforce and recently was selected as an advisor for the President’s Commission on Cybersecurity.
Developing a Cyber Threat Intelligence Capability
Cyber criminals are actively targeting our extended ecosystems, which not only encompasses the organization's online application portfolio, but also includes subsidiaries, employees, suppliers, and customers. Over the past 5 years it has become clear that electronic attacks are rapidly evolving and require more advanced and focused threat analysis, modeling, internal and external intelligence, risk assessment and reporting. It is important that an organization's response to electronic fraud, system compromises, data breaches, and emerging threats leverages a cyber-threat intelligence capability that reaches across multiple functions, delivery channels, business units and operational support organizations. Developing a cyber-threat intelligence capability could enable your organization to become preemptive in its' battle against cyber criminals. Using the available information found in your own network fused with externally available cyber related information can enable your organization to move from a reactionary posture to a proactive approach resulting in actionable intelligence.