UBS ESG Presentation Deck
Robust Cyber and Information Security (CIS) program
CIS governance structure
Cyber & Information Security Governance Board
Co-chaired by Group COO & Group Head Compliance, Regulatory & Governance
> Senior Executives across all business divisions and control functions
> Oversee CIS Governance Framework
> Drive CIS accountability across the firm
> Define the CIS strategic roadmap
> Evaluate CIS threat landscape and risks for the firm
Board of Directors RC
Group Executive Board
Regional Boards
Business Divisions (BDs)
UBS
CIS program oversight
Receive reporting on all CIS activities, including:
> Quarterly cyber briefings
> Weekly cyber threat intelligence updates
> Risk appetite assessments and KRIS
First line of defense
> Dedicated BD Information Security Officer
teams; dotted line to Group CISO
> Implement the CIS Program in BDs;
manage Third Party security risk
CIS threat defense
1. Analyze - support business decisions and prioritization
through a lens of business risk informed by the threat
2. Protect and prevent - deep layers of defenses ensure
availability, integrity, confidentiality, and privacy
Detect - intelligence and state-of-the-art technology
to detect threats
3.
4.
Respond & recover - preparedness to drive prompt
operational response to mitigate the impact of
adverse events and safely resume critical services
COVID-19 update
> Enhanced monitoring for COVID-19 and work-from
home related cyber threats
> Security controls have been effective to date with
no significant cyber incidents
14View entire presentation