Influence and Implementation

Size: px
Start display at page:

Download "Influence and Implementation"

Transcription

1 Influence and Implementation Wes Earnest April 2017 GSEC/GCIA/GCIH/ GWAPT/GPEN/GCCC/GSNA/ PMP/CISA/CISM/CGEIT SANS Technology Institute - Candidate for Master of Science Degree 1 1

2 Objective What does it mean to successfully implement information security? How practical is information security in small organizations? How can I influence my organization to improve information security? SANS Technology Institute - Candidate for Master of Science Degree 2

3 InfoSec in a Small Company Cyber security is critical to any business enterprise, no matter how small. However, leaders of small businesses often do not know where to begin, given the scope and complexity of the issue in the face of a small staff and limited resources (US-CERT) SANS Technology Institute - Candidate for Master of Science Degree 3

4 Bank Background Small town community bank Established in the late 1800s Legacy systems Flat network Antiquated core banking system SANS Technology Institute - Candidate for Master of Science Degree 4

5 Us vs. Them The board and senior management are responsible for understanding the risks associated with existing and planned IT operations, determining the risk tolerance of the institution, and establishing and monitoring policies for risk management (FFIEC, 2004) SANS Technology Institute - Candidate for Master of Science Degree 5

6 Decision Making Important to understand the current state Who made the decision to implement bad security? Active vs Passive decision making Mapping past decisions to the bank s identity Continuous improvement SANS Technology Institute - Candidate for Master of Science Degree 6

7 Mitigating Risk (Curtis, 2012) SANS Technology Institute - Candidate for Master of Science Degree 7

8 Business Risk Manager Only 1 in 10 security leaders have successfully made this transition from technology expert to business risk manager and can effectively communicate IT risks to business peers. (Symantec 2012) SANS Technology Institute - Candidate for Master of Science Degree 8

9 Real World Case Study Minimum 15 Character Passwords VDI Workstations for All Employees Network Segmentation Vendor Management Process Complete Replacement of Core Banking System SANS Technology Institute - Candidate for Master of Science Degree 9

10 Building Credibility Implementing 15 Character Passwords User Awareness Training Communicating Risk Creating a Paradigm Shift Increased Productivity SANS Technology Institute - Candidate for Master of Science Degree 10

11 Workstation Life Cycle Management Upgrading from Windows XP to Windows 7 Migrate from physical workstations to VMWare Virtual Desktops Standardized Configurations Remove Local Admin and Shared Accounts Consistent Application Inventory Consistent Patch Management Improved Incident Response SANS Technology Institute - Candidate for Master of Science Degree 11

12 Network Segmentation Understanding Baseline Traffic Network Security Monitoring Limiting Lateral Movement Micro Segmentation SANS Technology Institute - Candidate for Master of Science Degree 12

13 Vendor Management Federal Reserve Guidance on Managing Outsourcing Risk Broad definition of Service Provider Opportunity for improvement Require security review / risk assessment of vendors Require language in contracts for vulnerability remediation SANS Technology Institute - Candidate for Master of Science Degree 13

14 Core Banking System Request for Proposal Looking for ways to generate value for business operations Vendor consolidation Process efficiencies Contract negotiations Defining security vulnerability SANS Technology Institute - Candidate for Master of Science Degree 14

15 Summary Implementing information security is more than just turning on a set of controls Small businesses can afford great information security, because it can generate value Influencing the decision making process (effective communication) SANS Technology Institute - Candidate for Master of Science Degree 15

FDIC InTREx What Documentation Are You Expected to Have?

FDIC InTREx What Documentation Are You Expected to Have? FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the

More information

CompTIA CASP (Advanced Security Practitioner)

CompTIA CASP (Advanced Security Practitioner) CompTIA CASP (Advanced Security Practitioner) Course Length: 5 days (virtual) Click here to view the current class schedule! Overview: The CompTIA Advanced Security Practitioner (CASP) Certification is

More information

REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY

REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY SEPTEMBER 11 13, 2017 BOSTON, MA REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY HealthcareSecurityForum.com/Boston/2017 #HITsecurity Brian Selfridge Partner, Meditology Services https://www.meditologyservices.com/

More information

Language for Control Systems

Language for Control Systems Cyber Security Procurement e Language for Control Systems Rita Wells Idaho National Laboratory Program Sponsor: National Cyber Security Division Control Systems Security Program Agenda Background Foundation

More information

Cyber Hygiene: A Baseline Set of Practices

Cyber Hygiene: A Baseline Set of Practices [DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright

More information

One Hospital s Cybersecurity Journey

One Hospital s Cybersecurity Journey MAY 11 12, 2017 SAN FRANCISCO, CA One Hospital s Cybersecurity Journey SanFrancisco.HealthPrivacyForum.com #HITprivacy Introduction Senior Director Information Systems Technology, Children s Mercy Hospital

More information

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry

More information

AUTHORITY FOR ELECTRICITY REGULATION

AUTHORITY FOR ELECTRICITY REGULATION SULTANATE OF OMAN AUTHORITY FOR ELECTRICITY REGULATION SCADA AND DCS CYBER SECURITY STANDARD FIRST EDITION AUGUST 2015 i Contents 1. Introduction... 1 2. Definitions... 1 3. Baseline Mandatory Requirements...

More information

CYBER SECURITY POLICY REVISION: 12

CYBER SECURITY POLICY REVISION: 12 1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred

More information

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose

More information

Information Technology Branch Organization of Cyber Security Technical Standard

Information Technology Branch Organization of Cyber Security Technical Standard Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:

More information

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /

More information

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location: Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security

More information

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project

More information

Introduction to Business continuity Planning

Introduction to Business continuity Planning Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources

More information

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary

More information

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain

More information

Understanding IT Audit and Risk Management

Understanding IT Audit and Risk Management Understanding IT Audit and Risk Management Presentation overview Understanding different types of Assessments Risk Assessments IT Audits Security Assessments Key Areas of Focus Steps to Mitigation We need

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

External Supplier Control Obligations. Cyber Security

External Supplier Control Obligations. Cyber Security External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place

More information

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network? Cybersecurity Due Diligence Checklist Control # Control Name Risks Questions for IT 1 Make an Benign Case: Employees Inventory of using unapproved Authorized devices without Devices appropriate security

More information

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Assessing Your Incident Response Capabilities Do You Have What it Takes? Assessing Your Incident Response Capabilities Do You Have What it Takes? March 31, 2017 Presenters Tim L. Bryan, CPA/CFF/CITP, CISA, EnCE Director, Advisory Services Forensic Technology & Investigation

More information

Table of Contents. Sample

Table of Contents. Sample TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...

More information

Infosec Europe 2009 Business Strategy Theatre. Giving Executives the Security Management Information that they Really Need

Infosec Europe 2009 Business Strategy Theatre. Giving Executives the Security Management Information that they Really Need Infosec Europe 2009 Business Strategy Theatre Giving Executives the Security Management Information that they Really Need Simon Marvell Managing Director simon.marvell@acuityrm.com Agenda 1. What financial

More information

Unofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i)

Unofficial Comment Form Project Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i) Unofficial Comment Form Project 2016-02 Modifications to CIP Standards Requirements for Transient Cyber Assets CIP-003-7(i) Do not use this form for submitting comments. Use the electronic form to submit

More information

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security

More information

Vulnerability Management Policy

Vulnerability Management Policy Vulnerability Management Policy Document Type: Policy (PLCY) Endorsed By: Information Technology Policy Committee Date: 4/29/2011 Promulgated By: Chancellor Herzog Date: 6/16/2011 I. Introduction IT resources

More information

NW NATURAL CYBER SECURITY 2016.JUNE.16

NW NATURAL CYBER SECURITY 2016.JUNE.16 NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING

More information

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along 2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management Today s Speakers Olivia Munro Senior Marketing Specialist Eze Castle Integration Bob Shaw Director, Technical Architecture Eze Castle

More information

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants

More information

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions Frequently Asked Questions Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions April 2005 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Internet Security Systems (ISS)

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

CLE Alabama. Banking Law Update. Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016

CLE Alabama. Banking Law Update. Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016 CLE Alabama Banking Law Update Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016 Best Practices on Managing Cyber-Security Risks J.T. Malatesta III and Sarah S. Glover Maynard Cooper

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

Accelerate Your Enterprise Private Cloud Initiative

Accelerate Your Enterprise Private Cloud Initiative Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service

More information

PeopleSoft Finance Access and Security Audit

PeopleSoft Finance Access and Security Audit PeopleSoft Finance Access and Security Audit City of Minneapolis Internal Audit Department September 20, 2016 1 Contents Page Background... 3 Objective, Scope and Approach... 3 Audit Results and Recommendations...

More information

10 FOCUS AREAS FOR BREACH PREVENTION

10 FOCUS AREAS FOR BREACH PREVENTION 10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

FedRAMP: Understanding Agency and Cloud Provider Responsibilities May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration

More information

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045 Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that

More information

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW: SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,

More information

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT

More information

ACM Retreat - Today s Topics:

ACM Retreat - Today s Topics: ACM Retreat - Today s Topics: Phase II Cyber Risk Management Services - What s next? Policy Development External Vulnerability Assessment Phishing Assessment Security Awareness Notification Third Party

More information

Dell helps you simplify IT

Dell helps you simplify IT Dell helps you simplify IT Workshops the first step. Reduce desktop and data center complexity. Improve productivity. Innovate. Dell IT Consulting Services New Edition 2011 Introduction Are you spending

More information

Information Security Controls Policy

Information Security Controls Policy Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January

More information

Threat and Vulnerability Assessment Tool

Threat and Vulnerability Assessment Tool TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...

More information

playbook OpShield for NERC CIP 5 sales PlAy

playbook OpShield for NERC CIP 5 sales PlAy playbook OpShield for NERC CIP 5 sales PlAy OpShield for NERC CIP 5 The Problem U.S. bulk power entities are federally mandated to comply with NERC CIP requirements that dictate industrial security and

More information

Symantec Backup Exec 2012 OEM FAQ

Symantec Backup Exec 2012 OEM FAQ 1. What is Backup Exec 2012? Only Symantec Backup Exec with patented V-Ray technology offers one product that unifies physical and virtual backups, and includes integrated disaster recovery, data deduplication

More information

Think Like an Attacker

Think Like an Attacker Think Like an Attacker The Core Security Attack Intelligence Platform Core Security Presenter: Jackie Kalter Core Security Jackie Kalter has been in the Network Security industry for over 15 years. An

More information

Information Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA

Information Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA Information Technology Security Plan Policies, Controls, and Procedures Identify Risk Assessment ID.RA Information Security Policy and Procedures Identify Risk Assessment ID.RA Table of Contents Identify

More information

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia

Kaspersky Cloud Security for Hybrid Cloud. Diego Magni Presales Manager Kaspersky Lab Italia Kaspersky Cloud Security for Hybrid Cloud Diego Magni Presales Manager Kaspersky Lab Italia EXPERTISE 1/3 of our employees are R&D specialists 323,000 new malicious files are detected by Kaspersky Lab

More information

NORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives

NORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives NORTH CAROLINA MANAGING RISK IN THE INFORMATION TECHNOLOGY ENTERPRISE NC MRITE Nominating Category: Nominator: Ann V. Garrett Chief Security and Risk Officer State of North Carolina Office of Information

More information

Copyright 2011 Trend Micro Inc.

Copyright 2011 Trend Micro Inc. Copyright 2011 Trend Micro Inc. 2008Q1 2008Q2 2008Q3 2008Q4 2009Q1 2009Q2 2009Q3 2009Q4 2010Q1 2010Q2 2010Q3 2010Q4 2011Q1 2011Q2 2011Q3 2011Q4 M'JPY Cloud Security revenue Q to Q Growth DeepSecurity/Hosted/CPVM/IDF

More information

Securing the Grid and Your Critical Utility Functions. April 24, 2017

Securing the Grid and Your Critical Utility Functions. April 24, 2017 Securing the Grid and Your Critical Utility Functions April 24, 2017 1 Securing the Grid Effectively and Efficiently Recent threats to the Electric Grid and the importance of security Standards and Requirements

More information

Take Risks in Life, Not with Your Security

Take Risks in Life, Not with Your Security Take Risks in Life, Not with Your Security Redefining Cybersecurity Why We re Here agio.com Agenda The Problem(s): Threat Landscape Current Threat Landscape People are the Problem Protect Yourself Solutions

More information

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015 Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently

More information

UP B03 - Don't expire: Simplify Your Windows Migration Patrick Tyler - Distinguished System Engineer Mike Holmes IT HQ Department of the US Army

UP B03 - Don't expire: Simplify Your Windows Migration Patrick Tyler - Distinguished System Engineer Mike Holmes IT HQ Department of the US Army UP B03 - Don't expire: Simplify Your Windows Migration Patrick Tyler - Distinguished System Engineer Mike Holmes IT HQ Department of the US Army Simplify Your Windows Migration 1 2 Why Will You Migrate

More information

HWDSB s Journey to the Cloud

HWDSB s Journey to the Cloud IBM Canada K-12 Education HWDSB s Journey to the Cloud Michael Hiltz, Manager of Computer Services, HWDSB Brad Klinck, Senior IT Specialist, IBM K-12 Education Facts at a Glance Elementary Schools 95 Secondary

More information

Department of Management Services REQUEST FOR INFORMATION

Department of Management Services REQUEST FOR INFORMATION RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President

More information

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Network Hunting The Network Hunting is employed to proactively look for indicators of an active threat or exploitation

More information

IT Modernization In Brief

IT Modernization In Brief IT Modernization In Brief WHAT YOU NEED TO KNOW Quick tips & facts about IT modernization from GovLoop Executive Summary Today, IT modernization the continuous updating of IT and technology infrastructure

More information

How Switching to the Cloud Drives Employee and Agency Growth

How Switching to the Cloud Drives Employee and Agency Growth State & Local Government How Switching to the Cloud Drives Employee and Agency Growth Switching to the Cloud Is Top Priority for State CIOs According to the National Association of State Chief Information

More information

Cyber Resilience. Think18. Felicity March IBM Corporation

Cyber Resilience. Think18. Felicity March IBM Corporation Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack

More information

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches Chris Bucolo, PCIP, MBA Today s Speaker Chris Bucolo Sr. Manager, Sikich

More information

SYMANTEC DATA CENTER SECURITY

SYMANTEC DATA CENTER SECURITY SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information

More information

ICS Security Rapid Digital Risk Assessment

ICS Security Rapid Digital Risk Assessment ICS Security Rapid Digital Risk Assessment Identifying, Measuring, Understanding Dieter Sarrazyn dieter.sarrazyn@toreon.com @dietersar SANS EUROPEAN ICS SECURITY SUMMIT Stephen Smith Stephen@ONRIX.eu Agenda

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.

More information

FIVE BEST PRACTICES FOR ENSURING A SUCCESSFUL SQL SERVER MIGRATION

FIVE BEST PRACTICES FOR ENSURING A SUCCESSFUL SQL SERVER MIGRATION FIVE BEST PRACTICES FOR ENSURING A SUCCESSFUL SQL SERVER MIGRATION The process of planning and executing SQL Server migrations can be complex and risk-prone. This is a case where the right approach and

More information

Security for NG9-1-1 SYSTEMS

Security for NG9-1-1 SYSTEMS The Next Generation of Security for NG9-1-1 SYSTEMS The Challenge of Securing Public Safety Agencies A white paper from FE/Kimball JANUARY 2010 Page 1 Authored by Jeremy Smith Jeremy is an industry-recognized

More information

On-site Time and Material Rates for Equipment Not Covered under an HP Service Contract

On-site Time and Material Rates for Equipment Not Covered under an HP Service Contract HPE Per Event U.S. On-Site Services Rate Schedule On-site Time and Material Rates for Equipment Not Covered under an HP Service Contract Equipment Type Enterprise Servers, Associated Storage, Network,

More information

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

10 Cybersecurity Questions for Bank CEOs and the Board of Directors 4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors

More information

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco

More information

NCUA IT Exam Focus. By Tom Schauer, Principal CliftonLarsonAllen

NCUA IT Exam Focus. By Tom Schauer, Principal CliftonLarsonAllen NCUA IT Exam Focus By Tom Schauer, Principal CliftonLarsonAllen My Background and Experience Computer Science Degree - Puget Sound Information Security Professional for 30 years Consultant: Ernst & Young,

More information

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Where Do We Start? Our History, Making History In late 2016,

More information

Symantec Data Center Migration Service

Symantec Data Center Migration Service Avoid unplanned downtime to critical business applications while controlling your costs and schedule The Symantec Data Center Migration Service helps you manage the risks and complexity of a migration

More information

Transforming Security Part 2: From the Device to the Data Center

Transforming Security Part 2: From the Device to the Data Center SESSION ID: SP01-R11 Transforming Security Part 2: From the Device to the Data Center John Britton Director, EUC Security VMware @RandomDevice The datacenter as a hospital 3 4 5 Digital transformation

More information

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications Gramm-Leach Bliley Act Section 501(b) and Customer Notification Roger Pittman Director of Operations Risk Federal Reserve Bank of Atlanta Overview Bank IT examination perspective Background information

More information

Launching a Highly-regulated Startup in the Cloud

Launching a Highly-regulated Startup in the Cloud Launching a Highly-regulated Startup in the Cloud Poornaprajna Udupi (@poornaudupi) 1 Starting in the 86%by 2020 Cloud Cisco Global Cloud Index: Forecast and Methodology, 2015 2020 2 Building blocks, Cost,

More information

The Business Value of including Cybersecurity and Vendor Risk in ERM

The Business Value of including Cybersecurity and Vendor Risk in ERM The Business Value of including Cybersecurity and Vendor Risk in ERM Yo Delmar, Vice President, Customer Engagement, MetricStream RMA GCOR XI April 4 5, 2017 Hyatt Regency, Cambridge, MA Tuesday 2:30 pm

More information

Manchester Metropolitan University Information Security Strategy

Manchester Metropolitan University Information Security Strategy Manchester Metropolitan University Information Security Strategy 2017-2019 Document Information Document owner Tom Stoddart, Information Security Manager Version: 1.0 Release Date: 01/02/2017 Change History

More information

Cyber Security Requirements for Supply Chain. June 17, 2015

Cyber Security Requirements for Supply Chain. June 17, 2015 Cyber Security Requirements for Supply Chain June 17, 2015 Topics Cyber Threat Legislation and Regulation Nuts and Bolts of NEI 08-09 Nuclear Procurement EPRI Methodology for Procurement Something to think

More information

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City 1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the

More information

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security Top 20 Critical Security Controls (CSC) for Effective Cyber Defense Christian Espinosa Alpine Security christian.espinosa@alpinesecurity.com Background Christian Espinosa christian.espinosa@alpinesecurity.com

More information

Cyber Security Program

Cyber Security Program Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by

More information

Information Technology Procedure IT 3.4 IT Configuration Management

Information Technology Procedure IT 3.4 IT Configuration Management Information Technology Procedure IT Configuration Management Contents Purpose and Scope... 1 Responsibilities... 1 Procedure... 1 Identify and Record Configuration... 2 Document Planned Changes... 3 Evaluating

More information

Davidson Technologies: A Medium Sized Business Experience with DFARS 7012/NIST

Davidson Technologies: A Medium Sized Business Experience with DFARS 7012/NIST Davidson Technologies: A Medium Sized Business Experience with DFARS 7012/NIST 800-171 Davidson Technologies Founded in 1996 by Dr. Julian Davidson Father of Missile Defense in America Sen. Jeff Sessions

More information

THE TRIPWIRE NERC SOLUTION SUITE

THE TRIPWIRE NERC SOLUTION SUITE CONFIDENCE: SECURED BUSINESS INTELLIGENCE SOLUTION BRIEF THE TRIPWIRE NERC SOLUTION SUITE A TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on

More information

VMWARE CLOUD FOUNDATION: INTEGRATED HYBRID CLOUD PLATFORM WHITE PAPER NOVEMBER 2017

VMWARE CLOUD FOUNDATION: INTEGRATED HYBRID CLOUD PLATFORM WHITE PAPER NOVEMBER 2017 : INTEGRATED HYBRID CLOUD PLATFORM WHITE PAPER NOVEMBER 2017 Table of Contents Executive Summary 3 A Single Architecture for Hybrid Cloud 4 Introducing VMware Cloud Foundation 4 Deploying on Premises 6

More information

Risk Management Framework for DoD Medical Devices

Risk Management Framework for DoD Medical Devices Risk Management Framework for DoD Medical Devices Session 136, March 7, 2018 Lt. Col. Alan Hardman, Chief Operations Officer, Cyber Security Division, Office of the DAD IO/J-6 William Martin, Deputy of

More information

Information Security Guideline OPERATING SYSTEM PATCHING

Information Security Guideline OPERATING SYSTEM PATCHING Information Security Guideline OPERATING SYSTEM PATCHING Updated - August 2017 THIS PAGE INTENTIONALLY LEFT BLANK Operating System (OS) patching refers to applying updates to operating systems. It is absolutely

More information

SANS ICS Europe 2018 Munich, Germany

SANS ICS Europe 2018 Munich, Germany SANS ICS Europe 2018 Munich, Germany A Real Cyber Physical Experience: Red Teaming on a Power Plant Can Demirel, CSSA, GICSP ICS Cyber Security Services Team Lead biznet.com.tr info@biznet.com.tr 1 About

More information

Emerging Issues: Cybersecurity. Directors College 2015

Emerging Issues: Cybersecurity. Directors College 2015 Emerging Issues: Cybersecurity Directors College 2015 Agenda/Objectives Define Cybersecurity Cyber Fraud Trends/Incidents FFIEC Cybersecurity awareness initiatives Community Bank expectations FFIEC Cybersecurity

More information

Cybersecurity Auditing in an Unsecure World

Cybersecurity Auditing in an Unsecure World About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity

More information

The Honest Advantage

The Honest Advantage The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents

More information

Figure 11-1: Organizational Issues. Managing the Security Function. Chapter 11. Figure 11-1: Organizational Issues. Figure 11-1: Organizational Issues

Figure 11-1: Organizational Issues. Managing the Security Function. Chapter 11. Figure 11-1: Organizational Issues. Figure 11-1: Organizational Issues 1 Managing the Security Function Chapter 11 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Top Management Support Top-Management security awareness briefing (emphasis on brief)

More information

VIKING. Vital Infrastructure, Networks, Information and Control Systems Management. A Research Project in the EU Seventh Framework Programme

VIKING. Vital Infrastructure, Networks, Information and Control Systems Management. A Research Project in the EU Seventh Framework Programme VIKING Vital Infrastructure, Networks, Information and Control Systems Management A Research Project in the EU Seventh Framework Programme Mathias Ekstedt, PhD Industrial Information and Control Systems

More information

3/3/2017. Medical device security The transition from patient privacy to patient safety. Scott Erven. Who i am. What we ll be covering today

3/3/2017. Medical device security The transition from patient privacy to patient safety. Scott Erven. Who i am. What we ll be covering today www.pwc.com Medical device security The transition from patient privacy to patient safety Scott Erven Who i am Scott Erven - Managing Director Healthcare Industries Advisory Cybersecurity & Privacy Medical

More information

SIEM: Five Requirements that Solve the Bigger Business Issues

SIEM: Five Requirements that Solve the Bigger Business Issues SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered

More information

VALUE OF A CYBERSECURITY SELF-ASSESSMENT

VALUE OF A CYBERSECURITY SELF-ASSESSMENT VALUE OF A CYBERSECURITY SELF-ASSESSMENT RC3 Self-Assessment Research Program RC3 Self-Assessment Research Program Directors Cybersecurity Ecosystem CEO/GM E&O Member Services Marketing Information Technology

More information