I. Contact Information: Lynn Herrick Director, Technology Integration and Project Management Wayne County Department of Technology
|
|
- Michael Caldwell
- 5 years ago
- Views:
Transcription
1 CySAFE Security Assessment Tool Wayne County, Michigan P a g e 1 I. Contact Information: Lynn Herrick Director, Technology Integration and Project Management Wayne County Department of Technology II. Program Information: Program Title: CySAFE Security Assessment Tool Program Category: Information Technology 1. Abstract: In the complex landscape of Cyber Security, local governments often have difficulty knowing what security measures to prioritize in an ever-changing threat environment. CySAFE (Cyber Security Assessment for Everyone) was created through a collaborative effort of Wayne County, Michigan with four other Michigan counties and the State of Michigan. It is a free Cyber Security assessment tool that helps small and mid-sized government agencies assess, understand, and prioritize their IT security needs. Built upon three leading IT security frameworks: 20 Critical Controls, ISO and NIST, CySAFE combines controls from all three frameworks into a single master list, eliminating redundancy. The tool, which is MS-Excel based automatically calculates a risk profile as it is filled out. 2. The Problem/Need for the Program: The need has never been greater for organizations to institute, maintain, and improve their Cyber Security programs. This may be especially true for small and mid-sized government agencies who, until recently, have not been targeted with the same intensity as private companies and larger government entities and who, correspondingly, have typically not focused on creating robust cyber security programs. The interrelated problems that many local governments face today as they attempt to institute cyber security programs are: where to begin and how to prioritize. The CySAFE assessment tool addresses both of these issues.
2 CySAFE Security Assessment Tool Wayne County, Michigan P a g e 2 3. Description of the Program: The program consists of six steps that governments take using the Excel CySAFE tool: Step 1: Understand the Source Frameworks CySAFE was built upon current industry IT security standards: 20 Critical Controls, ISO and NIST. The tool contains a description of the 36 controls from each framework used with CySAFE. For more detailed background information on the security standards documents, users can refer to the links found in the Appendix worksheet. Step 2: Become Familiar With the Tool CySAFE was built in a Microsoft Excel workbook with eight worksheets. Each worksheet plays a different role in evaluating and understanding IT security readiness. The following worksheets are included: Instructions: Provides a general overview on how to use CySAFE Assessment: The assessment consists of a master list of 36 controls, across three key factors (cost, time and risk) and a rating scale of 0 5 Assessment Results: Provides a color coded list of each security control ordered by highest to lowest priority with the rating and CySAFE score, indicating the government agency's most important IT security initiatives Control Category & Summary: Controls are grouped into five categories and summarized in a chart and graphs to help improve IT security posture and track progress over time 20 CC: Provides a list of 19 selected controls including: control descriptions, examples of controls in place and the basic security level recommended ISO: Provides a list of 11 selected controls including: control descriptions, examples of controls in place and the basic security level recommended NIST: Provides a list of 6 selected controls including: control descriptions, examples of controls in place and the basic security level recommended Appendix: Provides links to the standards documents, reference documents and CySAFE contributors Step 3: Conduct an Assessment To begin the assessment, the user reviews the rating scale below and becomes familiar with the description for each number. The Assessment Rating Scale is adapted from the Carnegie Mellon University's Capability Maturity Model Integration (CMMI), a process
3 CySAFE Security Assessment Tool Wayne County, Michigan P a g e 3 improvement training and appraisal program. Next, the user selects the Assessment worksheet and enters a rating from 0 5 in Column I for each security control. Assessment Rating Scale: 0 Non Existent: Management Processes are not in place. Complete lack of any recognizable processes. The organization has not recognized that there is an issue to be addressed. 1 Initial Processes are ad hoc and disorganized: There is evidence that the organization has recognized that the issues exist and need to be addressed. However, there are no standardized processes. There are ad hoc approaches that tend to be applied on an individual or case by case basis. The overall approach to management is disorganized. 2 Repeatable Processes follow a regular pattern: Processes have developed to a stage where different people undertaking the same task follow similar procedures. There is no formal training or communication of standard procedures and responsibility is left to the individual. There is a high degree of reliance on the knowledge of individuals and errors are likely as a result. 3 Defined Processes are documented and communicated: Procedures have been standardized and documented and communicated through formal training. However, compliance with the procedures is left to each individual and it is unlikely that deviations will be detected. The procedures themselves are not sophisticated, but are the formalization of existing practices. 4 Managed Processes are monitored and measured: It is possible to monitor and measure compliance with procedures and to take action where processes appear not to be working effectively. Processes are under constant improvement and provide good practice. Automation and tools are used in a limited or fragmented way. 5 Optimized Best Practices are followed and automated: Processes have been refined to a level of best practice, based on the results of continuous improvement and benchmarking with other organizations and industry best practices. It is used in an integrated way to automate the workflow, providing tools to improve quality and effectiveness, making the enterprise quick to adapt.
4 CySAFE Security Assessment Tool Wayne County, Michigan P a g e 4 Step 4: Review Assessment Results Once the assessment is completed, the user selects the Assessment Results worksheet and reviews the results. The worksheet will list 36 controls with the user s rating and the CySAFE Score sorted from highest to lowest priority. The list will be color coded to depict the user s government agency's most important IT security initiatives. Controls highlighted in red indicate the highest priority for IT security initiatives. Controls highlighted in orange indicate the next highest priority for IT security initiative, with those highlighted in yellow being the next highest priority. Step 5: Implement New Controls/Enhance Security Capability The user refers to the 20 Critical Controls, ISO and NIST documentation for information on how to mitigate the risks, enhance or implement the security controls. These documents provide the much needed detail and foundational information for the user s agency to move its security program forward. Step 6: Reevaluate on a Periodic Basis A reassessment with CySAFE should be done quarterly and whenever the government agency implements any new IT products or processes. Quarterly graphing capabilities are available in the Control Category and Summary worksheet to help agencies track their progress. 4. Responding to Economic Downturn: This program was not created in response to an economic downturn. 5. Use of Technology: The CySAFE tool was built using Microsoft Excel, including Excel macros. The program is delivered to government agencies via download available on several websites. Use of an industry-standard format enables the widest possible use of the tool. 6. Cost of the Program: The cost of the program was limited to the opportunity cost of the efforts involved to create and market the tool. No funds were expended in this effort.
5 CySAFE Security Assessment Tool Wayne County, Michigan P a g e 5 7. The Results/Success of the Program: To date, more than 200 government agencies across the U.S. have downloaded the tool for their own use. 8. Worthiness of an Award: As articulated above, this program meets the required award criteria: The program became operational after January 1, 2010, The program has measurable results. County officials and staff, as part of their official duties, played a significant role in developing and implementing the program, with limited assistance from outside technical experts and/or consultants. This program promotes intergovernmental cooperation and coordination in addressing shared problems. This program is innovative and does not rely on the application of techniques or procedures that are common practice in most counties of similar population size. All aspects of this program are consistent with acceptable governmental and financial management practices and promote general governmental accountability.
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationRSA Cybersecurity Poverty Index
RSA Cybersecurity Poverty Index 2016 RSA Cybersecurity Poverty Index Overview Welcome to RSA s second annual Cybersecurity Poverty Index. The RSA Cybersecurity Poverty Index is the result of an annual
More informationRSA Cybersecurity Poverty Index : APJ
RSA Cybersecurity Poverty Index : APJ 2016 Overview Welcome to RSA s second annual Cybersecurity Poverty Index. The RSA Cybersecurity Poverty Index is the result of an annual maturity self-assessment completed
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More information2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report
Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report ii Nationwide Cyber Security Review: Summary Report Acknowledgments The Multi-State Information Sharing
More informationToday s cyber threat landscape is evolving at a rate that is extremely aggressive,
Preparing for a Bad Day The importance of public-private partnerships in keeping our institutions safe and secure Thomas J. Harrington Today s cyber threat landscape is evolving at a rate that is extremely
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationInformation Security Continuous Monitoring (ISCM) Program Evaluation
Information Security Continuous Monitoring (ISCM) Program Evaluation Cybersecurity Assurance Branch Federal Network Resilience Division Chad J. Baer FNR Program Manager Chief Operational Assurance Agenda
More informationAudit and Compliance Committee - Agenda
Audit and Compliance Committee - Agenda Board of Trustees Audit and Compliance Committee April 17, 2018, 1:30 2:30 p.m. President s Board Room Conference Call-In Phone #1-800-442-5794, passcode 463796
More informationWhite Paper. View cyber and mission-critical data in one dashboard
View cyber and mission-critical data in one dashboard Table of contents Rising cyber events 2 Mitigating threats 2 Heighten awareness 3 Evolving the solution 5 One of the direct benefits of the Homeland
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 10 Chapter X Security Performance Metrics Background For many years now, NERC and the electricity industry have taken actions to address cyber and physical
More informationCONCLUSIONS AND RECOMMENDATIONS
Chapter 4 CONCLUSIONS AND RECOMMENDATIONS UNDP and the Special Unit have considerable experience in South-South cooperation and are well positioned to play a more active and effective role in supporting
More informationCyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber
CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber Initiatives 30 January 2018 1 Agenda Federal Landscape Cybersecurity
More informationCYBERSECURITY MATURITY ASSESSMENT
CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance
More informationSOLUTION BRIEF Virtual CISO
SOLUTION BRIEF Virtual CISO programs that prepare you for tomorrow s threats today Organizations often find themselves in a vise between ever-evolving cyber threats and regulatory requirements that tighten
More informationCybersecurity and the Board of Directors
Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationConvergence of BCM and Information Security at Direct Energy
Convergence of BCM and Information Security at Direct Energy Karen Kemp Direct Energy Session ID: GRC-403 Session Classification: Advanced About Direct Energy Direct Energy was acquired by Centrica Plc
More informationInformation Security and Service Management. Security and Risk Management ISSM and ITIL/ITSM Interrelationship
Information Security and Service Management for Management better business for State outcomes & Local Governments Security and Risk Management ISSM and ITIL/ITSM Interrelationship Introduction Over the
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity Draft Version 1.1 National Institute of Standards and Technology January 10, 2017 Note to Reviewers on the Update and Next Steps The draft
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationHouston Urban Area Security Initiative (UASI) Cybersecurity Mini-Assessment Workshop
Houston Urban Area Security Initiative (UASI) Cybersecurity Mini-Assessment Workshop 3 June 2016 2 Agenda UASI Introduction Cyber Security Mini-Assessment 10:00AM - 10:30AM 10:30AM - Noon Networking Lunch
More informationTEL2813/IS2621 Security Management
TEL2813/IS2621 Security Management James Joshi Associate Professor Lecture 4 + Feb 12, 2014 NIST Risk Management Risk management concept Goal to establish a relationship between aggregated risks from information
More informationTable of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING
Table of Contents Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Chapter 1: Significance of Internal Auditing in Enterprises Today: An Update 3 1.1 Internal Auditing History and Background
More informationCybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com
Cybersecurity Presidential Policy Directive Frequently Asked Questions kpmg.com Introduction On February 12, 2013, the White House released the official version of the Presidential Policy Directive regarding
More informationNEWTON COUNTY OPEN RECORDS ACT POLICY
NEWTON COUNTY OPEN RECORDS ACT POLICY As a public entity, Newton County is subject to the Open Records Act, O. C. G.A. 50-18- 70 et seq. Newton County is committed to conducting its business in a manner
More informationA Working Paper of the EastWest Institute Breakthrough Group. Increasing the Global Availability and Use of Secure ICT Products and Services
A Working Paper of the EastWest Institute Breakthrough Group Increasing the Global Availability and Use of Secure ICT Products and Services August 5, 2015 The EastWest Institute (EWI) is leading a Global
More informationITG. Information Security Management System Manual
ITG Information Security Management System Manual This manual describes the ITG Information Security Management system and must be followed closely in order to ensure compliance with the ISO 27001:2005
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationRisk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23
Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance
More informationISO/ IEC (ITSM) Certification Roadmap
ISO/ IEC 20000 (ITSM) Certification Roadmap Rasheed Adegoke June 2013 Outline About First Bank Motivations Definitions ITIL, ISO/IEC 20000 & DIFFERENCES ISO/ IEC 20000 Certification Roadmap First Bank
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationDemystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow
Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases Gen Fields Senior Solution Consultant, Federal Government ServiceNow 1 Agenda The Current State of Governance, Risk, and Compliance
More informationITIL V3.0 Compliance Benchmarking with CMMI-SVC SCAMPI A
ITIL V3.0 Compliance Benchmarking with CMMI-SVC SCAMPI A CMMI Technology Conference and User Group November 18 th, 2009 Jeffrey L. Dutton Chief Engineer Jacobs Technology Inc. ITSS Administrivia Trademarks
More informationNCCoE TRUSTED CLOUD: A SECURE SOLUTION
SESSION ID: SPO1-W14 NCCoE TRUSTED CLOUD: A SECURE SOLUTION Donna Dodson Associate Director Chief Cyber Security Advisor of the Information Technology Laboratory, Chief Cybersecurity Advisor for the National
More informationThe Center for Internet Security
The Center for Internet Security The CIS Security Metrics Service July 1 2008 Organizations struggle to make cost-effective security investment decisions; information security professionals lack widely
More informationCyber Hygiene: A Baseline Set of Practices
[DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright
More informationS&T Stakeholders Conference
S&T Stakeholders Conference Risk-Informed Requirements Process Col. Merrick Krause, USAF (Ret.) Director Infrastructure Analysis & Strategy Division U.S. Department of Homeland Security June 2-5, 2008
More informationConcept Note: GIDC. Feasibility Study(F/S) on Government Integrated Data Center (GIDC) for the Republic of Nicaragua
Concept Note: GIDC 1. Title of Proposed Project Feasibility Study(F/S) on Government Integrated Data Center (GIDC) for the Republic of Nicaragua 2. Organization Nicaraguan Institute for Telecommunications
More informationBest Practices & Lesson Learned from 100+ ITGRC Implementations
Best Practices & Lesson Learned from 100+ ITGRC Implementations Presenter: Vivek Shivananda CEO of Rsam Dec 3, 2010 ISACA -NY Chapter Copyright 2002 2010 Relational Security Corp. (dba Rsam) Agenda Overview
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationSTAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:
STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security
More informationCYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS
CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS WILLIAM (THE GONZ) FLINN M.S. INFORMATION SYSTEMS SECURITY MANAGEMENT; COMPTIA SECURITY+, I-NET+, NETWORK+; CERTIFIED
More informationCYBERSECURITY RESILIENCE
CLOSING THE IN CYBERSECURITY RESILIENCE AT U.S. GOVERNMENT AGENCIES Two-thirds of federal IT executives in a new survey say their agency s ability to withstand a cyber event, and continue to function,
More informationThe National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne
The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne Schwartz, Assoc. Dir., CDRH, FDA Denise Anderson, MBA, President,
More informationChapter X Security Performance Metrics
Chapter X Security Performance Metrics Page 1 of 9 Chapter X Security Performance Metrics Background For the past two years, the State of Reliability report has included a chapter for security performance
More informationTo Audit Your IAM Program
Top Five Reasons To Audit Your IAM Program Best-in-class organizations are auditing their IAM programs - are you? focal-point.com Introduction Stolen credentials are the bread and butter of today s hacker.
More informationVirtustream Cloud and Managed Services Solutions for US State & Local Governments and Education
Data Sheet Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education Available through NASPO ValuePoint Cloud Services VIRTUSTREAM CLOUD AND MANAGED SERVICES SOLUTIONS
More informationstandards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices
standards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices mike.garcia@cisecurity.org The big three in their own words ISO 27000: family of standards to help organizations
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationFederal Continuous Monitoring Working Group. March 21, DOJ Cybersecurity Conference 2/8/2011
Federal Continuous Monitoring Working Group March 21, 2011 DOJ Cybersecurity Conference 2/8/2011 4/12/2011 Why Continuous Monitoring? Case for Change Strategy Future State Current State Current State Case
More informationPOSITION DESCRIPTION
Network Security Consultant POSITION DESCRIPTION Unit/Branch, Directorate: Location: Regulatory Unit Information Assurance and Cyber Security Directorate Auckland Salary range: I $90,366 - $135,548 Purpose
More informationUnited States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS
United States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS UTILITY CYBER SECURITY INITIATIVE (UCSI) CYBERSECURITY CAPABILITY MATURITY MODEL (C2M2) ASSESSMENT FOR THE
More informationDemystifying GRC. Abstract
White Paper Demystifying GRC Abstract Executives globally are highly focused on initiatives around Governance, Risk and Compliance (GRC), to improve upon risk management and regulatory compliances. Over
More informationMeeting PCI DSS 3.2 Compliance with RiskSense Solutions
Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationExecutive Summary and Overview
A Cross-Sector Capabilities, Resources, and Needs Assessment: Research to Support the Drafting of the Oregon Cybersecurity Center of Excellence Proposal Executive Summary and Overview Updated April 2018
More informationImplementing ITIL v3 Service Lifecycle
Implementing ITIL v3 Lifecycle WHITE PAPER introduction GSS INFOTECH IT services have become an integral means for conducting business for all sizes of businesses, private and public organizations, educational
More informationCOMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN
COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING
More informationCyber Risk A Corporate Directors' Briefing Webcast Q&A Summary
Cyber Risk A Corporate Directors' Briefing Webcast Q&A Summary Cyber experts from Marsh & McLennan Companies and WomenCorporateDirectors hosted an engaging webcast on August 16 th entitled Cyber Risk A
More informationGeneral Data Protection Regulation (GDPR)
BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017
More informationAutomated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk
Automated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk Skybox Security Whitepaper January 2015 Executive Summary Firewall management has
More informationRisk Advisory Academy Training Brochure
Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty
More informationITG. Information Security Management System Manual
ITG Information Security Management System Manual This manual describes the ITG Information Security Management system and must be followed closely in order to ensure compliance with the ISO 27001:2005
More informationAcademic Program Review at Illinois State University PROGRAM REVIEW OVERVIEW
Academic Program Review at Illinois State University PROGRAM REVIEW OVERVIEW For Research and Service Centers Submitting Self-Study Reports Fall 2017 INTRODUCTION Primary responsibility for maintaining
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationCybersecurity 2016 Survey Summary Report of Survey Results
Introduction In 2016, the International City/County Management Association (ICMA), in partnership with the University of Maryland, Baltimore County (UMBC), conducted a survey to better understand local
More informationHIPAA Compliance is not a Cybersecurity Strategy
HIPAA Compliance is not a Cybersecurity Strategy Presented by: Hector Rodriguez, WW Health CISO, Microsoft Jay Trinckes, Director, Coalfire Speaker Introductions Hector Rodriguez, WW Health CISO, Microsoft
More informationFundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL
Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL Shifting budgets and responsibilities require IT and physical security teams to consider fundamental change in day-to-day
More informationAchilles System Certification (ASC) from GE Digital
Achilles System Certification (ASC) from GE Digital Frequently Asked Questions GE Digital Achilles System Certification FAQ Sheet 1 Safeguard your devices and meet industry benchmarks for industrial cyber
More informationCYBERSECURITY RISK ASSESSMENT
CYBERSECURITY RISK ASSESSMENT ACME Technologies, LLC Page 1 of 46 TABLE OF CONTENTS EXECUTIVE SUMMARY 3 ASSESSMENT SCOPE & CONTEXT 4 RISK ASSESSMENT SCOPE 4 RISK MANAGEMENT OVERVIEW 4 ENTERPRISE RISK MANAGEMENT
More informationTHE CYBERSECURITY LITERACY CONFIDENCE GAP
CONFIDENCE: SECURED WHITE PAPER THE CYBERSECURITY LITERACY CONFIDENCE GAP ADVANCED THREAT PROTECTION, SECURITY AND COMPLIANCE Despite the fact that most organizations are more aware of cybersecurity risks
More informationExcellence In Ecological Restoration Program. Program Overview
Excellence In Ecological Restoration Program Program Overview December 4, 2014 What is the Excellence in Ecological Restoration Program? (EERP) Program Background & Description The primary purpose of the
More informationDepartment of Management Services REQUEST FOR INFORMATION
RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More informationU.S. Department of Homeland Security Office of Cybersecurity & Communications
U.S. Department of Homeland Security Office of Cybersecurity & Communications Council of State Governments Cybersecurity Session November 3, 2017 Cybersecurity & Communications (CS&C) CS&C s Mission ensure
More informationWECC Internal Controls Evaluation Process WECC Compliance Oversight Effective date: October 15, 2017
WECC Internal Controls Evaluation Process WECC Compliance Oversight Effective date: October 15, 2017 155 North 400 West, Suite 200 Salt Lake City, Utah 84103-1114 WECC Internal Controls Evaluation Process
More informationINFORMATION SECURITY MANAGEMENT SYSTEMS CERTIFICATION RESEARCH IN THE ROMANIAN ORGANIZATIONS
U.P.B. Sci. Bull., Series D, Vol. 77, Iss. 4, 2015 ISSN 1454-2358 INFORMATION SECURITY MANAGEMENT SYSTEMS CERTIFICATION RESEARCH IN THE ROMANIAN ORGANIZATIONS Bogdan ŢIGĂNOAIA 1, Anca-Alexandra PURCĂREA
More informationVulnerability Assessments and Penetration Testing
CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze
More informationAFRICA AND MIDDLE EAST AVIATION SECURITY ROADMAP
AFRICA AND MIDDLE EAST AVIATION SECURITY ROADMAP GASeP: The Roadmap to foster Aviation Security in Africa and the Middle East Sharm El Sheikh, Egypt, 22-24 August 2017 REGIONAL MINISTERIAL CONFERENCE ON
More informationPOSITION DESCRIPTION
POSITION DESCRIPTION Engagement Manager Unit/Branch, Directorate: Location: Outreach & Engagement, Information Assurance and Cyber Security Directorate Auckland Salary range: H $77,711 - $116,567 Purpose
More informationDecoding security frameworks for effective cyber defense. David Allott McAfee
Decoding security frameworks for effective cyber defense David Allott McAfee $171B Cost of cybercrime Frameworks useful or just another distracting trend? What are the analysts saying? What is the industry
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More informationConcept Note. Scope and purpose of the First Meeting: Objectives Expected outcomes Suggested participants Logistics and registration Discussion papers
First Meeting of UN Funds, Programmes and Agencies on the Implementation of the Political Declaration of the High-level Meeting of the General Assembly on the Prevention and Control of NCDs (New York,
More informationDoug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017
Cyber Concerns of Local Government and What Does It Mean to Transportation Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017 Transportation and Infrastructure
More informationSTRATEGIC PLAN. USF Emergency Management
2016-2020 STRATEGIC PLAN USF Emergency Management This page intentionally left blank. Organization Overview The Department of Emergency Management (EM) is a USF System-wide function based out of the Tampa
More informationSTATE ENERGY RISK ASSESSMENT INITIATIVE ENERGY INFRASTRUCTURE MODELING AND ANALYSIS. National Association of State Energy Of ficials
STATE ENERGY RISK ASSESSMENT INITIATIVE ENERGY INFRASTRUCTURE MODELING AND ANALYSIS Alice Lipper t Senior Technical Advisor Of fice of Electricity Deliver y and Energy Reliability (OE) US Depar tment of
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationInternal Controls Evaluation (ICE) Processing
Internal Controls Evaluation (ICE) September 28, 2017 RAM-102 3000 Bayport Drive, Suite 600 Tampa, Florida 33607-8411 (813) 289-5644 - Phone (813) 289-5646 Fax www.frcc.com Table of Contents Page 3 of
More informationBuilding UAE s cyber security resilience through effective use of technology, processes and the local people.
WHITEPAPER Security Requirement WE HAVE THE IN-HOUSE DEPTH AND BREATH OF INFORMATION AND CYBER SECURIT About Us CyberGate Defense (CGD) is a solution provider for the full spectrum of Cyber Security Defenses
More informationNEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES
NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES Kristina Doda & Aleksandar Vanchoski Budapest, CEPOL conference 2017 New technologies - new social interactions and economic development - need
More informationCyber Resilience: Developing a Shared Culture. Sponsor Guide
Lead : Cyber Resilience: Developing a Shared Culture Guide ISfL Annual Cyber Security Conference This ISfL Conference has been made possible by the exhibitors who kindly sponsored the event. Please show
More information