UNB S CYBERSECURITY PROGRAM
|
|
- Alfred Hart
- 6 years ago
- Views:
Transcription
1 UNB S CYBERSECURITY PROGRAM SEPTEMBER 7, 017 A fundamental step towards an advanced cybersecurity practice at UNB was taken recently when the Board of Governors approved the Information Security Policy, which shares responsibility for the protection of UNB information across the entire UNB community. An underlying principle of the policy is that community members must do their part in securing the enterprise; further, the Information Security Policy describes the framework of roles and responsibilities for information protection, including assignment to ITS of developing and executing this cybersecurity program. 1
2 INTRODUCTION Ever since UNB was established, most of its information has been stored on paper and the primary technology used to secure it was the lock. Roles and responsibilities for securing information were relatively easy to define. A lot has changed. Now, most information is created, stored and maintained electronically, and there is a lot of it. People expect to access information any time and from anywhere in the world. In recent times, the value of information for criminal purposes has skyrocketed. Criminals work hard to obtain it, because the payback is good; they are always coming up with new methods to do their deeds. The results can be devastating. Universities across the world experience data breaches resulting in the loss of huge numbers of personal records costing reputations and sometimes millions of dollars. Intellectual property is particularly attractive, and always at high risk. Furthermore, criminals are rapidly adapting their attacks to support extortion attempts; some universities, having fallen prey to malicious takeovers of their information, have paid significant ransoms to obtain access to their own property. Various high-profile cybersecurity breaches of late at Canada s National Research Council, Carleton University, the University of Calgary, to name just a few provide a stark reminder that criminals are intent on exploiting weaknesses in cybersecurity wherever they can find them. Every week at UNB over 50 million attempts are made to find ways into our systems (akin to someone checking a door to see if it is locked, these attempts are highly automated and very, very persistent). Students, faculty, and staff succumb to phishing attempts with alarming frequency, and every month over 100 UNB-owned computers fall victim to malware and worse. Since a 01 external assessment of UNB s IT security, ITS has worked tirelessly to ensure the university has the best cybersecurity program possible. Many crucial building blocks have been put in place or are underway; we ve come a long way, and while there is more to do, the road ahead is clearer than it s ever been. This document describes the cybersecurity program, including its objectives, the framework of standards upon which it is built, plus several current and future initiatives that ensure the university is as cyber-safe and -aware as it can possibly be.
3 OBJECTIVES The cybersecurity program has several objectives: 1 Implement a robust, standards-based cybersecurity approach and practice Deploy appropriate tools throughout the technology stack to ensure a multi-layered defense 3 Support active community participation in cybersecurity through building awareness of best practices 4 Produce reasonable, coherent, and usable cybersecurity procedures and guidelines 5 Collaborate with stakeholders across the university to encourage shared oversight and to mitigate risk STANDARDS-BASED APPROACH UNB s cybersecurity framework is based on various international standards: 1 ISO/IEC 700:013, Information technology Security techniques Code of practice for information security management (International Organization for Standardization) NIST SP800-53, Security and Privacy Controls for Federal Information Systems and Organizations (National Institute for Science and Technology) 3 COBIT5 Processes: APO13: Manage Security; DSS05: Manage Security Services (ISACA) 3
4 FRAMEWORK Governance, Risk, Compliance Education, Awareness Threat management, Incident response Architecture, Development, Tools Operations, Monitoring UNB s cybersecurity framework has five major components¹, encompassing: 1 GOVERNANCE, RISK, AND COMPLIANCE Align with UNB s governance model; foster collaboration with risk management; and ensure compliance with university policies. ARCHITECTURE, DEVELOPMENT, AND TOOLS Ensure a security by design approach to all IT initiatives 3 OPERATIONS AND MONITORING Support the basics patching, monitoring, adopting best practices, etc. and make sure they are done right 4 THREAT MANAGEMENT AND INCIDENT RESPONSE Understand the threat environment and provide appropriate incident response 5 EDUCATION AND AWARENESS Address the human factor in cybersecurity ¹ Adapted from Josi, Monika, Building a security transformation program in our new information security world, ISACA blog posting, May 1,
5 CURRENT AND COMING CYBERSECURITY INITIATIVES ALIGNED WITH UNB STRATEGY Exceptional student experience Provide robust, always-on data networks that enable discovery while protecting students and UNB A next-generation firewall (NGFW) is being implemented across UNB, replacing obsolete technology while advancing our ability to finely tune perimeter protection of our networks to allow only legitimate community members and traffic to use them. NGFW ensures stable, reliable networks that are always available, 4/7. Network access control (NAC) technology is being deployed to ensure cybersecurity rules covering who has access to what are being enforced easing the way for students and guests but preventing unauthorized users from attacking or piggybacking on our systems. New end-point protection software has been deployed across UNB to reduce virus, malware, and other incidents that plague individual users. Over the next year, UNB s wireless networks will be fully refurbished; we are adopting new technology to keep up with demand posed by ever-increasing numbers of devices connecting to our networks. The average student now brings at least 3 wi-fi connected devices to our campuses every day. Leadership in discovery, innovation, and entrepreneurship Try out new tools, contributing to their design and development ITS has a long and unique history of developing, testing, and piloting new tools to help us protect the university and its data assets. Most recently, IBM s Watson (AI) for cybersecurity was tried out. We also piloted Trend Micro s Deep Discovery, an analysis tool for hard-to-detect incidents. In both cases, feedback provided to the vendors was useful in enhancing the products. 5
6 ITS uses Q-Radar, an incident analysis tool it helped develop years ago, and which eventually was spun off, by the former UNB employees who developed it, as a separate company. We work with the vendor (now IBM) by testing enhancements and additional features, and providing feedback. Foster ideas and initiatives that advance cybersecurity beyond UNB We are currently working on a joint cybersecurity project with CANARIE, Canada s research and education network, to build a nationwide community of cybersecurity expertise and tools. We have begun to deploy Beauceron, a new product from a start-up of the same name (and built by current and former ITS staff), which will help community members protect themselves and the university by building awareness and providing timely education about cybersecurity threats and best practices in preventing incidents and breaches. Financial resilience and responsibility Reduce overall cyber-risk by deploying state-of-the-art monitoring tools and responding appropriately when threats appear A variety of monitoring tools gives ITS insight into network, equipment, and service security and performance. We monitor all aspects of IT operations, and use experience, skill, and analytical processes and tools to assist us in evaluating data and making decisions on responses quickly and appropriately. Assess periodically the university s preparedness for cybersecurity threats and events ITS has a well-defined disaster recovery and business continuity strategy and plan, which are constantly updated to reflect the ever-changing landscape of threats and technological change. We ve expanded the definition of disaster recovery to include cybersecurity incidents, and perform table-top tests to gain practice and to refine our maturing processes and procedures. 6
7 ITS has undergone several external assessments in recent years, notably threat risk assessment, and penetration and vulnerability testing. These assessments led directly to major strategic initiatives such as renovation of the main UNB data centre, construction of the Wu disaster recovery site, and hardening of all our IT infrastructure to protect it from a multitude of threats. When the current deployment of NGFW, NAC, and end-point protection is completed, we will commission another external assessment to identify any remaining gaps in our cybersecurity posture. Build a better university Develop and communicate reasonable and usable cybersecurity standards, best practices, procedures, and guidelines With the approval of the university s first Information Security Policy, the foundation is established for building out the tools the community needs to fully understand the various roles necessary for protecting UNB from cyber-threats. For example, basic guidelines for responding to cyber incidents have been formulated, along with corresponding step-by-step procedures to ensure timely and adequate actions. Many more such documents will be produced over time, ensuring community members have access to relevant, understandable resources, whether to proactively head off incidents, or to deal with them while and after they occur. Deliver community education and awareness on cyber-risk, and broadly communicate ways to reduce personal and UNB cyber-risk It has been amply and well demonstrated at UNB that effective education and awareness training greatly reduces individual risk of succumbing to phishing, attempted fraud, and outright theft of personal data. ITS continues to conduct simulated phishing attempts aimed at staff and faculty to ensure they don t become complacent and ease up on cyber threat vigilance. In addition, targeted presentations to groups and committees ensure cybersecurity remains top-of-mind throughout the university, from senior management and the Board, to faculty councils, to student bodies and clubs. 7
8 Build a better province Protect the provincial research and education network As the operator of the New Brunswick research and education data network, on behalf of the NB/PEI Educational Computer Network (ECN), ITS is responsible for ensuring the network meets performance, financial, and cybersecurity expectations and standards. The NGFW being deployed at UNB is also being implemented across the R&E network, equipping it with state-of-the-art protection and tools. Collaborate with other IT services across the public and private sectors ITS has a rich history of collaboration with others on IT projects and initiatives; cybersecurity presents many oppportunties for continuing this highly-valued tradition. For years, ECN has procured anti-virus and anti-spam solutions; the latest consortium-wide procurements include endpoint protection and the NGFW mentioned above. All of these are led and managed by ITS. Further, ITS is fully engaged with its ECN partners in seeking out projects that will benefit all or most with lower costs and ease of management. For example, the forthcoming UNB cybersecurity assessment is part of a larger initiative in which all of the ECN institutions will have similar assessments done, with results to be shared to the benefit of all. 8
9 RESOURCES Effective cybersecurity requires highly specialized skills, equipment, and tools, along with appropriate organization and management. To ensure UNB is well protected, a number of groups and positions participate in the cybersecurity program. Goveranance The Enterprise Systems and Services Governance committee, chaired by the Vice President Administration and Finance, ensures that UNB has appropriate strategies and resources in place to provide the most secure but flexible IT environment possible to the community. A steering committee, reporting to ESSG, will be set up. Once operating, this steering committee will provide strategic guidance for the cybersecurity program, and with other ESSG members will encourage the entire UNB community to participate in cybersecurity education and awareness through personal engagement with community members, sponsor activities such as simulated phishing campaigns, and lead by example by trying out and adopting common cybersecurity best practices and tools. Management The Security Operations Committee (SOC) reports to the AVP, ITS, and is accountable for deploying resources to protect the university; monitoring the effectiveness of various tools used to provide robust protection across UNB; and responding to incidents as needed. Membership is comprised of: Director of IT Operations Director of IT Architecture Manager of Technical Operations Manager of Service Operations Senior Cybersecurity Officer Network Services Manager (Saint John) AVP, ITS (ex officio) 9
10 Operations Day-to-day cybersecurity monitoring, analysis, and response are distributed among positions both within and external to ITS. Systems and network analysts monitor tools like Q-Radar to keep informed of potential and real threats occurring at any given time affecting UNB IT infrastructure; when issues arise they either respond directly or escalate them to SOC. The Desktop Management Group, along with the entire Level 1 community across UNB, deal with issues affecting desktops, laptops, and other devices. In the future, much of this activity will be coordinated by the Senior Cybersecurity Officer, who will provide a single-point-of-contact for many cybersecurity issues. Training and Awareness The Senior Cybersecurity Officer will also be responsible for extending and sustaining current and future training and awareness about cybersecurity across UNB. This includes phishing simulations, presentations to governance, management, and staff and students groups on all campuses, and online resources in support of cybersecurity initiatives. 10
THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationGEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards
GEORGIA CYBERSECURITY WORKFORCE ACADEMY NASCIO 2018 State IT Recognition Awards Title: Georgia Cybersecurity Workforce Academy Category: Cybersecurity State: Georgia Contact: Stanton Gatewood Stan.Gatewood@gta.ga.gov
More informationCybersecurity, safety and resilience - Airline perspective
Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationDefending Our Digital Density.
New Jersey Cybersecurity & Communications Integration Cell Defending Our Digital Density. @NJCybersecurity www.cyber.nj.gov NJCCIC@cyber.nj.gov The New Jersey Cybersecurity & Communications Integration
More informationEmerging Issues: Cybersecurity. Directors College 2015
Emerging Issues: Cybersecurity Directors College 2015 Agenda/Objectives Define Cybersecurity Cyber Fraud Trends/Incidents FFIEC Cybersecurity awareness initiatives Community Bank expectations FFIEC Cybersecurity
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationTackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud
Tackling Cybersecurity with Data Analytics Identifying and combatting cyber fraud San Antonio IIA iheartaudit Conference February 24, 2017 What We ll Cover + Current threat landscape + Common security
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationMonthly Cyber Threat Briefing
Monthly Cyber Threat Briefing January 2016 1 Presenters David Link, PM Risk and Vulnerability Assessments, NCATS Ed Cabrera: VP Cybersecurity Strategy, Trend Micro Jason Trost: VP Threat Research, ThreatStream
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationCROWDSTRIKE FALCON FOR THE PUBLIC SECTOR
C R O W D S T R I K E P U B L I C S E C T O R S O L U T I O N S CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR SECURE YOUR ENTERPRISE WITH A THAT PROVIDES UNRIVALED PROTECTION, SECURITY EXPERTISE, AND OPTIMAL
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationSTRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government
ATIONAL STRATEGY National Strategy for Critical Infrastructure Government Her Majesty the Queen in Right of Canada, 2009 Cat. No.: PS4-65/2009E-PDF ISBN: 978-1-100-11248-0 Printed in Canada Table of contents
More informationISE North America Leadership Summit and Awards
ISE North America Leadership Summit and Awards November 6-7, 2013 Presentation Title: Presenter: Presenter Title: Company Name: Embracing Cyber Security for Top-to-Bottom Results Larry Wilson Chief Information
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationBringing Cybersecurity to the Boardroom Bret Arsenault
SESSION ID: CXO-T11 Bringing Cybersecurity to the Boardroom Bret Arsenault Corporate Vice President & CISO Microsoft Security has Transcended from to a an 3 How Microsoft Approaches Security Reinventproductivity
More informationWITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,
More informationCybersecurity & Privacy Enhancements
Business, Industry and Government Cybersecurity & Privacy Enhancements John Lainhart, Director, Grant Thornton The National Institute of Standards and Technology (NIST) is in the process of updating their
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationNATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium
NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationRBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH
RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH CONTEXT RBI has provided guidelines on Cyber Security Framework circular DBS. CO/CSITE/BC.11/33.01.001/2015-16
More informationCanada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?
Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY
More informationDefensible Security DefSec 101
Defensible Security DefSec 101 Security Day November 2017 Information Security Branch Paul Falohun Senior Security Analyst Dan Lathigee Senior Project Manager Content 1 Introduction 2 DefSec for PSO 3
More informationCYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018
CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationRun the business. Not the risks.
Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.
More informationIT Security: Managing a New Reality
IT Security: Managing a New Reality Kevin Lonergan #IDCDirections IDC You re Only as Strong as Your Weakest Link Locks Only Work if you Know How to Use Them IDC 2 Millions Canadian Security Market Forecast:
More informationCredit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank
Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.
More informationACM Retreat - Today s Topics:
ACM Retreat - Today s Topics: Phase II Cyber Risk Management Services - What s next? Policy Development External Vulnerability Assessment Phishing Assessment Security Awareness Notification Third Party
More informationOverview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 PPD-21: CI Security and Resilience On February 12, 2013, President Obama signed Presidential Policy Directive
More informationLes joies et les peines de la transformation numérique
Les joies et les peines de la transformation numérique Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA Professor, Solvay Brussels School of Economics and Management Academic Director, IT Management Education
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationDelivering Integrated Cyber Defense for the Cloud Generation Darren Thomson
Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582
More informationCYBER SOLUTIONS & THREAT INTELLIGENCE
CYBER SOLUTIONS & THREAT INTELLIGENCE STRENGTHEN YOUR DEFENSE DarkTower is a global advisory firm focused on security for some of the world s leading organizations. Our security services, along with real-world
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationNETWORKING &SECURITY SOLUTIONSPORTFOLIO
NETWORKING &SECURITY SOLUTIONSPORTFOLIO NETWORKING &SECURITY SOLUTIONSPORTFOLIO Acomprehensivesolutionsportfoliotohelpyougetyourbusiness securelyconnected.clickononeofoursolutionstoknowmore NETWORKING
More informationEffective Strategies for Managing Cybersecurity Risks
October 6, 2015 Effective Strategies for Managing Cybersecurity Risks Larry Hessney, CISA, PCI QSA, CIA 1 Everybody s Doing It! 2 Top 10 Cybersecurity Risks Storing, Processing or Transmitting Sensitive
More informationTechnical Conference on Critical Infrastructure Protection Supply Chain Risk Management
Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability
More informationManchester Metropolitan University Information Security Strategy
Manchester Metropolitan University Information Security Strategy 2017-2019 Document Information Document owner Tom Stoddart, Information Security Manager Version: 1.0 Release Date: 01/02/2017 Change History
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationEvolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha
Evolving the Security Strategy for Growth Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Where Do We Start? Our History, Making History In late 2016,
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationThe Center for Internet Security
The Center for Internet Security The CIS Security Metrics Service July 1 2008 Organizations struggle to make cost-effective security investment decisions; information security professionals lack widely
More informationSecurity Awareness Training Courses
Security Awareness Training Courses Trusted Advisor for All Your Information Security Needs ZERODAYLAB Security Awareness Training Courses 75% of large organisations were subject to a staff-related security
More informationTRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.
TRAINING WEEK COURSE OUTLINE May 9-13 2016 RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I. Page2 FACILITATOR S BIOGRAPHY John Tannahill, CA, CISM, CGEIT, CRISC is a management consultant specializing
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationISACA MOSCOW CHAPTER Chapter meeting 22 September 2016
ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016 Introduction Special guest speaker ISACA Audit committee member, Rosemary Amato Open dialog Wrap-up and close Special guest speaker CISA, CMA, CPA,
More informationWhat can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco
What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco Increasing Digital Traffic Creates a Greater Attack Surface Global IP Traffic
More informationEC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led
EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationSecurity Solutions. Overview. Business Needs
Security Solutions Overview Information security is not a one time event. The dynamic nature of computer networks mandates that examining and ensuring information security be a constant and vigilant effort.
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationGUIDELINES ON MARITIME CYBER RISK MANAGEMENT
E 4 ALBERT EMBANKMENT LONDON SE1 7SR Telephone: +44 (0)20 7735 7611 Fax: +44 (0)20 7587 3210 GUIDELINES ON MARITIME CYBER RISK MANAGEMENT MSC-FAL.1/Circ.3 5 July 2017 1 The Facilitation Committee, at its
More informationDecember 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development
December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationSecurity-as-a-Service: The Future of Security Management
Security-as-a-Service: The Future of Security Management EVERY SINGLE ATTACK THAT AN ORGANISATION EXPERIENCES IS EITHER ON AN ENDPOINT OR HEADING THERE 65% of CEOs say their risk management approach is
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationCyber Security and Cyber Fraud
Cyber Security and Cyber Fraud Remarks by Andrew Ross Director, Payments and Cyber Security Canadian Bankers Association for Senate Standing Committee on Banking, Trade, and Commerce October 26, 2017 Ottawa
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationConsolidation Committee Final Report
Committee Details Date: November 14, 2015 Committee Name: 36.6 : Information Security Program Committee Co- Chairs: Ren Flot; Whitfield Samuel Functional Area: IT Functional Area Coordinator: Phil Ventimiglia
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationCybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment
Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment SWG G 3 2016 v0.2 ISAO Standards Organization Standards Working Group 3: Information Sharing Kent Landfield, Chair
More informationLarry Clinton President & CEO (703)
For information about membership opportunities, please contact: Larry Clinton President & CEO lclinton@isalliance.org (703) 907-7028 For more information about the Internet Security Alliance, please visit
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationSTRATEGIC PLAN
STRATEGIC PLAN 2013-2018 In an era of growing demand for IT services, it is imperative that strong guiding principles are followed that will allow for the fulfillment of the Division of Information Technology
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More information