Preparing for Cyber Threats Against Your City
|
|
- Anne Reynolds
- 6 years ago
- Views:
Transcription
1 Preparing for Cyber Threats Against Your City Andrew Dolan Director of Stakeholder Engagement Kateri Gill Program Specialist Florida League of Cities
2 State, Local, Tribal, or Territorial Government Entity 2
3 Multi-State Information Sharing and Analysis Center The MS-ISAC is the focal point for cyber threat prevention, protection, response and recovery for the nation's SLTT governments. 3
4 Who We Serve MS-ISAC Members include: All 56 US States and Territories All 78 federally recognized fusion centers More than 1,300 local governments and tribal nations State, Local, Tribal, and Territorial Cities, counties, towns, airports, public education, police departments, ports, transit associations, and more 4
5 3.7 Billion Internet Users as of December % 9% 9% 4% 1% 50% Asia Europe Latin Am / Carib Africa 17% North America Middle East Oceania / Australia 5
6 Why Government? Criminals look for data... and governments have a lot of it! 6
7 The Value of Stolen Information and the costs of a breach Record Type Estimated Underground Value pre record (McAfee and World Privacy Forum) Financial Account $14-$25 Credit/Debit Card $4-$5 Medical Account Data $0.03-$2.42 Full Medical Record with $50 supporting documents Record Type Estimated Breach Cost Per Record (Ponemon Institute 2016 Report) Health $355 Education $246 Financial $221 7
8 Cyber Threat Actors Nation-states Cyber Criminals Hacktivists Insiders TLP: GREEN 8
9 Nation-State Actors (APT) Political Leverage Competitive Insight Intellectual Capital Cyber Warfare TLP: GREEN 9
10 Nation-State Spear Phishing Agency Director Agency Deputy Director Work related Expected business need Expected topic Unknown person Government employee Expected business need Implied relationship TLP: AMBER 10
11 Hacktivists Doxing DDoS Attacks Social, Political & Ideological Agenda Opportunistic System Compromise Targeted Web Defacements TLP: GREEN 11
12 Common Motives Against SLTTs Alleged Use of Excessive Force by LEO Perceived Injustice Alleged Animal Cruelty by LEO Alleged Offensive Comments Anti-Government Opportunistic TLP: GREEN 12
13 Cyber Threat Actor Attack Types Compromised Server 1% 1% DDos 20% 4% 7% Data Dump/ breach Defacement 1% 1% 7% 9% 49% Doxing Hoax Malicious Actor Activity Scanning SQLi XXS TLP: AMBER 13
14 Bitcoin Baron December January 2015 claimed responsibility for 11 DDoS attacks against SLTTs March 2015 claimed responsibility for 11 DDoS attacks against SLTTs March 23, 2015 accidentally posts an unrelated charge sheet on Twitter; pulls it offline almost immediately; but not before MS-ISAC sees it! April 9, 2015 charges announced Sept Indicted TLP: AMBER 14
15 Cyber Criminals Zeus Locky Financial Motivation Varying Expertise Upatre/ Dyre Vawtrak Bedep Dridex TLP: GREEN 15
16 Ransomware Ransomware Infection Vectors 1. Visiting a malicious or compromised site 2. Opening a malicious attachment Recent Trends 1. New Variants / TTPs 2. Ransomware-as-a-Service 3. Used in extortion schemes Prevention Mechanisms 1. Keep your systems patched 2. Keep your AV up-to-date 3. filtering 4. End user training and awareness 5. Have backups 16
17 Los Angeles Valley College Los Angeles Valley College had servers compromised by Ransomware LAVC Network, , and phone systems were brought down $28,000 in BTC was paid to restore service A claim has been opened with their cybersecurity insurance provider 17
18 Database Dumps TLP: GREEN 18
19 Out of 117 Million Passwords: # of users password 1,135, ,488 linkedin 188,380 password 149, , , , , ,870 qwerty 51,535 sunshine 2,094,243 Source: PandaLabs Q Report 19
20 Password Reuse In 2016, Intuit identified that over 40% of accounts taken over by cyber threat actors, were accessed through reused credentials. 20
21 Insiders Revenge Accidental Financial Motivation Power & Control Varying Expertise Guests Former Employees Trusted 3 rd parties TLP: GREEN 21
22 Employee Mistakes TLP: GREEN 22
23 2 Computers in the Prison Ceiling Used parts from a computer recycling program Detected July 3, 2015, when contractor s Internet threshold was exceeded Previously tried to access file-sharing sites Looked for ways around the proxies Network cable led to the ceiling Forensic analysis of the hard drives found pornography, articles about making drugs, explosives and credit card fraud 23
24 What Can You Do? Patch Training Backups Harden Systems Update Policies Compliance Scan Systems Encrypt Mobile Devices Take part in information sharing Critical Security Controls 1. Identify authorized and unauthorized devices 2. Inventory authorized and unauthorized software 3. Secure configurations for hardware and software 4. Continuous vulnerability assessment and remediation 5. Controlled use of admin privileges 24
25 About MS-ISAC Membership Free and Voluntary No Mandated Information Sharing One Membership Document Required To join or get more information: 25
26 24 x 7 Security Operations Center Central location to report any cybersecurity incident Support: Network Monitoring Services Research and Analysis Analysis and Monitoring: Threats Vulnerabilities Attacks Reporting: Cyber Alerts & Advisories Web Defacements Account Compromises Hacktivist Notifications To report an incident or request assistance: Phone: soc@msisac.org 26
27 Computer Emergency Response Team Incident Response (includes on-site assistance) Network & Web Application Vulnerability Assessments Malware Analysis Computer & Network Forensics Log Analysis Statistical Data Analysis To report an incident or request assistance: Phone:
28 MS-ISAC Advisories 28
29 Monitoring of IP Range & Domain Space IP Monitoring IPs connecting to malicious C&Cs Compromised IPs Indicators of compromise from the MS-ISAC network monitoring (Albert) Notifications from Spamhaus Domain Monitoring Notifications on compromised user credentials, open source and third party information Vulnerability Management Program (VMP) Send domains, IP ranges, and contact info to: 29
30 Vulnerability Management Program What Data Are We Collecting? Server type and version (IIS, Apache, etc.) Web programming language and version (PHP, ASP, etc.) Content Management System and version (WordPress, Joomla, Drupal, etc.) notifications are sent with 2 attachments containing information on out-of-date and up-to-date systems: Out-of-Date systems should be patched/updated and could potentially have a vulnerability associated with it Up-to-Date systems have the most current patches 30
31 Time-to-Patch % of Patched Word Press Instances Following A New Version 78.65% 80.72% 81.63% 81.69% 81.98% 82.02% 54.60% 59.24% 61.40% 62.70% 64.72% 65.63% Week 1 Week 2 Week 3 Week 4 Week 5 Week
32 Malicious Code Analysis Platform A web based service that enables members to submit and analyze suspicious files in a controlled and non-public fashion Executables DLLs Documents Quarantine files Archives To gain an account contact: mcap@msisac.org 32
33 Monthly Newsletter Distributed in template form to allow for re-branding and redistribution by your agency 33
34 National Webcasts a collaborative effort between DHS and MS-ISAC to provide timely and relevant cybersecurity education and information Cybersecurity While Traveling (February 2017) Cybersecurity Year in Review and 2017 Preview (December 2016) National Cybersecurity Awareness Month Be a Part of Something Big (October 2016) State and Local Roundtable Effective Cyber Disruption Strategies (August 2016) Prioritize Your NIST CSF Implementation with the CIS Critical Security Controls (June 2016) 34
35 Weekly Malware IPs and Domains Automated Threat Indicator Sharing via Anomali To gain an Anomali account contact: 35
36 HSIN Community of Interest Access to: MS-ISAC Cyber Alert Map Archived webcasts & products Cyber table top exercises Guides and templates Message boards Secure Messaging 36
37 Additional Benefits Situational Awareness Resources Insider access to federal information Product and Training Discounts Cybersecurity Exercise Participation Workgroups Hot Topics Webcasts 37
38 Federal Resources Free to State and Locals Cyber Resiliency Review Stop.Think.Connect FedVTE and FedVTE Live! 38
39 MS-ISAC Members in the State of Florida Palm Beach State College Florida Gulf Coast University Tampa Bay Water City of Leesburg City of Jacksonville Beach Orange County Clerk of Courts Greater Orlando Aviation Authority Citrus County Clerk of Courts and Comptroller City of Winter Springs Police Department City of Tallahassee City of Palm Beach Gardens City of Punta Gorda City of Bradenton City of Sarasota Hillsborough County Clerk Lee County Clerk of Courts Leon County Supervisor of Elections City of Winter Park Collier County City of South Daytona City of Atlantic Beach Clay County Utility Authority Miami Dade International Airport Marion County Sheriff's Office City of Venice Marion County Sheriff's Office Florida Orlando Utilities Commission City of West Palm Beach Palm Beach County Tallahassee Community College Broward County Broward County Aviation Department City of Fernandina Beach St. Johns County Tax Collector Town of Palm Beach Collier County Sheriffs Department City of Ocoee City of North Port Miami Dade County City of St. Petersburg Alachua County City of Largo Martin County Clerk of Court and Comptroller City of North Port City of Miramar St. Lucie County Clerk of Circuit Court Clay County Supervisor of Elections Hillsborough County Aviation Authority Hillsborough County Marion County Supervisor of Elections City of Mount Dora Florida Atlantic University Sarasota County City of Orlando City of Pensacola Escambia County City of Miami Beach Sarasota County Sheriff's Office City of Cocoa Beach Manatee County Orange County Palm Beach County Clerk & Comptroller City of Cocoa Charlotte County St. Lucie County City of Tamarac Seacoast Utility Authority City of Sunny Isles Beach Florida Florida State University Clay County Clerk of Circuit Court Miami Dade College 11th Judicial Circuit of Florida City of Lauderhill Lake County Clerk of Courts City of Marco Island Florida International University Village of Palmetto Bay City of Tamarac Leon County Supervisor of Elections City of Sanford University of Central Florida City of Stuart Citrus County Sheriff's Office Osceola County Charlotte County Clerk of Court and County Comptroller Brevard County State of Florida City of Port St. Lucie City of Boynton Beach Marion County Supervisor of Elections Hardee County City of North Port City of North Lauderdale Florida Department of Law Enforcement Martin County City of Lakeland University of West Florida City of Cape Coral City of Fort Lauderdale Charlotte County Sheriff s Office Town of Jupiter City of Tampa Monroe County Sheriff's Office Lee County Port Authority Florida League of Cities University of South Florida Broward County Clerk of Courts Citrus County Supervisor of Elections City of Deltona 39
40 MS-ISAC 24x7 Security Operations Center Andrew Dolan, Director of Stakeholder Engagement Kateri Gill, Program Specialist
Center for Internet Security Confidence in the Connected World
Center for Internet Security Confidence in the Connected World Northeast Headquarters 31 Tech Valley Dr., East Greenbush, NY 12061 Mid-Atlantic Headquarters 1700 North Moore St., Suite 2100, Arlington,
More informationFlorida Courts E-Filing Authority Board. April Readiness Report
Florida Courts E-Filing Authority Board Monday, April 30, 2012 efiling Project Team eportal Usage Statistics January 1, 2011 March 31, 2012: Cases Filed = 116,535 7,769 per month Documents Filed = 136,371
More informationSTATE OF FLORIDA CONTRACT NUMBER: ORDERING INSTRUCTIONS
ORDERING INSTRUCTIONS COMPANY: TOSHIBA AMERICA BUSINESS SOLUTIONS, INC. FEDERAL IDENTIFICATION NUMBER: 33-0865305 CONTRACT Primary contact person responsible for answering questions regarding the contract
More informationCybersecurity Fundamentals Paul Jones CIO Clerk & Comptroller Palm Beach County CISSP, ITIL Expert, Security+, Project+
Cybersecurity Fundamentals Paul Jones CIO Clerk & Comptroller Palm Beach County CISSP, ITIL Expert, Security+, Project+ NOT SO LONG AGO 1981 IS IT FUNNY OR WHAT? THE BALANCING ACT Ease of Use Maintenance
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationServices Guide. 31 Tech Valley Drive East Greenbush, NY
Services Guide 31 Tech Valley Drive East Greenbush, NY 12061 info@msisac.org soc@msisac.org 518.266.3460 The Multi-State Information Sharing and Analysis Center (MS-ISAC) is a voluntary and collaborative
More informationDefending Our Digital Density.
New Jersey Cybersecurity & Communications Integration Cell Defending Our Digital Density. @NJCybersecurity www.cyber.nj.gov NJCCIC@cyber.nj.gov The New Jersey Cybersecurity & Communications Integration
More informationMonthly Cyber Threat Briefing
Monthly Cyber Threat Briefing January 2016 1 Presenters David Link, PM Risk and Vulnerability Assessments, NCATS Ed Cabrera: VP Cybersecurity Strategy, Trend Micro Jason Trost: VP Threat Research, ThreatStream
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationCYBERSECURITY IN THE POST ACUTE ARENA AGENDA
CYBERSECURITY IN THE POST ACUTE ARENA AGENDA 2 Introductions 3 Assessing Your Organization 4 Prioritizing Your Review 5 206 Benchmarks and Breaches 6 Compliance 0 & Cybersecurity 0 7 Common Threats & Vulnerabilities
More informationDHS Election Task Force Updates. Geoff Hale, Elections Task Force
1 DHS Election Task Force Updates Geoff Hale, Elections Task Force Geoffrey.Hale@hq.dhs.gov ETF Updates Where we ve made progress Services EI-ISAC/ National Cyber Situational Awareness Room What we ve
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More information2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report
Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report ii Nationwide Cyber Security Review: Summary Report Acknowledgments The Multi-State Information Sharing
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationYou ve Been Hacked Now What? Incident Response Tabletop Exercise
You ve Been Hacked Now What? Incident Response Tabletop Exercise Date or subtitle Jeff Olejnik, Director Cybersecurity Services 1 Agenda Incident Response Planning Mock Tabletop Exercise Exercise Tips
More informationRansomware A case study of the impact, recovery and remediation events
Ransomware A case study of the impact, recovery and remediation events Palindrome Technologies 100 Village Court Suite 102 Hazlet, NJ 07730 www.palindrometech.com Peter Thermos President & CTO Tel: (732)
More informationDHS Cybersecurity: Services for State and Local Officials. February 2017
DHS Cybersecurity: Services for State and Local Officials February 2017 Department of Established in March of 2003 and combined 22 different Federal departments and agencies into a unified, integrated
More informationCOUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017
COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Coordination Division Overview ND Safety Council Annual Conference
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationElection Infrastructure Security: The How and Why of It
Election Infrastructure Security: The How and Why of It Minnesota County Auditor Election Training Conference May 3, 2018 Contents Election Infrastructure Security Overview Cyber and Physical Security
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationCyber-Threats and Countermeasures in Financial Sector
Michael Mavroforakis, PhD Group CISO & CDO SEV: Workshop on Digital Enablers (Cloud & Cybersecurity) 27th March 2018 Agenda: CYBERSECURITY Potential Targets Attack Examples Insider vs Outsider Threats
More informationDisaster Economic Impact
Hurricanes Disaster Economic Impact Immediate Impact 6-12 Months Later Loss of Jobs Declining Home Sales Strong Job Growth Rising Home Sales Punta Gorda MSA Employment Thousands Seasonally Adjusted 50
More informationA HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP,
A HIPAA Compliance and Enforcement Update from the HHS Office for Civil Rights Session #24, 10:00 a.m. 11:00 a.m. March 6, 2018 Roger Severino, MSPP, JD Director, HHS Office for Civil Rights Nicholas Heesters,
More informationAssessing Your Incident Response Capabilities Do You Have What it Takes?
Assessing Your Incident Response Capabilities Do You Have What it Takes? March 31, 2017 Presenters Tim L. Bryan, CPA/CFF/CITP, CISA, EnCE Director, Advisory Services Forensic Technology & Investigation
More informationTestimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON
Testimony Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON Defending Our Democracy: Building Partnerships to Protect America
More informationComprehensive Case Information System (CCIS) August 22, 2017
Comprehensive Case Information System (CCIS) August 22, 2017 CCIS Background CCIS Comprehensive Case Information System Statewide Court Case Data and Records Florida Statute - 28.24(12)(e) Provides controlled
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationSecurity Breaches: How to Prepare and Respond
Security Breaches: How to Prepare and Respond BIOS SARAH A. SARGENT Sarah is a CIPP/US- and CIPP/E-certified attorney at Godfrey & Kahn S.C. in Milwaukee, Wisconsin. She specializes in cybersecurity and
More informationCybersecurity is a Team Sport
Cybersecurity is a Team Sport Cyber Security Summit at Loyola Marymount University - October 22 2016 Dr. Robert Pittman, CISM Chief Information Security Officer National Cyber Security Awareness Month
More informationEmerging Issues: Cybersecurity. Directors College 2015
Emerging Issues: Cybersecurity Directors College 2015 Agenda/Objectives Define Cybersecurity Cyber Fraud Trends/Incidents FFIEC Cybersecurity awareness initiatives Community Bank expectations FFIEC Cybersecurity
More informationRansomware A case study of the impact, recovery and remediation events
Ransomware A case study of the impact, recovery and remediation events Peter Thermos President & CTO Tel: (732) 688-0413 peter.thermos@palindrometech.com Palindrome Technologies 100 Village Court Suite
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationFLORIDA DEPARTMENT OF JUVENILE JUSTICE Slot Utilization/Residential Programs Report June 19, 2018
FLORIDA DEPARTMENT OF JUVENILE JUSTICE Slot Utilization/Residential Programs Report June 19, 2018 Circuit Circuit 1 Escambia Boys Base Non-Secure 28 27 1 0 3 6 100.00% 07/12/2018 Circuit 1 Okaloosa Youth
More informationFederal Civilian Executive branch State, Local, Tribal, Territorial government (SLTT) Private Sector (PS) Unclassified / Business Networks
Brownsville Public Utilities Board Cyber Security Initiative A result of the BPUB IT Strategic Plan implemented a Cyber Security Framework (CSF) that utilizes : Security standards Tools and Best practices
More informationEFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave
EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationPersonal Cybersecurity
Personal Cybersecurity The Basic Principles Jeremiah School, CEO How big is the issue? 9 8 7 6 5 4 3 2 1 Estimated global damages in 2018 0 2016 2018 2020 2022 2024 2026 2028 2030 Internet Users Billions
More informationHealthcare HIPAA and Cybersecurity Update
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Healthcare HIPAA and Cybersecurity Update Agenda > Introductions > Cybersecurity
More information(U) Cyber Threats to the Homeland
UNCLASSIFIED (U) Cyber Threats to the Homeland October 2016 The overall classification of this briefing is: (U) Warning: This product may contain US person information that has been deemed necessary for
More informationCybersecurity and Nonprofit
Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit
More informationCybersecurity Today Avoid Becoming a News Headline
Cybersecurity Today 2017 Avoid Becoming a News Headline Topics Making News Notable Incidents Current State of Affairs Common Points of Failure Three Quick Wins How to Prepare for and Respond to Cybersecurity
More information2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly
2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly please download the guide at https://otalliance.org/incident 2017 Cyber Incident & Breach Readiness Webinar Craig Spiezle Executive Director
More informationTackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud
Tackling Cybersecurity with Data Analytics Identifying and combatting cyber fraud San Antonio IIA iheartaudit Conference February 24, 2017 What We ll Cover + Current threat landscape + Common security
More informationCybersecurity 2016 Survey Summary Report of Survey Results
Introduction In 2016, the International City/County Management Association (ICMA), in partnership with the University of Maryland, Baltimore County (UMBC), conducted a survey to better understand local
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationIncident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles
Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationSoutheast Florida Regional Climate Change Compact Update. Broward Climate Change Task Force February 16, 2017
Southeast Florida Regional Climate Change Compact Update Broward Climate Change Task Force February 16, 2017 Overview Recent Activities RCAP Update Forthcoming Efforts Regional Resilience Projects Summit
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationRANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise
RANSOMWARE PROTECTION A Best Practices Approach to Securing Your Enterprise TABLE OF CONTENTS Introduction...3 What is Ransomware?...4 Employee Education...5 Vulnerability Patch Management...6 System Backups...7
More informationCybersecurity Roadmap: Onward and Upward
Cybersecurity Roadmap: Onward and Upward Joint Action Conference January 6-8, 2019 Key West, FL Carter Manucy Cyber Security Manager Florida Municipal Power Agency carter.manucy@fmpa.com 407-355-7767 Christopher
More informationID Theft and Data Breach Mitigation
ID Theft and Data Breach Mitigation Jeremy Gilbert, GCFE, GASF, EnCE, CPA 1 Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk 2 Consumer Identity
More informationStandard Categories for Incident Response (definitions) V2.1. Standard Categories for Incident Response Teams. Definitions V2.1.
Standard Categories for Incident Response Teams Definitions V2.1 February 2018 Standard Categories for Incident Response (definitions) V2.1 1 Introduction This document outlines categories that Incident
More informationThe GenCyber Program. By Chris Ralph
The GenCyber Program By Chris Ralph The Mission of GenCyber Provide a cybersecurity camp experience for students and teachers at the K-12 level. The primary goal of the program is to increase interest
More informationCyber Attack: Is Your Business at Risk?
15 July 2017 Cyber Attack: Is Your Business at Risk? Stanley Wong Regional Head of Financial Lines, Asia Pacific Agenda Some common misconceptions by SMEs around cyber protection Cyber Claims and Industry
More informationManaging Cybersecurity Risk
Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for
More informationCyber Insurance: What is your bank doing to manage risk? presented by
Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an
More informationPreempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017
Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool Cyber Security 3.0 Better Together August 18, 2017 Research Overview Problem Statement Research Goals & Methodology Defining Insider Cashout
More informationMission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS
Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS Stephanie Poe, DNP, RN-BC CNIO, The Johns Hopkins Hospital and Health System Discussion Topics The Age of Acceleration Cyber
More informationGetting over Ransomware - Plan your Strategy for more Advanced Threats
Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd. BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago
More informationInformation Governance, the Next Evolution of Privacy and Security
Information Governance, the Next Evolution of Privacy and Security Katherine Downing, MA, RHIA, CHPS, PMP Sr. Director AHIMA IG Advisors Follow me @HIPAAQueen 2017 2017 Objectives Part Part I IG Topic
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationCyber Incident Response: Step 1
Cyber Incident Response: Step 1 Mary McLaughlin Cybersecurity Analyst Florida Fusion Center - FDLE Product # 14-146 6 STAGES OF INCIDENT HANDLING Preparation Identification Containment Eradication Recovery
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Native American Risk Management Conference 20 July, 2018 Bridging the Gap: Delivering
More informationCalifornia Cybersecurity Integration Center (Cal-CSIC)
California Cybersecurity Integration Center (Cal-CSIC) Agenda Mission and Scope Whole of State Government Approach Where is the Cal-CSIC? Cal-CSIC Partners Attaining Cyber Maturity in Parallel Machine
More informationCybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls
Cybersecurity Hospitality Finance and Technology Professionals June 27, 2017 Presented by: Harvey Johnson, CPA Partner Overview Define Cyber Security Importance of Cyber Security 2017 Cyber Trends 1 About
More informationGetting Started with Cybersecurity
2 Incidents per week: Since 2016, U.S. K-12 school districts have experienced more than two cyber incidents per week on average. Fastest growing cyber incidents in K12 schools Most common cyber incidents
More informationData Breach Preparedness & Response
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationData Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationToo Little Too Late: Top Reasons Why You Got Hacked
TUESDAY MAY 23,2017 2:00-3:15 PM Too Little Too Late: Top Reasons Why You Got Hacked MODERATOR SPEAKERS John Gross Director of Financial Management, City of Long Beach, CA Chad Alvarado Supervisory Special
More informationIt Takes the Village to Secure the Village SM
It Takes the Village to Secure the Village SM Stan Stahl, Ph.D. President Information Systems Security Association Los Angeles Chapter September 30, 2013 2 Online Bank Fraud is Major Challenge. Victim
More informationSupplier Training Excellence Program
Supplier Training Excellence Program Cybersecurity Webinar February 9, 2017 Agenda Why must my company complete the Cyber Questionnaire(s)? What are the Cyber Questionnaire(s)? How do I get help? What
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationCurrent procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH
Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH International Workshop on Criminal Justice Statistics on Cybercrime and Electronic Evidence
More informationCybersecurity Session IIA Conference 2018
www.pwc.com/me Cybersecurity Session IIA Conference 2018 Wael Fattouh Partner PwC Cybersecurity and Technology Risk PwC 2 There are only two types of companies: Those that have been hacked, and those that
More informationJeff Marron, IT Specialist Security National Institute of Standards and Technology (NIST)
Moderated by Daniel Eliot, Director Small Business Programs NCSA Jeff Marron, IT Specialist Security National Institute of Standards and Technology (NIST) Tammy Smith, CISSP Cyber Security Advisor FedEx
More informationPhishing Activity Trends Report August, 2005
Phishing Activity Trends Report August, 25 Phishing is a form of online identity theft that employs both social engineering and technical subterfuge to steal consumers' personal identity data and financial
More informationISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015
ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO 27001 FRAMEWORK AUGUST 19, 2015 Agenda Coalfire Overview Threat Landscape What is ISO Why ISO ISO Cycle Q&A 2 Presenters
More informationCYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW
CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW May 2018 Ed Plawecki General Counsel & Director of Government Relations UHY LLP Jamie See Manager UHY LLP Iowa Public
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More information2014 TRANSIT CEOs SEMINAR. Cybersecurity What Every CEO Should Know to Help Secure the System
2014 TRANSIT CEOs SEMINAR Cybersecurity What Every CEO Should Know to Help Secure the System APTA Enterprise Cyber Security WG update Vulnerable Systems Cyber attacks may be targeted toward one or more
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationCybersecurity Conference Presentation North Bay Business Journal. September 27, 2016
Cybersecurity Conference Presentation North Bay Business Journal September 27, 2016 1 PRESENTER Francis Tam, CPA, CISM, CISA, CITP, CRISC, PCI QSA Partner Information Security and Infrastructure Practice
More informationGreg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security
1 Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security 2 Government Services 3 Business Education Social CYBERSPACE
More informationData Breach Trends: What Local Government Lawyers Need to Know
REUTERS / Firstname Lastname Data Breach Trends: What Local Government Lawyers Need to Know IMLA Annual Conference San Diego, California September 30, 2016 Presenters: Mel Gates, Senior Legal Editor, Privacy
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationInsider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm
Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More informationWelcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time
TM Plan. Protect. Respond. Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time Registration is open for the April webinar:
More informationHIPAA 2017 Compliancy Group, LLC
1 Meet Your Expert Charles Weiselberg Compliancy Group, LLC Director of Customer Service Chuck@compliancygroup.com ENDORSED PARTNER 2 Compliancy Group We simplify compliance so you can confidently focus
More informationDeMystifying Data Breaches and Information Security Compliance
May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts
More informationJeff Wilbur VP Marketing Iconix
2016 Data Protection & Breach Readiness Guide February 3, 2016 Craig Spiezle Executive Director & President Online Trust Alliance Jeff Wilbur VP Marketing Iconix 1 Who is OTA? Mission to enhance online
More information