Click to edit Master title style
|
|
- Hortense Palmer
- 5 years ago
- Views:
Transcription
1 Click to edit Master title style
2 Click The Big to edit Cyber Master Mystery: title What style Contracting Professionals Need to Know Breakout Third Session level # E-10 Eric Crusius, Esq. Counsel Miles & Stockbridge Date: July 28, 2015 Time: 2:30-3:34 1
3 Click The to edit Big Master Cyber Mystery title style Speaker Introduction Eric S. Crusius represents government contractors in bid protests and other litigation matters before the Court of Federal Claims, Government Accountability Office, boards of contract appeals and other Second federal agencies. level He counsels clients on a broad range of government contract issues, including the Service Contract Act (SCA) and Third other level labor issues, trade agreements, export controls, subcontracting Fourth and teaming level agreements, and compliance with the Federal Acquisition Regulation (FAR). Besides representing government contractors, Eric also represents corporations of all sizes in a variety of matters including intellectual property counseling and litigation (limited to trademark, copyright, and trade secret issues) and complex commercial litigation. Eric has lectured to industry groups, government agencies, and the American Bar Association. Eric has appeared on NPR, Fox News and Federal News Radio to comment on topics including labor issues, cybersecurity, sequestration, and strategies the Government employs when it buys products and services. 2
4 Click The to edit Big Master Cyber Mystery title style Agenda Threats: Click to Real edit Master and Constant text styles Another Top 10: The Top 10 Biggest Cybersecurity Myths Getting It» Out Fifth level of the Way: the OPM Breach New Regulations and Challenges: Practical Issues and Solutions Crystal Ball: What s Next? 3
5 Click to edit Master title style The Big Cyber Mystery Threats: Real and Constant Keith Alexander: the loss of industrial information Second level and intellectual property through Third cyber level espionage the greatest transfer of wealth in history. Tony Scott (federal gov t CIO): protections instituted by contractors were inconsistent and federal agencies failed to have proper contractual language, policy direction, or awareness as to how they should respond to breaches. 4
6 Click to edit Master title style The Big Cyber Mystery Threats: Real and Constant 67K cyber incidents on systems supporting federal Second government level in 2014 Of 24 Third agencies level reviewed by GAO, 23 were not cyber Fourth ready level VA failed its cybersecurity audit for the 16 th straight year (1.2m malware attempts in April) GAO: Healthcare.gov lacks proper cyber protections HBGary provides a cautionary tale (you will be hacked) 5
7 Click to edit Master title style The Big Cyber Mystery Threats: Real and Constant Source: Ponemon Institute 2015 Study 6
8 Click to edit Master title style The Big Cyber Mystery Threats: Real and Constant Source: Ponemon Institute 2015 Study 7
9 Click to edit Master title style The Big Cyber Mystery Threats: Real and Constant Where are companies spending money to respond Second to the level threat? 8
10 Click to edit Master title style The Big Cyber Mystery Threats: Real and Constant Phishing is on the rise: 23% of recipients open Second phishing level s and 11% open the attachments. Recent successful phishing episodes include a breach at the White House and a breach at the South Carolina state government. Phishing versus spear phishing 9
11 Click to edit Master title style The Big Cyber Mystery Threats: Real and Constant 10
12 Click to edit Master title style The Big Cyber Mystery Threats: Real and Constant 11
13 Click to edit Master title style The Big Cyber Mystery Threats: Real and Constant Cyberattacks have increase 48% globally over the Second past year level 99.9% Third of attacks level come more than a year after vulnerabilities Fourth are level known (Common Vulnerabilities» Fifth and level Exposures) Nation-states most frequently target oil and gas (11%), aerospace and defense (9%), technology (9%), and telecommunications (8%). There was a 64% jump in incidents from competitors and a rise from current and former employees. 12
14 Click to edit Master title style The Big Cyber Mystery Top 10 Cybersecurity Myths 13
15 Click to edit Master title style The Big Cyber Mystery Top 10 Cybersecurity Myths Myth #10: Congress has to act before there are new cybersecurity regulations or contract requirements Truth: the» Federal Fifth level Information Security Management Act gives the executive branch all the justification it needs for cyber regs and requirements in the government contracting 14
16 Click to edit Master title style The Big Cyber Mystery Top 10 Cybersecurity Myths Myth #9: We know about all breaches that occur in real time Truth: Information about breaches may be withheld or even go undetected for a time or for eternity 15
17 Click to edit Master title style The Big Cyber Mystery Top 10 Cybersecurity Myths Source: 2015 Verizon Data Breach Report 16
18 Click to edit Master title style The Big Cyber Mystery Top 10 Cybersecurity Myths Myth #8: Contractors cannot be suspended or debarred for inadequate cybersecurity controls Truth: Inadequate cybersecurity controls can be a basis for lacking present responsibility. See FAR Part 9. 17
19 Click to edit Master title style The Big Cyber Mystery Top 10 Cybersecurity Myths Myth #7: There are no regulations requiring contractors to have cybersecurity controls Truth: As» we Fifth will level cover later, there are regulations and more on the way 18
20 Click to edit Master title style The Big Cyber Mystery Top 10 Cybersecurity Myths Myth #6: The bad guys are never caught Truth: The federal government has become more active in prosecuting bad cyber actors phishing scheme mastermind sentenced to three years 19
21 Click to edit Master title style The Big Cyber Mystery Top 10 Cybersecurity Myths Myth #5: My company is too small to matter Truth: Hackers usually try to infiltrate smaller businesses because they are seen as weaker links. 20
22 Click to edit Master title style The Big Cyber Mystery Top 10 Cybersecurity Myths 21
23 Click to edit Master title style The Big Cyber Mystery Top 10 Cybersecurity Myths 22
24 Click to edit Master title style The Big Cyber Mystery Top 10 Cybersecurity Myths Myth #4: Cybersecurity legislation is imminent. Truth: Cybersecurity legislation has been imminent for at least ten years 23
25 Click to edit Master title style The Big Cyber Mystery Top 10 Cybersecurity Myths Myth #3: There will be no government-wide cybersecurity certification. Truth: We» Fifth may level see a similar Fed Ramp-like certification. 24
26 Click to edit Master title style The Big Cyber Mystery Top 10 Cybersecurity Myths Myth #2: My employees are sufficiently educated about cybersecurity. Truth: Past» Fifth history level dictates that employees need constant reminders about cyber-risks.. 25
27 Click to edit Master title style The Big Cyber Mystery Top 10 Cybersecurity Myths Myth #1: Cybersecurity is just a fad. Truth: Cybersecurity is the new normal. 26
28 Click The to edit Big Master Cyber Mystery title style The OPM Breach The OPM Breach 27
29 Click The to edit Big Master Cyber Mystery title style The OPM Breach The OPM Breach Who is impacted? Third level 22.1 million people including government employees and contractor employees and their families. Included was James Comey FBI Director. What was stolen? Highly sensitive information including social security numbers, health records, criminal records and 1.1 million fingerprints. What are the consequences? Individuals information can be sold and there is a fear that the information can be used to out spies. Army blocked OPM 28
30 Click The to edit Big Master Cyber Mystery title style New Regulations The dizzying array of regulations Click to edit Master text styles Commerce DHS Second level Education Energy GSA HHS HUD NASA State Transportation VA and of course DoD 29
31 Click The to edit Big Master Cyber Mystery title style New Regulations DFARS and clause : Highlights: Applies to Unclassified Controlled Technical Information; Must be inserted into every DoD contract: no exemption for small businesses and commercial buys; Establishes minimum security controls for safeguarding Unclassified Controlled Technical Information; and Requires disclosure to DoD within 72 hours of breach no safe harbor. 30
32 Click The to edit Big Master Cyber Mystery title style New Regulations What is Unclassified Controlled Technical Information? Controlled Third Technical level Information is: Controlled technical information means technical information with military or space application that is subject to controls on the access, use,» Fifth reproduction, level modification, performance, display, release, disclosure, or dissemination. Controlled technical information is to be marked with one of the distribution statements B- through-f, in accordance with DoD Instruction , Distribution Statements on Technical Documents. The term does not include information that is lawfully publicly available without restrictions. Let s go down the wormhole... 31
33 Click The to edit Big Master Cyber Mystery title style New Regulations What is DoD Instruction ? Gives Click instruction to edit on how Master classified text and unclassified styles technical information is marked and disseminated. Term documents is encompassing. What are the Third instructions? level B: Distribution Fourth authorized level to U.S. Government agencies only (fill in reason[/date])... Reasons include export controlled & critical technology. C: Distribution authorized to U.S. Government agencies and their contractors (fill in reason[/date])... Can include classified or unclassified tech docs. D: Distribution authorized to the Department of Defense and U.S. DoD contractors only (fill in reason[/date])... Can include classified or unclassified tech docs. E: Distribution authorized to DoD Components only (fill in reason[/date])... F: Further dissemination only as directed by [insert DoD 32 office and date] or higher DoD authority.
34 Click The to edit Big Master Cyber Mystery title style New Regulations 33
35 Click The to edit Big Master Cyber Mystery title style New Regulations What is technical information? Technical information means technical data or computer Third software, level as those terms are defined in the clause at Fourth DFARS level , Rights in Technical Data-Non Commercial Items, regardless of whether or not the clause is incorporated in this solicitation or contract. Examples of technical information include research and engineering data, engineering drawings, and associated lists, specifications, standards, process sheets, manuals, technical reports, technical orders, catalog-item identifications, data sets, studies and analyses and related information, and computer 34 software executable code and source code.
36 Click The to edit Big Master Cyber Mystery title style New Regulations Requirement #1: Safeguarding of Unclassified Controlled Click to Technical edit Master Information: text styles Utilizes NIST for minimum security controls Third and points level out more than 50 separate requirements Fourth in the level following areas: Access control,» Fifth awareness level and training, Audit & Accountability, Configuration Management, Contingency Planning, Identification and Authorization, Incident Response, Maintenance, Media Protection, Physical and Environmental Protection, Program Management, Risk Assessment, System & Comm Protection, System & Information Integrity. 35
37 Click The to edit Big Master Cyber Mystery title style New Regulations Requirement #1: Safeguarding of Unclassified Controlled Click to Technical edit Master Information: text styles Utilizes NIST for minimum security controls Third and points level out more than 50 separate requirements Fourth in the level following areas: Access control,» Fifth awareness level and training, Audit & Accountability, Configuration Management, Contingency Planning, Identification and Authorization, Incident Response, Maintenance, Media Protection, Physical and Environmental Protection, Program Management, Risk Assessment, System & Comm Protection, System & Information Integrity. 36
38 Click The to edit Big Master Cyber Mystery title style New Regulations 37
39 Click The to edit Big Master Cyber Mystery title style New Regulations Some of the 50+ Requirements: AT-2: Contractor must provide security awareness training. CM-7: Configuration of the system provides only essential Second capabilities. level IA-5(1): Requirement regarding passwords encryption, type, etc. IR-2: The organization provides incident response training. PE-2: Maintains list of individuals with physical access to facility where information systems resides. PE-3: Maintains physical access logs, escorts visitors and monitors visitor activity. RA-5: Scans for vulnerabilities. SC-4: Prevents unauthorized transfer of information using shared system resources. SC-28 (and others): Requires encryption of information. SI-4: Monitor system to detect attacks and potential attacks. 38
40 Click The to edit Big Master Cyber Mystery title style New Regulations If the NIST security controls are not used, contractor must provide a written explanation how it is not applicable or an alternate control achieves equivalent Second protection. level Must report Third cyber level incidents to within 72 hours Fourth and level include 13 pieces of information in» Fifth any level report including: DoD programs, platforms or systems involved; Location and type of compromise; Description of technical information compromised. Cyber incidents include unauthorized access or loss of information. Contractor must support DoD investigative efforts and keep information for 90 days (affected information systems). 39
41 Click The to edit Big Master Cyber Mystery title style New Regulations Important notes from the comments: 40
42 Click The to edit Big Master Cyber Mystery title style New Regulations NIST Click Releases to edit the Master Framework text (3 parts): styles The Framework Core is designed to help organizations identify, at a 30,000 foot level, the management Fourth of cybersecurity level risk. It does so by identifying five» Fifth concurrent level and continuous Functions Identify, Protect, Detect, Respond, Recover. The Framework Core next pinpoints Categories and Subcategories for of the identified Functions and matches them with existing standards. 41
43 Click The to edit Big Master Cyber Mystery title style New Regulations NIST Click Releases to edit the Master Framework text (3 parts): styles Framework Implementation Tiers, is essentially an exercise Third that allows level an organization to characterize its cybersecurity Fourth risk level management practices. There are four» Tiers: Fifth level Partial, Risk Informed, Repeatable, and Adaptive. Organizations that find themselves in the Partial tier generally do not have formalized or written cybersecurity policies and have little understanding of the cybersecurity risks facing them. On the other hand, organizations in the Adaptive tier have robust and organization-wide risk management practices. 42
44 Click The to edit Big Master Cyber Mystery title style New Regulations NIST Click Releases to edit the Master Framework text (3 parts): styles Framework Profile allows an organization to align the Functions, Categories, and Subcategories with the business Fourth requirements, level risk tolerance, and resources of the» Fifth organization. level Organizations can create profiles, using the Framework Profile as a guide, to characterize one component of their business or their entire business and consider the current state of their cybersecurity readiness versus a target or aspirational state. 43
45 Click The to edit Big Master Cyber Mystery title style New Regulations FITARA The Federal IT Acquisition Reform Act Requires CIOs to be involved in IT acquisition, budgeting, Third and level hiring Final regulations issued June 10 Self assessment and implementation plan due August 15 Baseline requirements must be met by December 31 44
46 Click The to edit Big Master Cyber Mystery title style New Regulations 45
47 Click The to edit Big Master Cyber Mystery title style New Regulations FITARA The Federal IT Acquisition Reform Act How is cybersecurity impacted? Federal CIO Tony Scott said: Third While level there's nothing specific in FITARA about cybersecurity, this is going to be one of the great benefits of FITARA: a greatly improved cybersecurity posture [t]he very first thing in cybersecurity is understanding what's of value and being very clear about that Once you understand what's of value and you figure out a management strategy of how to protect it, that's the beginning step in having an effective cyber strategy. Source: Federal Times 46
48 Click The to edit Big Master Cyber Mystery title style New Regulations DOJ Creates Best Practices Outlines steps to be taken pre-attack and postattack. Includes a checklist. May be used as basis for liability. 47
49 Click The to edit Big Master Cyber Mystery title style New Regulations DOD and GSA Release Joint Guidance Institute cybersecurity requirements as condition of contract Third award level Conduct cybersecurity training Develop common cybersecurity definitions Institute a cyber risk management strategy Require purchases from OEM, authorized resellers or trusted sources Increase government accountability 48
50 Click The to edit Big Master Cyber Mystery title style Crystal Ball Crystal Ball-What s Next??? Contractors will have to pay close attention to cybersecurity compliance (see USIS) Agencies will come under closer scrutiny Legislation is rushing to the forefront and more regulations are coming. 49
51 Click Contact to edit Information Master title style Eric Crusius Miles & Stockbridge Second level 50
Safeguarding of Unclassified Controlled Technical Information. SAFEGUARDING OF UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION (NOV 2013)
Page 1 of 7 Section O Attach 2: SAFEGUARDING OF UNCLASSIFIED CONTROLLED TECHNICAL INFORMATION (NOV 2013) 252.204-7012 Safeguarding of Unclassified Controlled Technical Information. As prescribed in 204.7303,
More informationGet Compliant with the New DFARS Cybersecurity Requirements
Get Compliant with the New DFARS 252.204-7012 Cybersecurity Requirements Reginald M. Jones ( Reggie ) Chair, Federal Government Contracts Practice Group rjones@foxrothschild.com; 202-461-3111 August 30,
More informationSAC PA Security Frameworks - FISMA and NIST
SAC PA Security Frameworks - FISMA and NIST 800-171 June 23, 2017 SECURITY FRAMEWORKS Chris Seiders, CISSP Scott Weinman, CISSP, CISA Agenda Compliance standards FISMA NIST SP 800-171 Importance of Compliance
More informationDFARS Safeguarding Covered Defense Information The Interim Rule: Cause for Confusion and Request for Questions
DFARS 252.204.7012 Safeguarding Covered Defense Information The Interim Rule: Cause for Confusion and Request for Questions By Jonathan Hard, CEO And Carol Claflin, Director of Business Development H2L
More informationAnother Cook in the Kitchen: The New FAR Rule on Cybersecurity
Another Cook in the Kitchen: The New FAR Rule on Cybersecurity Breakout Session #: F13 Erin B. Sheppard, Partner, Dentons US LLP Michael J. McGuinn, Counsel, Dentons US LLP Date: Tuesday, July 26 Time:
More informationNIST Special Publication
NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Ryan Bonner Brightline WHAT IS INFORMATION SECURITY? Personnel Security
More informationPilieroMazza Webinar Preparing for NIST SP December 14, 2017
PilieroMazza Webinar Preparing for NIST SP 800-171 December 14, 2017 Presented by Jon Williams, Partner jwilliams@pilieromazza.com (202) 857-1000 Kimi Murakami, Counsel kmurakami@pilieromazza.com (202)
More informationROADMAP TO DFARS COMPLIANCE
ROADMAP TO DFARS COMPLIANCE ARE YOU READY FOR THE 12/31/17 DEADLINE? In our ebook, we have answered the most common questions we receive from companies preparing for DFARS compliance. Don t risk terminated
More informationPreparing for NIST SP January 23, 2018 For the American Council of Engineering Companies
Preparing for NIST SP 800-171 January 23, 2018 For the American Council of Engineering Companies Presented by Jon Williams, Partner jwilliams@pilieromazza.com (202) 857-1000 Kimi Murakami, Counsel kmurakami@pilieromazza.com
More informationDepartment of Defense Cybersecurity Requirements: What Businesses Need to Know?
Department of Defense Cybersecurity Requirements: What Businesses Need to Know? Why is Cybersecurity important to the Department of Defense? Today, more than ever, the Department of Defense (DoD) relies
More informationINTRODUCTION TO DFARS
INTRODUCTION TO DFARS 800-171 CTI VS. CUI VS. CDI OVERVIEW COPYRIGHT 2017 FLANK. ALL RIGHTS RESERVED. INTRODUCTION TO DFARS 800-171 CTI VS. CUI VS. CDI OVERVIEW Defense contractors having to comply with
More informationSafeguarding Controlled Unclassified Information and Cyber Incident Reporting. Kevin R. Gamache, Ph.D., ISP Facility Security Officer
Safeguarding Controlled Unclassified Information and Cyber Incident Reporting Kevin R. Gamache, Ph.D., ISP Facility Security Officer Why Are We Seeing These Rules? Stolen data provides potential adversaries
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationClick to edit Master title style
Click to edit Master title style Fourth level Click The to DFARS edit Master UCTI title Clause style How It Impacts the Subcontract Relationship Breakout Third Session level #F11 Fourth level Phillip R.
More informationDFARS Defense Industrial Base Compliance Information
DFARS 252.204-7012 Defense Industrial Base Compliance Information Protecting Controlled Unclassified Information (CUI) Executive Order 13556 "Controlled Unclassified Information, November 2010 Established
More informationDOD s New Cyber Requirements: Impacts on DOD Contractors and Subcontractors
McKenna Government Contracts, continuing excellence at Dentons DOD s New Cyber Requirements: Impacts on DOD Contractors and Subcontractors Phil Seckman Mike McGuinn Quincy Stott Dentons US LLP Date: January
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationNW NATURAL CYBER SECURITY 2016.JUNE.16
NW NATURAL CYBER SECURITY 2016.JUNE.16 ADOPTED CYBER SECURITY FRAMEWORKS CYBER SECURITY TESTING SCADA TRANSPORT SECURITY AID AGREEMENTS CONCLUSION QUESTIONS ADOPTED CYBER SECURITY FRAMEWORKS THE FOLLOWING
More informationSupplier Training Excellence Program
Supplier Training Excellence Program Cybersecurity Webinar February 9, 2017 Agenda Why must my company complete the Cyber Questionnaire(s)? What are the Cyber Questionnaire(s)? How do I get help? What
More informationThe FAR Basic Safeguarding Rule
The FAR Basic Safeguarding Rule Erin B. Sheppard, Partner Michael J. McGuinn, Counsel December 8, 2016 Agenda Regulatory landscape FAR Rule History Requirements Harmonization Subcontract issues What s
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationDeMystifying Data Breaches and Information Security Compliance
May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts
More informationProtecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations (NIST SP Revision 1)
https://www.csiac.org/ Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations (NIST SP800-171 Revision 1) Today s Presenter: Wade Kastorff SRC, Commercial Cyber Security
More informationCybersecurity 2016 Survey Summary Report of Survey Results
Introduction In 2016, the International City/County Management Association (ICMA), in partnership with the University of Maryland, Baltimore County (UMBC), conducted a survey to better understand local
More informationCybersecurity Challenges
Cybersecurity Challenges Protecting DoD s Information NAVSEA Small Business Industry Day August 8, 2017 1 Outline Protecting DoD s Information DFARS Clause 252.204-7012 Contractor and Subcontractor Requirements
More informationCOUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017
COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime
More informationBreaches and Remediation
Breaches and Remediation Ramona Oliver US Department of Labor Personally Identifiable Information Personally Identifiable Information (PII): Any information about an individual maintained by an agency,
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationTinker & The Primes 2017 Innovating Together
Tinker & The Primes 2017 Innovating Together Protecting Controlled Unclassified Information Systems and Organizations Larry Findeiss Bid Assistance Coordinator Oklahoma s Procurement Technical Assistance
More informationCyber Security Challenges
Cyber Security Challenges Navigating Information System Security Protections Vicki Michetti, DoD CIO, Director, DIB Cybersecurity Program Mary Thomas, OUSD(AT&L), Defense Procurement and Acquisition Policy
More informationDFARS Cyber Rule Considerations For Contractors In 2018
Portfolio Media. Inc. 111 West 19 th Street, 5th Floor New York, NY 10011 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com DFARS Cyber Rule Considerations For Contractors
More informationBrian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center
Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center What to expect from today: The ugly truth about planning Why you need a plan that works Where
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationSafeguarding unclassified controlled technical information (UCTI)
Safeguarding unclassified controlled technical information (UCTI) An overview Government Contract Services Bulletin Safeguarding UCTI An overview On November 18, 2013, the Department of Defense (DoD) issued
More informationProtecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations
Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations January 9 th, 2018 SPEAKER Chris Seiders, CISSP Security Analyst Computing Services and Systems Development
More informationManaging Cybersecurity Risk
Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for
More informationData Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001)
Data Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001) Speakers: James T. McIntyre Partner McIntyre & Lemon, PLLC Janice Ochenkowski International Director
More informationexisting customer base (commercial and guidance and directives and all Federal regulations as federal)
ATTACHMENT 7 BSS RISK MANAGEMENT FRAMEWORK PLAN [L.30.2.7, M.2.2.(7), G.5.6; F.2.1(41) THROUGH (76)] A7.1 BSS SECURITY REQUIREMENTS Our Business Support Systems (BSS) Risk MetTel ensures the security of
More informationcybersecurity challenges for government contractors
24 Contract Management May 2012 Contract Management May 2012 25 C ybersecurity is a hot topic these days for U.S. government contractors. While overall federal IT spending for 2013 is projected to decrease
More informationCYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services
0 CYBER SECURITY WORKSHOP NOVEMBER 2, 2016 Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services VIDEO: CAN IT HAPPEN TO ME? 1 2 AGENDA CYBERSECURITY WHY SUCH A BIG DEAL? INFORMATION
More informationCybersecurity in Acquisition
Kristen J. Baldwin Acting Deputy Assistant Secretary of Defense for Systems Engineering (DASD(SE)) Federal Cybersecurity Summit September 15, 2016 Sep 15, 2016 Page-1 Acquisition program activities must
More informationChoosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist
Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist Agenda Industry Background Cybersecurity Assessment Tools Cybersecurity Best Practices 2 Cybersecurity
More informationStrengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure Executive Order 13800 Update July 2017 In Brief On May 11, 2017, President Trump issued Executive Order 13800, Strengthening
More informationNew Process and Regulations for Controlled Unclassified Information
New Process and Regulations for Controlled Unclassified Information David Brady TJ Beckett Office of Export and Secure Research Compliance http://www.oesrc.researchcompliance.vt.edu/ Agenda Background
More informationU.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk
U.S. FLEET CYBER COMMAND U.S. TENTH FLEET Managing Cybersecurity Risk Neal Miller, Navy Authorizing Official December 13, 2016 UNCLASSIFIED 1 Some Inconvenient Truths The bad guys and gals still only work
More informationDFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com
DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance
More informationINFORMATION ASSURANCE DIRECTORATE
National Security Agency/Central Security Service INFORMATION ASSURANCE DIRECTORATE CGS Risk Monitoring Risk Monitoring assesses the effectiveness of the risk decisions that are made by the Enterprise.
More informationBuilding Secure Systems
Building Secure Systems Antony Selim, CISSP, P.E. Cyber Security and Enterprise Security Architecture 13 November 2015 Copyright 2015 Raytheon Company. All rights reserved. Customer Success Is Our Mission
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationISOO CUI Overview for ACSAC
ISOO CUI Overview for ACSAC Briefing Outline ISOO Overview Overview of the CUI Program CUI and IT Implementation CUI and NIST Standards and Guidelines NIST SP 800-171 CUI Approach for the Contractor Environment
More informationManaging the Cybersecurity Threat
Managing the Cybersecurity Threat State of the Art Trade Secrets Protection Strategies Washington, DC Nov. 15, 2011 David Z. Bodenheimer Partner Crowell & Moring LLP 2011 Crowell & Moring LLP Cyber Spies
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationCyber Attacks & Breaches It s not if, it s When
` Cyber Attacks & Breaches It s not if, it s When IMRI Team Aliso Viejo, CA Trusted Leader with Solution Oriented Results Since 1992 Data Center/Cloud Computing/Consolidation/Operations 15 facilities,
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationCybersecurity for Government Contractors: Preparing for Cyber Incidents in 2017
Cybersecurity for Government Contractors: Preparing for Cyber Incidents in 2017 March 23, 2017 By Keir Bancroft By Louverture Jones Partner Senior Manager, Deloitte Advisory Venable LLP Deloitte & Touche
More informationRethinking Information Security Risk Management CRM002
Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design
More informationCybersecurity and Nonprofit
Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationCybersecurity Risk Management
Cybersecurity Risk Management NIST Guidance DFARS Requirements MEP Assistance David Stieren Division Chief, Programs and Partnerships National Institute of Standards and Technology (NIST) Manufacturing
More informationNo More Excuses: Feds Need to Lead with Strong Authentication!
No More Excuses: Feds Need to Lead with Strong Authentication! Dr. Sarbari Gupta sarbari@electrosoft-inc.com Annual NCAC Conference on Cybersecurity March 16, 2016 Electrosoft Services, Inc. 1893 Metro
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationSafeguarding Unclassified Controlled Technical Information
Safeguarding Unclassified Controlled Technical Information (DFARS Case 2011-D039): The Challenges of New DFARS Requirements and Recommendations for Compliance Version 1 Authors: Justin Gercken, TSCP E.K.
More informationHealthcare HIPAA and Cybersecurity Update
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Healthcare HIPAA and Cybersecurity Update Agenda > Introductions > Cybersecurity
More informationData Breach Preparation and Response. April 21, 2017
Data Breach Preparation and Response April 21, 2017 King & Spalding Data, Privacy & Security King & Spalding s 60 plus lawyer Data, Privacy & Security ( DPS ) Practice is best known for: Experienced crisis
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework
More informationStrategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare
Strategy is Key: How to Successfully Defend and Protect Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare 1 Speaker Introduction Karl West Chief Information Security Officer Intermountain
More informationMYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414
MYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414 The Cybersecurity Act of 2012, S. 3414, has not been the subject of a legislative hearing and has skipped regular order. HSGAC has not marked
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationCYBERSECURITY IN THE POST ACUTE ARENA AGENDA
CYBERSECURITY IN THE POST ACUTE ARENA AGENDA 2 Introductions 3 Assessing Your Organization 4 Prioritizing Your Review 5 206 Benchmarks and Breaches 6 Compliance 0 & Cybersecurity 0 7 Common Threats & Vulnerabilities
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationACHIEVING COMPLIANCE WITH NIST SP REV. 4:
ACHIEVING COMPLIANCE WITH NIST SP 800-53 REV. 4: How Thycotic Helps Implement Access Controls OVERVIEW NIST Special Publication 800-53, Revision 4 (SP 800-53, Rev. 4) reflects the U.S. federal government
More informationDEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY. Cyber Security. Safeguarding Covered Defense Information.
DEFENSE LOGISTICS AGENCY AMERICA S COMBAT LOGISTICS SUPPORT AGENCY Cyber Security Safeguarding Covered Defense Information 30-31 August 2016 WARFIGHTER FIRST PEOPLE & CULTURE STRATEGIC ENGAGEMENT FINANCIAL
More informationThe State of Privacy in Washington State. August 16, 2016 Alex Alben Chief Privacy Officer Washington
The State of Privacy in Washington State August 16, 2016 Alex Alben Chief Privacy Officer Washington I. The Global Privacy Environment Snowden Revelations of NSA surveillance International relations EU
More informationPreventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence
Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence Presented by Keith Barger and Audra A. Dial March 19, 2014 2014 Kilpatrick Townsend & Stockton LLP Protection of
More informationIMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION
IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION Briefing for OFPP Working Group 19 Feb 2015 Emile Monette GSA Office of Governmentwide Policy emile.monette@gsa.gov Cybersecurity Threats are
More informationTIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE
TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,
More informationFISMA Cybersecurity Performance Metrics and Scoring
DOT Cybersecurity Summit FISMA Cybersecurity Performance Metrics and Scoring Office of the Federal Chief Information Officer, OMB OMB Cyber and National Security Unit, OMBCyber@omb.eop.gov 2. Cybersecurity
More information2017 SAME Small Business Conference
2017 SAME Small Business Conference Welcome to Cybersecurity Initiatives and Speakers: Requirements: Protecting DOD s Unclassified Information Vicki Michetti, Director, Defense Industrial Base Cybersecurity
More informationKeep the Door Open for Users and Closed to Hackers
Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According
More informationRegulation P & GLBA Training
Regulation P & GLBA Training Overview Regulation P governs the treatment of nonpublic personal information about consumers by the financial institution. (Gramm-Leach-Bliley Act of 1999) The GLBA is composed
More informationInformation Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC
Information Technology Security Plan Policies, Controls, and Procedures Protect: Identity Management and Access Control PR.AC Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/protect/ndcbf_
More informationFederal Initiatives to Protect Controlled Unclassified Information in Nonfederal Information Systems Against Cyber Threats
May 20, 2015 Georgetown University Law Center Federal Initiatives to Protect Controlled Unclassified Information in Nonfederal Information Systems Against Cyber Threats Robert S. Metzger Rogers Joseph
More informationOutline. Why protect CUI? Current Practices. Information Security Reform. Implementation. Understanding the CUI Program. Impacts to National Security
Outline Why protect CUI? Impacts to National Security Current Practices CUI Program & Existing Agency Practices Information Security Reform CUI Registry 32CFR2002 NIST SP 800-171 (Rev 1) Federal Acquisition
More informationHacking and Cyber Espionage
Hacking and Cyber Espionage September 19, 2013 Prophylactic and Post-Breach Concerns for In-House Counsel Raymond O. Aghaian, McKenna Long & Aldridge LLP Elizabeth (Beth) Ferrell, McKenna Long & Aldridge
More information2017 RIMS CYBER SURVEY
2017 RIMS CYBER SURVEY This report marks the third year that RIMS has surveyed its membership about cyber risks and transfer practices. This is, of course, a topic that only continues to captivate the
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationThe Cyber War on Small Business
The Cyber War on Small Business Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Meet Our Speaker Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Previously worked as Cyber
More informationCyber Security Challenges
Cyber Security Challenges Protecting DoD s Information Melinda Reed, OUSD(AT&L), Systems Engineering Mary Thomas, OUSD(AT&L), Defense Procurement and Acquisition Policy 1 Outline Cybersecurity Landscape
More informationA Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016
A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016 Panelists Beverly J. Jones, Esq. Senior Vice President and Chief Legal Officer ASPCA Christin S. McMeley, CIPP-US
More information2018 SRAI Annual Meeting October Dana Rewoldt, CRA, Associate Director of OIPTT, Iowa State University, Ames, IA, USA
2018 SRAI Annual Meeting October 27-31 Dana Rewoldt, CRA, Associate Director of OIPTT, Iowa State University, Ames, IA, USA Controlled Unclassified Information Regulations: Practical Processes and Negotiations
More informationThe NIST Cybersecurity Framework
The NIST Cybersecurity Framework U.S. German Standards Panel 2018 April 10, 2018 Adam.Sedgewick@nist.gov National Institute of Standards and Technology About NIST Agency of U.S. Department of Commerce
More informationLegal Considerations and Case Studies
Cybersecurity for Small & Mid-Size Businesses Phil Schenkenberg, J.D., CIPP/US Cyrus Malek, J.D., Certification in Cybersecurity and Privacy Law Legal Considerations and Case Studies Copyright, Briggs
More informationNIST RISK ASSESSMENT TEMPLATE
page 1 / 5 page 2 / 5 nist 800 30 risk pdf The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying
More informationCyber (In)Security. What Business Leaders Need To Know. Roy Luebke Innovation and Growth Consultant. Presented by:
For audio difficulties please use conference number: 515-739-1030 Access: 385039# Cyber (In)Security What Business Leaders Need To Know Presented by: Roy Luebke Innovation and Growth Consultant July 12,
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationCYBER SECURITY BRIEF. Presented By: Curt Parkinson DCMA
CYBER SECURITY BRIEF Presented By: Curt Parkinson DCMA September 20, 2017 Agenda 2 DFARS 239.71 Updates Cybersecurity Contracting DFARS Clause 252.204-7001 DFARS Clause 252.239-7012 DFARS Clause 252.239-7010
More information