Sirius Security Overview

Size: px
Start display at page:

Download "Sirius Security Overview"

Transcription

1 Sirius Security Overview Rob Hoisington IT Security Consultant 8/18/2017 1

2 Rob Hoisington IT Security Consultant - CISSP, GLEG, GCIH Rob Hoisington is a Security Architect and member of the IT Consultant team for Sirius Computer Solutions. Robert holds a Masters of Science degree in Information Technology from University of Maryland University College and he is an alumnus of the U.S. Military Academy at West Point where he received a Bachelors of Science in Computer Science. Rob has been with Sirius Computer Solutions for 5 years. During this time he has worked with clients in a wide variety of industries including banking, insurance, education, healthcare, manufacturing, distribution, and utilities - addressing a wide variety of security, regulatory, and disaster mitigation challenges. Prior to joining Sirius, Rob worked for the U.S. Army as a Signal Corps Officer where he was responsible for technical teams as well as security, networks, and systems both in the U.S. and deployed overseas. Rob is married, has 3 kids, and lives in Spring Hill, Tennessee. 8/18/2017 2

3 8/18/2017 3

4 Agenda Introductions Sirius Consulting Approach and Portfolio (high level) Sirius Security Capabilities Security Consulting Services Security Solutions Client Security Roadmap and Initiatives Next Steps 8/18/2017 4

5 Sirius Consulting Approach and Portfolio

6 Consulting Services Portfolio Enterprise Consulting Interim CIO and CISO Services Digital Workspace Internet of Things IT Strategic Roadmaps IT Service Management Technology Solution Evaluation Process Optimization Assessments Cost Reduction Assessments Business Impact and Technology Investment Justification Insourcing/Outsourcing Assessments M&A Due Diligence and Integration Telecommunications Imaging and Print Services Organizational Assessments Data Center Transformation Data Center Models Private Cloud Hybrid Data Center Functions Production Disaster Recovery Other Data Center Services Strategic Planning and Budgeting Current State Inventory End State Design Detailed Implementation Planning and Budgeting Implementation and Testing Implementation Post Mortems DevOps Transformation End-to-End DevOps Lifecycle SDLC & Application Lifecycle Management, Agile, Waterfall, Continuous Release and Deployment Operations Optimization Infrastructure Best Practices ITIL, CMMI, Scaled Agile Framework (SAFe), Lean, and Six Sigma Best Practices Data Strategy Quality Assurance Best Practices and Test Automation Cloud Computing Infrastructure as Code (IaC) Security, Regulatory, Governance and Controls Risk, Security, and Compliance Security Governance Review Enterprise Risk Assessment & Security Posture Services Data Criticality Assessment Vulnerability Assessments Technical Security Architecture Review HIPAA/HITECH & MU Assessment PCI Assessment Security Policy Services Employee Security Awareness SIEM/MSSP Assessment Executive Security Consulting Services Penetration Testing Social Engineering Forensics Code Risk Assessments Business Continuity & IT/DR BC & IT/DR Current State Assessment Business Impact Assessment (BIA & µbia) Emergency Preparedness Action Planning Architecture Standards for Continuity & Recovery Declaration Process Plan Tabletop Exercise Facilitation IT/DR Exercise Planning & Coordination BC Program Awareness Consulting Incident Response Planning Enterprise Communication Planning Family Support Reponses Program 8/18/2017 6

7 Sirius Security Capabilities

8 Sirius Security Principles and Approach Vendor neutral and consultative Primary focus is to understand/develop customer requirements including via assessment if necessary. Understand current client environment Understand security drivers (high risk data, privacy, compliance, incidents, etc.) Jointly develop an approach to meeting requirements May include People, Policy, Process, Governance, and Technology Solution/Remediation plan or may not include Sirius capabilities if best fit for client is something we don t offer As a systems integration company, the full Sirius engineering team stands behind the ITC to assist with security implementation services and remediation, including a large number of partner brand skills and services most competitors can t offer the breadth of internal resources and partnerships that Sirius brings to the table for implementation and remediation services. 8/18/2017 8

9 Sirius Security Architecture Review (SAR) 8/18/2017 9

10 Sirius Security Consulting Services Compliance PCI DSS, NIST, FISMA, HIPAA, ISO, etc. Assessments Penetration Testing, Network Vulnerability, Web App Vulnerability System Security Configuration Reviews Information Criticality Workshop Governance Third Party Vendor Management, Program Development, Security Awareness Incident Response Physical, Technical, Plan Development, Retainer Digital Forensics Imaging, Extraction, Analysis, Preparation for Counsel, Expert Testimony Executive Security Consulting Services Presales Consulting Security Architecture Review (SAR) Workshop Security Solution Development 8/18/

11 Security Solutions Vulnerability Management Patch/System Management Traditional Endpoint Security Next Generation Endpoint Security Next Generation Firewall Network Access Control Content Filtering/Proxy Security Security Incident Event Management IPS/IDS Application Protection Identity and Access Management Database Security Remote Access Multi-Factor Authentication Web Application Firewall Endpoint Incident Response Cloud Security Privileged Identity Management Managed Security Services GRC Platforms Data Loss Prevention Network Management and Audit Network Taps SSL Decryption Mobile Device Management Unstructured Data Security Encryption Data Center Segmentation 8/18/

12 Sirius Security Solutions and Services Partners and more 8/18/

13 Sirius Security Solutions NIST Cyber Defense Matrix View Identify Protect Detect Respond Recover Devices Applications Networks Data Users Degree of Dependency Technology Process People 8/18/

14 Client Security Roadmap and Initiatives

15 Next Steps

16 THANK YOU

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice

More information

Certified Information Security Manager (CISM) Course Overview

Certified Information Security Manager (CISM) Course Overview Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,

More information

CCISO Blueprint v1. EC-Council

CCISO Blueprint v1. EC-Council CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance

More information

BHConsulting. Your trusted cybersecurity partner

BHConsulting. Your trusted cybersecurity partner Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised

More information

locuz.com SOC Services

locuz.com SOC Services locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security

More information

The Most Comprehensive Suite of Security Services and Solutions in the Market

The Most Comprehensive Suite of Security Services and Solutions in the Market LINE CARD Security Solutions SECURITY SOLUTIONS The Most Comprehensive Suite of Security Services and Solutions in the Market With a full suite of service capabilities, Optiv is positioned to help you

More information

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18 Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are

More information

Designing and Building a Cybersecurity Program

Designing and Building a Cybersecurity Program Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity

More information

Best Practices in Securing a Multicloud World

Best Practices in Securing a Multicloud World Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers

More information

Information Security Risk Strategies. By

Information Security Risk Strategies. By Information Security Risk Strategies By Larry.Boettger@Berbee.com Meeting Agenda Challenges Faced By IT Importance of ISO-17799 & NIST The Security Pyramid Benefits of Identifying Risks Dealing or Not

More information

Building a Resilient Security Posture for Effective Breach Prevention

Building a Resilient Security Posture for Effective Breach Prevention SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.

More information

What It Takes to be a CISO in 2017

What It Takes to be a CISO in 2017 What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge

More information

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Charting the Course... Certified Information Systems Auditor (CISA) Course Summary Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business

More information

TRIAEM LLC Corporate Capabilities Briefing

TRIAEM LLC Corporate Capabilities Briefing TRIAEM LLC Corporate Capabilities Briefing 3/4/ 1 CORPORATE OVERVIEW CORPORATE VALUES MISSION STATEMENT SERVICES WORKFORCE EXPERIENCE CORPORATE CONTACTS 3/4/ 2 CORPORATE OVERVIEW TRIAEM is certified through

More information

Run the business. Not the risks.

Run the business. Not the risks. Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.

More information

HCL GRC IT AUDIT & ASSURANCE SERVICES

HCL GRC IT AUDIT & ASSURANCE SERVICES HCL GRC IT AUDIT & ASSURANCE SERVICES Overview The immense progress made in information and communications technology offers enterprises outstanding benefits. However this also results in making the risk

More information

BHConsulting. Your trusted cybersecurity partner

BHConsulting. Your trusted cybersecurity partner Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised

More information

Automating the Top 20 CIS Critical Security Controls

Automating the Top 20 CIS Critical Security Controls 20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises

More information

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance

More information

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved. HITRUST CSF Assurance Program HITRUST CSF Assurance Program The Need Organizations facing multiple and varied assurance requirements from a variety of parties Increasing pressure and penalties associated

More information

Jeff Wilbur VP Marketing Iconix

Jeff Wilbur VP Marketing Iconix 2016 Data Protection & Breach Readiness Guide February 3, 2016 Craig Spiezle Executive Director & President Online Trust Alliance Jeff Wilbur VP Marketing Iconix 1 Who is OTA? Mission to enhance online

More information

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project

More information

Background FAST FACTS

Background FAST FACTS Background Terra Verde was founded in 2008 by cybersecurity, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance

More information

Establishing a Credible Cybersecurity Program. September 2016

Establishing a Credible Cybersecurity Program. September 2016 Establishing a Credible Cybersecurity Program September 2016 Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) Member FBI InfraGard AFTERNOON PLENARY SESSION AGENDA Cyber Risk = Disruptive Business Risk Breaches:

More information

Digital Service Management (DSM)

Digital Service Management (DSM) Digital Service Management (DSM) A Proactive, Collaborative and Balanced Approach for Securing, Managing and Improving the Online Services that Drive the Digital Enterprise itsm003 v.3.0 Agenda and Objectives

More information

Cybersecurity Auditing in an Unsecure World

Cybersecurity Auditing in an Unsecure World About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity

More information

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery. Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery. 2017 Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property

More information

ISE North America Leadership Summit and Awards

ISE North America Leadership Summit and Awards ISE North America Leadership Summit and Awards November 6-7, 2013 Presentation Title: Presenter: Presenter Title: Company Name: Embracing Cyber Security for Top-to-Bottom Results Larry Wilson Chief Information

More information

Sage Data Security Services Directory

Sage Data Security Services Directory Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time

More information

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities

More information

Art of Performing Risk Assessments

Art of Performing Risk Assessments Clinical Practice Compliance Conference Art of Performing Risk Assessments October 2016 Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) Member FBI InfraGard AGENDA Cyber Risk = Disruptive Business Risk Breaches:

More information

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose

More information

INFORMATION SECURITY GOVERNANCE, RISK & COMPLIANCE CLOUD CONSULTING SERVICES CIO & CISO SERVICES. forebrook

INFORMATION SECURITY GOVERNANCE, RISK & COMPLIANCE CLOUD CONSULTING SERVICES CIO & CISO SERVICES. forebrook INFORMATION SECURITY GOVERNANCE, RISK & COMPLIANCE CLOUD CONSULTING SERVICES CIO & CISO SERVICES forebrook INFRASTRUCTURE ASSESSMENT SECURITY ASSESSMENT RISK ASSESSMENT VULNERABILITY ASSESSMENT PENETRATION

More information

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ Operations & Technology Seminar Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ Operations & Technology Roundtable Crowne Plaza Monroe, Monroe Township, NJ Tuesday, November 8, 2016

More information

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson Delivering Integrated Cyber Defense for the Generation Darren Thomson Vice President & CTO, EMEA Region Symantec In 2009 there were 2,361,414 new piece of malware created. In 2015 that number was 430,555,582

More information

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES To Secure Azure and Hybrid Cloud Environments Introduction Cloud is at the core of every successful digital transformation initiative. With cloud comes new

More information

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience

More information

Background FAST FACTS

Background FAST FACTS Background Terra Verde was founded in 2008 by cyber security, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance

More information

Cloud Customer Architecture for Securing Workloads on Cloud Services

Cloud Customer Architecture for Securing Workloads on Cloud Services Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,

More information

TSC Business Continuity & Disaster Recovery Session

TSC Business Continuity & Disaster Recovery Session TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives

More information

Accelerate Your Enterprise Private Cloud Initiative

Accelerate Your Enterprise Private Cloud Initiative Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service

More information

SRM Service Guide. Smart Security. Smart Compliance. Service Guide

SRM Service Guide. Smart Security. Smart Compliance. Service Guide SRM Service Guide Smart Security. Smart Compliance. Service Guide Copyright Security Risk Management Limited Smart Security. Smart Compliance. Introduction Security Risk Management s (SRM) specialists

More information

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences Undergraduate Programs - Bachelor B.S. Computer Game Design Upon completion of the B.S. degree in Computer Game Design, students

More information

Handling Complex and Difficult Privacy and Information Security Issues

Handling Complex and Difficult Privacy and Information Security Issues Handling Complex and Difficult Privacy and Information Security Issues Rebecca Herold, CIPP, CISSP, CISM, CISA, FLMI Christopher Grillo, CISM, CISA, CPA, ITIL Presentation Overview: Handling complex and

More information

Les joies et les peines de la transformation numérique

Les joies et les peines de la transformation numérique Les joies et les peines de la transformation numérique Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA Professor, Solvay Brussels School of Economics and Management Academic Director, IT Management Education

More information

Cyber Resilience. Think18. Felicity March IBM Corporation

Cyber Resilience. Think18. Felicity March IBM Corporation Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack

More information

LESSONS LEARNED IN SMART GRID CYBER SECURITY

LESSONS LEARNED IN SMART GRID CYBER SECURITY LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com

More information

The Impact of Cybersecurity, Data Privacy and Social Media

The Impact of Cybersecurity, Data Privacy and Social Media Doing Business in a Connected World The Impact of Cybersecurity, Data Privacy and Social Media Security Incident tprevention and Response: Customizing i a Formula for Results Joseph hm. Ah Asher Marcus

More information

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016

Defense in Depth. Constructing Your Walls for Your Enterprise. Mike D Arezzo Director of Security April 21, 2016 Defense in Depth Constructing Your Walls for Your Enterprise Mike D Arezzo Director of Security April 21, 2016 Defense in Depth Defense in Depth Coordinated use of multiple security countermeasures Protect

More information

Gujarat Forensic Sciences University

Gujarat Forensic Sciences University Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat

More information

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better

More information

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product

More information

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential

More information

IT Consulting and Implementation Services

IT Consulting and Implementation Services PORTFOLIO OVERVIEW IT Consulting and Implementation Services Helping IT Transform the Way Business Innovates and Operates 1 2 PORTFOLIO OVERVIEW IT Consulting and Implementation Services IT is moving from

More information

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert Aligning IT, Security and Risk Management Programs Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert Challenges to Risk Management & Governance Balancing extensive requirements

More information

The simplified guide to. HIPAA compliance

The simplified guide to. HIPAA compliance The simplified guide to HIPAA compliance Introduction HIPAA, the Health Insurance Portability and Accountability Act, sets the legal requirements for protecting sensitive patient data. It s also an act

More information

Securing Data in the Cloud: Point of View

Securing Data in the Cloud: Point of View Securing Data in the Cloud: Point of View Presentation by Infosys Limited www.infosys.com Agenda Data Security challenges & changing compliance requirements Approach to address Cloud Data Security requirements

More information

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain

More information

External Supplier Control Obligations. Cyber Security

External Supplier Control Obligations. Cyber Security External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place

More information

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber Initiatives 30 January 2018 1 Agenda Federal Landscape Cybersecurity

More information

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Cybersecurity What Companies are Doing & How to Evaluate Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Learning Objectives At the end of this presentation, you will be able to: Explain the

More information

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, InfraGard Compliance Mandates Key Regulations

More information

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1 Speaker Introduction Sanjeev

More information

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing

More information

Security Diagnostics for IAM

Security Diagnostics for IAM Security Diagnostics for IAM Strategies and Approaches Rebecca Harvey Brian Dudek 10/29/2018 Core Competencies Our areas of expertise Cloud Data Mobility Security Enable business innovation and transition

More information

CISO as Change Agent: Getting to Yes

CISO as Change Agent: Getting to Yes SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch

More information

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies

More information

Welcome to the Jungle: (If we act like prey, they ll act like predators)

Welcome to the Jungle: (If we act like prey, they ll act like predators) Welcome to the Jungle: (If we act like prey, they ll act like predators) Chris Hoke April 6, 2017 www.siriuscom.com 4/4/2017 1 Agenda Who I am Basics of information security Target rich environment Defend

More information

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along 2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management Today s Speakers Olivia Munro Senior Marketing Specialist Eze Castle Integration Bob Shaw Director, Technical Architecture Eze Castle

More information

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating

More information

Your Trusted Partner in Europe European Business Reliance Centre

Your Trusted Partner in Europe European Business Reliance Centre Your Trusted Partner in Europe European Business Reliance Centre Fit4Exchange 23 Septembre 2015 ebrc.com 24/09/2015 Public 1 EBRC -European Business Reliance Centre Our vision: To be the Centre of Excellence

More information

Cyber Security Program

Cyber Security Program Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m. Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m. Cybersecurity is a top priority for the financial services industry. Firms dedicate significant resources every

More information

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP Protect Your Institution with Effective Cybersecurity Governance 1 Your presenter Mike Cullen, Senior Manager, Baker Tilly CISA, CISSP, CIPP/US > Leads the firm s Higher Education Technology Risk Services

More information

IT-CNP, Inc. Capability Statement

IT-CNP, Inc. Capability Statement Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government

More information

Click to edit Master title style. DIY vs. Managed SIEM

Click to edit Master title style. DIY vs. Managed SIEM DIY vs. Managed SIEM Meet Paul Paul Caiazzo Principal, Chief Security Architect CISSP, CISA, CEH M.S. Information Security and Assurance 15+ years of experience in Information Security Connect with me:

More information

Session ID: CISO-W22 Session Classification: General Interest

Session ID: CISO-W22 Session Classification: General Interest Session ID: CISO-W22 Session Classification: General Interest Pain Points What are your two biggest information security-related pain points?* Mobile Device Security Security Awareness Training User Behavior

More information

White Paper. How to Write an MSSP RFP

White Paper. How to Write an MSSP RFP White Paper How to Write an MSSP RFP https://www.solutionary.com (866) 333-2133 Contents 3 Introduction 3 Why a Managed Security Services Provider? 5 Major Items to Consider Before Writing an RFP 5 Current

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information

Solutions Technology, Inc. (STI) Corporate Capability Brief

Solutions Technology, Inc. (STI) Corporate Capability Brief Solutions Technology, Inc. (STI) Corporate Capability Brief STI CORPORATE OVERVIEW Located in the metropolitan area of Washington, District of Columbia (D.C.), Solutions Technology Inc. (STI), women owned

More information

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security LTI Security Intelligent & integrated Approach to Cyber & Digital Security Overview As businesses are expanding globally into new territories, propelled and steered by digital disruption and technological

More information

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9 HAWK Overview Agenda Contents Slide Challenges 3 HAWK Introduction 4 Key Benefits 6 About Gavin Technologies 7 Our Security Practice 8 Security Services Approach 9 Why Gavin Technologies 10 Key Clients

More information

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services 0 CYBER SECURITY WORKSHOP NOVEMBER 2, 2016 Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services VIDEO: CAN IT HAPPEN TO ME? 1 2 AGENDA CYBERSECURITY WHY SUCH A BIG DEAL? INFORMATION

More information

Supporting the Cloud Transformation of Agencies across the Public Sector

Supporting the Cloud Transformation of Agencies across the Public Sector SOLUTION SERVICES Supporting the Cloud Transformation of Agencies across the Public Sector BRIEF Digital transformation, aging IT infrastructure, the Modernizing Government Technology (MGT) Act, the Datacenter

More information

FDIC InTREx What Documentation Are You Expected to Have?

FDIC InTREx What Documentation Are You Expected to Have? FDIC InTREx What Documentation Are You Expected to Have? Written by: Jon Waldman, CISA, CRISC Co-founder and Executive Vice President, IS Consulting - SBS CyberSecurity, LLC Since the FDIC rolled-out the

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning The Unexpected Happens Be Ready Copyright -Business Survival Partners, llc. 2011 - All Rights Reserved www.survivalpartners.biz RISK 2 Risks to National Security A secure and

More information

K12 Cybersecurity Roadmap

K12 Cybersecurity Roadmap K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the

More information

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018 Transformation in Technology Barbara Duck Chief Information Officer Investor Day 2018 Key Takeaways 1Transformation in Technology driving out cost, supporting a more technologyenabled business Our new

More information

EU General Data Protection Regulation (GDPR) Achieving compliance

EU General Data Protection Regulation (GDPR) Achieving compliance EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,

More information

Ransomware A case study of the impact, recovery and remediation events

Ransomware A case study of the impact, recovery and remediation events Ransomware A case study of the impact, recovery and remediation events Palindrome Technologies 100 Village Court Suite 102 Hazlet, NJ 07730 www.palindrometech.com Peter Thermos President & CTO Tel: (732)

More information

NYDFS Cybersecurity Regulations

NYDFS Cybersecurity Regulations SPEAKERS NYDFS Cybersecurity Regulations Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com www.huntonprivacyblog.com March 9, 2017 The Privacy Team at Hunton & Williams Over 30 privacy

More information

The Common Controls Framework BY ADOBE

The Common Controls Framework BY ADOBE The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.

More information

Cybersecurity Overview

Cybersecurity Overview Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,

More information

Watson Developer Cloud Security Overview

Watson Developer Cloud Security Overview Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for

More information

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016 Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016 Dirk Lybaert Chief Group Corporate Affairs We constantly keep people connected to the

More information

Security Awareness Training Courses

Security Awareness Training Courses Security Awareness Training Courses Trusted Advisor for All Your Information Security Needs ZERODAYLAB Security Awareness Training Courses 75% of large organisations were subject to a staff-related security

More information

CACUBO Higher Education Accounting Workshop Top 10 Cyber Security Issues for Higher Education Business Managers. May 2017

CACUBO Higher Education Accounting Workshop Top 10 Cyber Security Issues for Higher Education Business Managers. May 2017 CACUBO Higher Education Accounting Workshop Top 10 Cyber Security Issues for Higher Education Business Managers May 2017 Phun with Phishing @linkerdin.com https://www.linkedin.com/in/rrudloff https://10.0.3.15

More information