Cybersecurity: Achieving Prevailing Practices. Session 229, March 8 Mark W. Dill, Partner and Principal Consultant,
|
|
- Stewart Hoover
- 5 years ago
- Views:
Transcription
1 Cybersecurity: Achieving Prevailing Practices Session 229, March 8 Mark W. Dill, Partner and Principal Consultant, 1
2 Conflict of Interest Mark W. Dill, CISM, CRISC Has no real or apparent conflicts of interest to report. 2
3 Agenda Learning Objectives NIST Cyber Security Framework (CSF) How the information was collected and distilled Critical controls discussion across hospitals of all sizes Critical Access Small-Medium Large Academic Medical Centers Resources Questions 3
4 Learning Objectives Compare how hospitals of all sizes have defined "prevailing practices" for information security and compliance Explain the common tools, processes, and talent levels that are being used Categorize the security practices using the NIST Cyber Security Framework (CSF): Identify, Protect, Detect, Respond, and Recover Recognize the top tactics used to defend against leading cyber threats: Hacking Malware Phishing Ransomware Discuss what is working versus what is not 4
5 NIST Cyber Security Framework (CSF) + 5
6 InfoSec Maturity 6
7 Note: * Not statistically relevant (yet ), given 5,500+ hospitals in 7 the U.S. Distillation Criteria Facts and opinions must be: Technically interesting and compliance relevant Useful to the audience Presented in a way that allows comparison (bed size) A reasonable sample size (30 hospitals) * Readily obtainable and current (since late 2015) Validated (partially) Sorted by objective (NIST CSF) Focused on the critical few vs. trivial many (CIS Top-20 Critical Controls)
8 Critical Controls Identify 1. Risk Analysis & Risk Management 2. Control Framework Detect 15. SIEM Tools (Security Information & Event Mgmt. Network 16. SIEM Tools Applications (EMR & Other Applications) 17. Penetration Testing 18. Vulnerability Scanning Respond 19. Incident Response Recover 20. IT Disaster Recovery Protect 3. Security Awareness 4. Access Control: Password Usage 5. Access Control: Access Reviews 6. Firewalls 7. Endpoint Antivirus 8. Intrusion Prevention Systems and Advanced Persistent Threat Tools (IPS and APT) 9. Network Access (or Admission) Control (NAC) 10. Patch Management 11. Encrypted Laptops 12. Encrypted Workstations 13. Mobile Device Management (MDM) 14. Encrypted EHR 8
9 Hospital Size Name Critical Access Hospital # Beds 25 or less Small-Medium Large > 250 Academic Medical Center Not defined by # of beds but more than 1,000 in this research 9
10 Control to Threat Matching Control List Hacking Malware Phishing Ransomware Theft/Loss Identify: Risk Analysis X X X X Prevent: Security Awareness X X X Prevent: Password Strength X X Prevent: Access Control Reviews X Prevent: Firewalls X X X X Prevent: Endpoint X X X X Prevent: Intrusion Prevention Systems & Advanced Persistent Threats (IPS & APTs) X X X X Prevent: Network Access (or Admission) Control (NAC) X X X Prevent: Patch Management X X X X Prevent: Encrypted Laptops and Workstations Prevent: Mobile Device Management X X X Prevent: Encrypted EHRs X Detect: Security Information and Event Management (SIEM) X X X X Detect: Application-Layer SIEM for EHR & Other Applications X Detect: Penetration Testing X X X X Detect: Vulnerability Scanning X X X Respond: Incident Response X X X X Recover: IT Disaster Recovery X X X X 10 X
11 Identify: Risk Analysis Large AMC Have you performed a Risk Analysis? Yes 100% 100% 100% 100% How often? Yrs Do you use internal resources? Yes 17% 56% 20% 50% Do you use external resources? Yes 100% 100% 100% 100% Do you use a manual process or automated tool? Manual 100% 100% 100% 50% Do you have a Prioritized Action Plan (aka Risk Management Plan)? Yes 100% 89% 100% 100% Do you have at least 3 years of History? Yes 50% 89% 80% 100% Has management signed off on the Remediation Plan? Yes 50% 89% 30% 50% Have you identified the threat, controls in place, vulnerability and 11 Critical Access Small Med Yes 100% 89% 100% 100% possible outcome? Have you calculated the likelihood, harm level and risk score? Yes 100% 89% 100% 100% Do you maintain a risk register Yes 100% 100% 100% 100% Does your process include biomedical devices/systems Yes 0% 44% 40% 100%
12 Identify: Control Frameworks - 1 What Control Framework do you use? COBIT HITRUST ISO and Critical Access Yes Yes 4 Yes NIST CSF 2 Yes 17% NIST SP Hybrid Popularity Yes 57% PCI Yes SANS CSC 3 Yes Hybrid (some combination of the above) Yes 83% 100% 43% 100% Small Med Large AMC 12
13 Identify: Control Frameworks - 2 Critical Small Access Med Large AMC How are you using the framework? Use (influenced by concepts)? Yes 13% Decision making guidiance? Yes 13% Reference Material? Yes Basis for IT policy but not practices? Yes 100% 100% 38% Extensively used for practices, (compliance not verified)? Yes 25% 50% Practices applied and compliance validated? Yes 13% 50% Frequently used to assess program maturity 13
14 Prevent: Security Awareness Large AMC Do you have an Awareness Plan? Yes 0% 0% 67% 100% At what frequency is the workforce awareness content presented? Months Is your training role-based? Yes 0% 0% 33% 100% Do you use a simple slide show? Yes 100% 100% 67% 100% Do you provide periodic reminders? Yes 100% 100% 100% 100% Are you using a Learning Management System (LMS)? Yes 100% 100% 100% 100% Are you using commercially acquired content? Yes 50% 0% 0% 100% Can you capture the attendee list? Yes 100% 100% 67% 100% Do you require the completion of a quiz before passing? Yes 0% 0% 33% 100% Are users required to complete awareness/training before access is granted? Yes 100% 50% 0% 100% Do you proactively phish the workforce? Yes 50% 50% 67% 100% Are you using a homegrown tool to phish? Yes 0% 50% 0% 0% Are you using a commercial tool to phish? Yes 50% 0% 67% 100% Are your workers required to complete the assigned training? Yes 50% 50% 0% 100% 14 Critical Access Small Med
15 Prevent: Password Strength Password Attribute PCI Critical Small Access Mid Large Academic Minimum length? # Complexity (mixture of numeric and alphanumeric)? On On 100% 29% 78% 50% Forced expiration frequency (days)? Days Intruder lockout set? Yes 63% 56% 78% 50% Intruder Lockout after X attempts # Minutes before retry allowed? Minutes Upon reset, cannot be the same as prior X passwords? # Require initial password uniqueness? On On 0% 29% 22% 50% Require change upon 1st use? On On 20% 29% 77% 100% Note: NIST SP B Digital Identity Guidelines: Authentication & Lifecycle Management will likely play a role in the future of the prevailing practices for passwords. 15
16 Prevent: Access Control Reviews Critical Access Large AMC Are user access rights periodically reviewed? Yes 50% 67% 70% 50% What is the frequency? Mos Small Med 16
17 Prevent: Firewalls Are you following an industry standard for addressing out of the box vulnerabilities? Critical Access Yes 17% 0% 50% 0% Is console access encrypted? Yes 17% 78% 80% 50% Are you repelling traffic to and from countries you are not doing business with (geofencing)? Yes 33% 67% 90% 0% If you have a DMZ, is a firewall in place to prevent direct access into your network? Yes 67% 78% 90% 100% Do you review the firewall rule sets at least once per year? Yes 67% 33% 50% 50% Small Med Large AMC 17
18 Prevent: Endpoint Are you using a technology that is not dependent upon pattern file updates? Are you using a technology that prohibits the launching of unauthorized software or processes? Critical Access Small Med Large AMC Yes 33% 33% 20% 0% Yes 33% 56% 20% 100% 18
19 Prevent: Intrusion Prevention Systems & Advanced Persistent Threats (IPS & APTs) Critical Small Access Med Large AMC Are the tools baked into the firewall? Yes 83% 78% 80% 0% Are the tools stand alone? Yes 17% 22% 10% 100% Are the baseline and signatures/heuristics kept up to date? Yes 83% 100% 80% 100% 19
20 Prevent: Network Access (or Admission) Control (NAC) Critical Small Access Med Large AMC Do you use a NAC solution? Yes 17% 11% 10% 0% Are you using a commercial tool for NAC? Yes 17% 0% 10% 0% Are you in monitor mode only? Yes 33% 11% 0% 0% Are you in block mode? Yes 0% 0% 10% 0% Does your solution offer a remedial path for devices? Yes 0% 0% 0% 0% 20
21 Prevent: Patch Management Critical Small Access Med Large AMC Do you patch your servers? Yes 100% 100% 100% 100% Server patch latency? Days Do you patch your network infrastructure? Yes 100% 100% 100% 100% Infrastructure patch latency? Days Do you patch your endpoints? Yes 100% 100% 100% 100% Endpoint patch latency? Days Can Laptops in the field be updated while off the network? Yes 33% 11% 40% 0% Is your Office Suite being patched? Yes 0% 89% 50% 100% Office suite patch latency? Days Are commonly vulnerable applications being patched? Yes 17% 33% 40% 100% Common vulnerable application patch latency? Days For the platforms you patch, is the function in or outsourced? Insourced 100% 100% 80% 50% 21
22 Prevent: Encrypted Laptops Critical Small Access Med Large AMC Do you encrypt 100% of your laptops? Yes 67% 100% 100% 100% Are you using an OS vendor-provided tool? Yes 50% 33% 20% 50% Are you using a commercial tool? Yes 50% 67% 100% 50% Are you using pre-boot authentication with a different password? Yes 0% 44% 60% 0% How long before the screen saver is applied? Minutes Number of lost or stolen devices reported? #
23 Prevent: Encrypted Workstations Critical Small Access Med Large AMC Do you encrypt any workstations? Yes 17% 33% 50% 50% Are you using AES-256/ FIPS algorithm? Yes 17% 56% 40% 50% Are you using a risk-based approach to encryption? Yes 0% 67% 70% 50% Are your EMR Downtime (read only devices) encrypted? Yes 0% 44% 30% 0% Do you use an OS vendor-provided tool? Yes 17% 0% 20% 50% Do you use a commercial tool? Yes 0% 33% 60% 0% Do you use pre-boot authentication? Yes 0% 11% 30% 0% Do you have a reporting console? Yes 0% 11% 40% 100% Number of lost or stolen devices reported? #
24 Prevent: Mobile Device Management Critical Attribute Access Small Mid Large Academic MDM enforced controls? 50% 89% 75% 100% Signed usage agreement? 17% 67% 50% 100% Password/PIN length? Complexity enabled? 0% 0% 0% 0% Forced expiration frequency (days)? Wipe after X tries? Screen lock in X minutes? Encryption enabled? 50% 89% 75% 100% MDM enabled remote wipe? 17% 89% 75% 100% Controlled use of unsigned applications? 0% 22% 75% 50% Monitor/block for rooted or jailbroken devices? 0% 22% 50% 100% Antivirus or spyware tools used? 0% 0% 0% 0% 24
25 Prevent: Encrypted EHRs Critical Small Access Med Large AMC Are the SAN or RAID disks encrypted? Yes 50% 22% 50% 0% Is the database encrypted? Yes 17% 22% 10% 0% Are there features of the EMR that are encrypted (reports, file xfers, etc.) Yes 17% 67% 20% 0% What algorithm is in use 128-bit or 256-bit? AES-256 is the norm, though some smaller EMRs are using 128-bit 25
26 Detect: Security Information and Event Management (SIEM) Critical Small Access Med Large AMC Collecting logs according to a plan? Yes 67% 89% 100% 100% Reactive log review (troubleshooting only)? Yes 50% 67% 50% 0% Forwarding logs to a secondary/secured server (syslog server or SIEM tool)? Yes 17% 56% 80% 100% Using open sourced tools? Yes 17% 56% 10% 50% Using a commercial tool? Yes 33% 22% 70% 100% Proactive log review (hunting for anomalies and problems)? Yes 17% 22% 60% 100% Using inhouse staff to monitor? Yes 67% 44% 70% 100% Using a managed service to monitor? Yes 17% 22% 40% 50% Number of log sources correlated <=5, 6-10, and >10? # or More Applying User (and device) Behavior Analytics (UBA)? Yes 17% 0% 20% 50% How long are log files retained? Mos
27 Detect: Application-Layer SIEM for EHR & Other Applications Critical Small Access Med Large AMC Reactive only Yes 50% 56% 80% 0% Proactive log review (hunting for anomalies and problems) Yes 33% 44% 20% 100% Granular enough to report on view-only access Yes 33% 67% 70% 100% Using a commercial tool? Yes 33% 44% 70% 100% Are applications beyond the EMR in scope? Yes 17% 0% 40% 100% 27
28 Detect: Penetration Testing Critical Small Access Med Large AMC Doing Y/N? Yes 50% 78% 60% 100% Frequency? Mos Performed by Internal Staff only? Yes 0% 0% 0% 0% Performed by 3rd Party? Yes 50% 78% 60% 100% Scope: Public facing systems only? Yes 33% 56% 60% 0% Scope: Public and internal systems? Yes 17% 22% 40% 100% Scope: Biomedical devices? Yes 0% 0% 0% 50% 28
29 Detect: Vulnerability Scanning Critical Small Access Med Large AMC Doing Y/N? Yes 67% 78% 80% 100% Using an open sourced tool? Yes 17% 11% 0% 0% Using a commercial tool? Yes 50% 67% 80% 100% Are results shared with leadership and remediated quickly? Yes 50% 67% 30% 100% Performed by Internal Staff only? Yes 33% 56% 50% 100% Performed by 3rd Party? Yes 33% 33% 50% 0% Scope: Public facing systems only? Yes 17% 44% 20% 0% Scope: Public and internal systems? Yes 50% 33% 60% 100% Scope: Biomedical devices? Yes 0% 0% 10% 100% 29
30 Respond: Incident Response Critical Small Access Med Large AMC Do you have a policy and procedure? Yes 100% 89% 100% 100% Do you use an incident reporting form? Yes 83% 56% 80% 100% Do you have an incident response team? Yes 50% 67% 90% 100% Do you have a playbook(s)? Yes 0% 22% 50% 100% Are the playbooks scenario-specific? Yes 0% 11% 50% 100% Do you exercise the playbooks in a tabletop? Yes 0% 22% 50% 100% What is the frequency of your testing? Mos Do you test beyond tabletop? Yes 0% 0% 0% 100% 30
31 Recover: IT Disaster Recovery Critical Small Access Med Large AMC Do you have a policy and procedure? Yes 50% 89% 90% 100% Have you performed a Business Impact Analysis (BIA)? Yes 0% 33% 40% 50% Do you have a compliance-oriented plan? Yes 0% 33% 60% 100% Do you have step-by-step recovery plans? Yes 17% 33% 20% 100% Do you exercise the plans in a tabletop Yes 0% 33% 30% 50% Do you exercise the plans in fail over or bare metal recovery tests? Yes 0% 0% 10% 50% Are the Recovery Time and Recovery Point Objectives (RTO & RPO) regularly Yes 0% 0% 50% 50% met? Have you increased backup retention to address ransomware Yes 0% 0% 10% 0% Do you redirect My Documents to the network and back it up? Yes 17% 67% 30% 100% How do you backup laptop data? Yes Undefined (or "end user is responsible"), a few small-mid sized hospitals provide a virtual desktop 31
32 Recap Risk analysis implementing NIST SP is not that difficult Policies and procedures are the basis for setting behavioral expectations and awareness content Awareness static content about HIPAA will not manage anything but compliance risk real time awareness at "time-of-click" works best Prevailing practices achieve them first before striving for a best practice Layered defenses are still required: Preventive controls are usually best Don't ignore detective, response and recovery capabilities Cost not all improvements need to "break the bank" Outsourcing InfoSec source only "High Volume/Low Complexity" processes 32
33 Summary In this session, we Compared "prevailing practices" for information security and compliance by hospital size Explained the common tools, processes, and talent levels that are being used Categorized the security practices using the NIST Cyber Security Framework Reviewed the top tactics used to defend against leading cyber threats Discussed what is working versus what is not 33
34 Resources CIS Critical Controls (Top-20) CIS Measurement Companion Free Nessus vulnerability scanner (for not-for-profit hospitals) Free awareness content (branded, but good content) NIST Cybersecurity Framework Assessment Tool Draft 34
35 Questions Mark W. Dill, CISM, CRISC Partner and Principal Consultant, tw-security Please complete the online session evaluation 35
Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles
Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationCYBERSECURITY RISK LOWERING CHECKLIST
CYBERSECURITY RISK LOWERING CHECKLIST The risks from cybersecurity attacks, whether external or internal, continue to grow. Leaders must make thoughtful and informed decisions as to the level of risk they
More informationSneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security
Sneak Peak at CIS Critical Security Controls V 7 Release Date: March 2018 2017 Presented by Kelli Tarala Principal Consultant Enclave Security 2 Standards and Frameworks 3 Information Assurance Frameworks
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationCyberSecurity: Top 20 Controls
CyberSecurity: Top 20 Controls ISACA Kampala Chapter CPD Event - 30 March 2017 By Bernard Wanyama - CISA, CGEIT, CRISC, CISM Assume breach.. The CIS Top 20 Critical Security Controls CIS, SANS, NSA and
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationISE North America Leadership Summit and Awards
ISE North America Leadership Summit and Awards November 6-7, 2013 Presentation Title: Presenter: Presenter Title: Company Name: Embracing Cyber Security for Top-to-Bottom Results Larry Wilson Chief Information
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationVirtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC
Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /
More informationChanging face of endpoint security
Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationRansomware A case study of the impact, recovery and remediation events
Ransomware A case study of the impact, recovery and remediation events Peter Thermos President & CTO Tel: (732) 688-0413 peter.thermos@palindrometech.com Palindrome Technologies 100 Village Court Suite
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationCybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security
Cybersecurity What Companies are Doing & How to Evaluate Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Learning Objectives At the end of this presentation, you will be able to: Explain the
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationBOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016
BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016 Overview Current Threats Where we fail Cyber Security Lifecycle Key Areas to Continuously Monitor Security Metrics Where to prioritize Security
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationCYBERSECURITY MATURITY ASSESSMENT
CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance
More informationPrinciples of Protection: Cybersecurity Data Protection. 11/01/2017 Julia Breaux William Sellers
Principles of Protection: Cybersecurity Data Protection 11/01/2017 Julia Breaux William Sellers Introductions Julia Breaux Internal Controls and Compliance Manager (225) 214-3898 Julia.Breaux@eatel.com
More information2017 Annual Meeting of Members and Board of Directors Meeting
2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,
More informationUCOP ITS Systemwide CISO Office Systemwide IT Policy. UC Event Logging Standard. Revision History. Date: By: Contact Information: Description:
UCOP ITS Systemwide CISO Office Systemwide IT Policy UC Event Logging Standard Revision History Date: By: Contact Information: Description: 05/02/18 Robert Smith robert.smith@ucop.edu Approved by the CISOs
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More information2015 HFMA What Healthcare Can Learn from the Banking Industry
2015 HFMA What Healthcare Can Learn from the Banking Industry Agenda Introduction- Background and Experience Healthcare vs. Banking The Results OCR Audit Results Healthcare vs. Banking The Theories Practical
More informationEnsuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard
Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure
More informationMike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS
Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS Can You Answer These Questions? 1 What s my company s exposure to the latest industrial cyber threat? Are my plants
More informationTips for Passing an Audit or Assessment
Tips for Passing an Audit or Assessment Rob Wayt CISSP-ISSEP, HCISPP, CISM, CISA, CRISC, CEH, QSA, ISO 27001 Lead Auditor Senior Security Engineer Structured Communication Systems Who likes audits? Compliance
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationCompTIA CSA+ Cybersecurity Analyst
CompTIA CSA+ Cybersecurity Analyst Duration: 5 Days Course Code: Target Audience: The CompTIA Cybersecurity Analyst (CSA+) examination is designed for IT security analysts, vulnerability analysts, or threat
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More information2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along
2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management Today s Speakers Olivia Munro Senior Marketing Specialist Eze Castle Integration Bob Shaw Director, Technical Architecture Eze Castle
More informationCompliance Is Security. Presented by: Jeff Hall Optiv Security
Compliance Is Security Presented by: Jeff Hall Optiv Security Agenda The mantra heard round the world Compliance defined Official requirements Compliance is never done Defense in depth A surprise Compliance
More informationSECURITY PRACTICES OVERVIEW
SECURITY PRACTICES OVERVIEW 2018 Helcim Inc. Copyright 2006-2018 Helcim Inc. All Rights Reserved. The Helcim name and logo are trademarks of Helcim Inc. P a g e 1 Our Security at a Glance About Helcim
More informationRecommendations for Implementing an Information Security Framework for Life Science Organizations
Recommendations for Implementing an Information Security Framework for Life Science Organizations Introduction Doug Shaw CISA, CRISC Director of CSV & IT Compliance Azzur Consulting Agenda Why is information
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security
EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack
More informationData Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
More informationDFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com
DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More information2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification
2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification Presenters Jared Hamilton CISSP CCSK, CCSFP, MCSE:S Healthcare Cybersecurity Leader, Crowe Horwath Erika Del Giudice CISA, CRISC,
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationAltius IT Policy Collection
Altius IT Policy Collection Complete set of cyber and network security policies Over 100 Policies, Plans, and Forms Fully customizable - fully customizable IT security policies in Microsoft Word No software
More informationRansomware A case study of the impact, recovery and remediation events
Ransomware A case study of the impact, recovery and remediation events Palindrome Technologies 100 Village Court Suite 102 Hazlet, NJ 07730 www.palindrometech.com Peter Thermos President & CTO Tel: (732)
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationNebraska CERT Conference
Nebraska CERT Conference Security Methodology / Incident Response Patrick Hanrion Security Center of Excellence Sr. Security Consultant Agenda Security Methodology Security Enabled Business Framework methodology
More informationIT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I
Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program
More informationChecklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)
Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, InfraGard Compliance Mandates Key Regulations
More informationInsider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey
Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey CyberMaryland Conference 2017 Bob Andersen, Sr. Manager Federal Sales Engineering robert.andersen@solarwinds.com
More informationDefense in Depth Security in the Enterprise
Defense in Depth Security in the Enterprise Mike Mulville SAIC Cyber Chief Technology Officer MulvilleM@saic.com Agenda The enterprise challenge - threat; vectors; and risk Traditional data protection
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationEvolution Of Cyber Threats & Defense Approaches
Evolution Of Cyber Threats & Defense Approaches Antony Abraham IT Architect, Information Security, State Farm Kevin McIntyre Tech Lead, Information Security, State Farm Agenda About State Farm Evolution
More informationCritical Hygiene for Preventing Major Breaches
SESSION ID: CXO-F02 Critical Hygiene for Preventing Major Breaches Jonathan Trull Microsoft Enterprise Cybersecurity Group @jonathantrull Tony Sager Center for Internet Security @CISecurity Mark Simos
More informationCybersecurity Today Avoid Becoming a News Headline
Cybersecurity Today 2017 Avoid Becoming a News Headline Topics Making News Notable Incidents Current State of Affairs Common Points of Failure Three Quick Wins How to Prepare for and Respond to Cybersecurity
More informationAvoiding an Information Security Mismanagement Program through Fundamentals. Bill Curtis, SynerComm
Avoiding an Information Security Mismanagement Program through Fundamentals Bill Curtis, SynerComm Husband, father and grandfather 30+ years IT/IS: Army Allen Bradley/Rockwell Automation Bucyrus/Caterpillar
More informationDEVELOP YOUR TAILORED CYBERSECURITY ROADMAP
ARINC cybersecurity solutions DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP Getting started is as simple as assessing your baseline THE RIGHT CYBERSECURITY SOLUTIONS FOR YOUR UNIQUE NEEDS Comprehensive threat
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationFFIEC Cyber Security Assessment Tool. Overview and Key Considerations
FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain
More informationa. UTRGV owned, leased or managed computers that fall within the regular UTRGV Computer Security Standard
Kiosk Security Standard 1. Purpose This standard was created to set minimum requirements for generally shared devices that need to be easily accessible for faculty, staff, students, and the general public,
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationLes joies et les peines de la transformation numérique
Les joies et les peines de la transformation numérique Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA Professor, Solvay Brussels School of Economics and Management Academic Director, IT Management Education
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationCyber Protections: First Step, Risk Assessment
Cyber Protections: First Step, Risk Assessment Presentation to: Presented to: Mark LaVigne, Deputy Director NYSAC November 21, 2017 500 Avery Lane Rome, NY 13441 315.338.5818 www.nystec.com In this presentation
More informationIncident Response Table Tops
Incident Response Table Tops Agenda Introductions SecureState overview Need for improved incident response capability https://pollev.com/securestate Overview of the exercise: Sample incident response table
More informationMonthly Cyber Threat Briefing
Monthly Cyber Threat Briefing January 2016 1 Presenters David Link, PM Risk and Vulnerability Assessments, NCATS Ed Cabrera: VP Cybersecurity Strategy, Trend Micro Jason Trost: VP Threat Research, ThreatStream
More informationISACA Arizona May 2016 Chapter Meeting
ISACA Arizona May 2016 Chapter Meeting Suzanne Farr / Carlos A. Villalba Agenda Introduction Preliminary questions CCM Preliminaries Definition Benefits Challenges Beyond Templates Questions 1 Background
More informationDigital Wind Cyber Security from GE Renewable Energy
Digital Wind Cyber Security from GE Renewable Energy BUSINESS CHALLENGES The impact of a cyber attack to power generation operations has the potential to be catastrophic to the renewables industry as well
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationGEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by:
Advanced Compliance Enforcement for Healthcare Presented by: December 16, 2014 Adam Winn GEARS Product Manager OPSWAT Kevin Mayer Product Manager ForeScout Agenda Challenges for the healthcare industry
More informationIncident Response Plans: The Emergency Shutoff Control for Cyber Risk. Tabitha Greiner, Acumera Chris Lietz, Coalfire
Incident Response Plans: The Emergency Shutoff Control for Cyber Risk Tabitha Greiner, Acumera Chris Lietz, Coalfire Housekeeping Presenters About Conexxus Presentation Q & A Agenda Housekeeping This webinar
More informationOne Hospital s Cybersecurity Journey
MAY 11 12, 2017 SAN FRANCISCO, CA One Hospital s Cybersecurity Journey SanFrancisco.HealthPrivacyForum.com #HITprivacy Introduction Senior Director Information Systems Technology, Children s Mercy Hospital
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationDefense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation
Defense-in-Depth Against Malicious Software Speaker name Title Group Microsoft Corporation Agenda Understanding the Characteristics of Malicious Software Malware Defense-in-Depth Malware Defense for Client
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationAccelerate GDPR compliance with the Microsoft Cloud Agustín Corredera
Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law. Businesses and users are
More informationVendor Security Questionnaire
Business Associate Vendor Name Vendor URL Vendor Contact Address Vendor Contact Email Address Vendor Contact Phone Number What type of Service do You Provide Covenant Health? How is Protected Health Information
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationNo IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP
No IT Audit Staff? How to Hack an IT Audit Presenters Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP Learning Objectives After this session, participants will be able to: Devise
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationAZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments
AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES To Secure Azure and Hybrid Cloud Environments Introduction Cloud is at the core of every successful digital transformation initiative. With cloud comes new
More informationNOTICE TO ALL PROSPECTIVE RESPONDENTS RFP 18-ITSS/CY. Addendum No. 1 issued September 7, RFI responses are in red bold print
DEDICATED TO THE HEALTH OF OUR COMMUNITY www.hcdpbc.org NOTICE TO ALL PROSPECTIVE RESPONDENTS RFP 18-ITSS/CY Addendum No. 1 issued September 7, 2018 RFI responses are in red bold print How many public
More information2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager
2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationAssessing Your Incident Response Capabilities Do You Have What it Takes?
Assessing Your Incident Response Capabilities Do You Have What it Takes? March 31, 2017 Presenters Tim L. Bryan, CPA/CFF/CITP, CISA, EnCE Director, Advisory Services Forensic Technology & Investigation
More informationTotal Security Management PCI DSS Compliance Guide
Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to
More informationBUILDING AND MAINTAINING SOC
BUILDING AND MAINTAINING SOC Digit Oktavianto KOMINFO 7 December 2016 digit dot oktavianto at gmail dot com 1 Digit Oktavianto Profile in 1 Page Currently working as a Security Architect Professional Certifications:
More informationInformation Security Architecture Gap Assessment and Prioritization
FEATURE Information Security Architecture Gap Assessment and Prioritization Do you have something to say about this article? Visit the Journal pages of the ISACA website (www.isaca. org/journal), find
More informationACM Retreat - Today s Topics:
ACM Retreat - Today s Topics: Phase II Cyber Risk Management Services - What s next? Policy Development External Vulnerability Assessment Phishing Assessment Security Awareness Notification Third Party
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationCyber Criminal Methods & Prevention Techniques. By
Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation
More informationTechnology Incident Response and Impact Reduction. May 9, David Litton
Technology Incident Response and Impact Reduction May 9, 2018 David Litton dmlitton@vcu.edu Incidents and Impacts Yahoo! EQUIFAX MedStar Dyn, Inc. Stolen Data Destroyed Data Lost Service / Availability
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationManaged Security Services - Endpoint Managed Security on Cloud
Services Description Managed Security Services - Endpoint Managed Security on Cloud The services described herein are governed by the terms and conditions of the agreement specified in the Order Document
More information