Protecting Information Assets - Week 6 - Creating a Security Aware Organization. MIS 5206 Protecting Information Assets
|
|
- Barrie McGee
- 5 years ago
- Views:
Transcription
1 Protecting Information Assets - Week 6 - Creating a Security Aware Organization
2 MIS5206 Week 5 In the News Creating a Security Aware Organization Case Study 2: Autopsy of a Data Breach: The Target Case Test Taking Tip Quiz
3 Case study 2 Background: 1. World s biggest data breaches Target in context 2. Outline of the case Hacking Timeline: What Did Target Know and When?
4 Walk us through timeline 1. Consumers shop at Target (physical purchases) and pay with their credit or debit card 2. Cyber criminals in Russia 3. Identify
5 What is in this picture? From Jiang, W., Tian, Z., and CUI, X., DMAT: A New Network and Computer Attack Classification, Journal of Engineering Science and Technology Review, 6(5), pp
6 What is in this picture? What is missing from these pictures? Howard s process-based taxonomy, from Hansman, S. and Hunt, R., 2004, A taxonomy of network and computer attacks, Computers & Security, page 3, Elsevier Ltd. Cited from Howard, JD, 1997, An analysis of security incidents on the internet PhD thesis, Carnegie Mellon University.
7 The threat landscape. Information Security Threats Humans What is the role of humans in a breach of information security? IP theft IT sabotage Fraud Espionage Malicious Attacks Non-Malicious Mistakes Outsiders Hackers Crackers Social engineers... Insiders Disgruntled employees... Employee Mistakes Ignorance... Intentional Rule Breaking
8 Threat landscape: financial services sector pwc survey of >10,000 businesses
9 Threat landscape: retail and consumer products pwc survey of >10,000 businesses
10 The threat landscape What is the role of humans in a breach of information security?
11 Creating a Security Aware Organization An ongoing information security awareness program is vital - because of the need and importance of defending against social engineering and other information security threats
12 Why Security Awareness is essential We have a culture of trust that can be taken advantage of with dubious intent Most people feel security is not part of their job People underestimate the value of information Security technologies give people a false sense of protection from attack 12
13 The NonMalicous insider threat 1. A current or former employee, contractor, or business partner 2. Has or had authorized access to an organization s network, system, or data 3. Through action or inaction without malicious intent 4. Causes harm or substantially increases the probability of future serious harm to confidentiality, integrity, or availability of the organization s information or information systems Major characteristic is failure in human performance Carnegie Mellon Univeristy s Software Engineering Institute s (SEI) Computer Emergency Response Team (CRT) CERT Definition (2013)
14 The Unintentional Insider threat from an add for
15 Characterizing insiders mistakes Ignorant An unintentional accident Negligent Willingly ignores policy to make things easier Well meaning Prioritizes completing work and getting er done takes over following policy Willis-Ford, C.D. (2015) Education & Awareness: Manage the Insider Threat, SRA International Inc., FISSA (Federal Information Systems Security Awareness) Working Group
16 Examples of insiders accidents Accidental Disclosure Posting sensitive data on public website Sending sensitive data to wrong address Malicious Code Clicking on suspicious link in Using found USB drive Physical data release Losing paper records Portable equipment Losing laptop, tablet Losing portable storage device (USB drive, CD) Willis-Ford, C.D. (2015) Education & Awareness: Manage the Insider Threat, SRA International Inc., FISSA (Federal Information Systems Security Awareness) Working Group
17 Example of an accident made by a well meaning employee Terrific employee : Account Manager handling Medicaid data for Utah Employee had trouble uploading a file requested by State Health Dept. Copied 6,000 medical records to USB drive Lost the USB drive CEO admits the employee probably didn t even know she was breaking policy this makes it accidental i.e. well meaning
18 The threat landscape. Information Security Threats Humans IP theft IT sabotage Fraud Espionage Malicious Attacks Non-Malicious Mistakes Outsiders Hackers Crackers Social engineers... Insiders Disgruntled employees... Employee Mistakes Ignorance... Intentional Rule Breaking What is the role of humans in protecting from a breach of information security?
19 Training courses
20 Training course example A. Physical security B. Desktop security C. Wireless Networks and Security D. Password security E. Phishing F. Hoaxes G. Malware 1. Viruses 2. Worms 3. Trojans 4. Spyware and Adware H. File sharing and copyright Brodie, C. (2009), The Importance of Security Awareness Training, SANS Institute InfoSec Reading Room, SANS Institute
21 Training course example A. Physical security B. Desktop security C. Wireless Networks and Security D. Password security E. Phishing F. Hoaxes G. Malware 1. Viruses 2. Worms 3. Trojans 4. Spyware and Adware H. File sharing and copyright Brodie, C. (2009), The Importance of Security Awareness Training, SANS Institute InfoSec Reading Room, SANS Institute
22 Training course content example Every employee should know their responsibility to comply with the policies and the consequences for non-compliance A. Physical security policies Physical security requirements such as wearing a badge The responsibility to challenge people on the premises who aren't wearing a badge
23 Training course content example A. Physical security B. Desktop security C. Wireless Networks and Security D. Password security E. Phishing F. Hoaxes G. Malware 1. Viruses 2. Worms 3. Trojans 4. Spyware and Adware H. File sharing and copyright Brodie, C. (2009), The Importance of Security Awareness Training, SANS Institute InfoSec Reading Room, SANS Institute
24 Training course content example A. Password safety and security B. safety and security C. Desktop security D. FERPA Issues (i.e. student information security) E. Acceptable Use Policy Fowler, B.T. (2008), Making Security Awareness Efforts Work for You, SANS Institute InfoSec Reading Room, SANS Institute
25 Training course content example Password safety and security 63% of confirmed breaches involved weak, default or stolen passwords - Verizon s 2016 Data Breach Investigations Report Security policies related to computer and voice mail passwords Every employee should be instructed in how to devise a difficult-to-guess password
26 Training course content example A. Physical security B. Desktop security C. Wireless Networks and Security D. Password security E. Phishing F. Hoaxes G. Malware 1. Viruses 2. Worms 3. Trojans 4. Spyware and Adware H. File sharing and copyright Brodie, C. (2009), The Importance of Security Awareness Training, SANS Institute InfoSec Reading Room, SANS Institute
27 Training course content example A. Password safety and security B. safety and security C. Desktop security D. FERPA Issues (i.e. student information security) E. Acceptable Use Policy Fowler, B.T. (2008), Making Security Awareness Efforts Work for You, SANS Institute InfoSec Reading Room, SANS Institute
28 Training course content and Voic usage policy, including the safeguards to prevent malicious code attacks including viruses, worms, and Trojan Horses Best security practices of voice mail usage
29 Training course content example A. Physical security B. Desktop security C. Wireless Networks and Security D. Password security E. Phishing F. Hoaxes G. Malware 1. Viruses 2. Worms 3. Trojans 4. Spyware and Adware H. File sharing and copyright Brodie, C. (2009), The Importance of Security Awareness Training, SANS Institute InfoSec Reading Room, SANS Institute
30 Training course content example A. Password safety and security B. safety and security C. Desktop security D. FERPA Issues (i.e. student information security) E. Acceptable Use Policy Fowler, B.T. (2008), Making Security Awareness Efforts Work for You, SANS Institute InfoSec Reading Room, SANS Institute
31 Training course content Every employee should know their responsibility to comply with the policies and the consequences for non-compliance Handling sensitive information How to determine the classification of information and the proper safeguards for protecting sensitive information The procedure for disclosing sensitive information or materials Proper disposal of sensitive documents and computer media that contain, or have at any time in the past contained, confidential materials
32 Just in time training Data from network incident reporting tools, such as security and information event management (SIEM) systems and data loss prevention(dlp) software will help in understanding the prevalence of data handling issues The concept of user and entity behavioral analytics (UBA and UEBA) is quickly emerging as a way to parse through all the information collected by SIEM and DLP An exciting emerging use of UEBA is tying it directly to just in time training at the spot of a foul: UEBA might identify Jane Doe saving a company document to an unapproved Dropbox, Box or Google Drive, and deliver a system-generated pop-up that reminds her of the company s policy on storing company documents in an authorized ecosystem. Pendergast, T. (2016) How to Audit the Human Element and Assess Your Organization s Security Risk, ISACA Journal, Volume 5 pp
33 Just in time training If Jane does it again, the system then might provide a quick video on the reasons why it is best to avoid an unapproved cloud storage system. Months later, if Jane makes the same mistake again, she might be automatically enrolled in a 15-minute course on approved cloud storage and the appropriate way to store company documents. This is a perfect example of delivering the right training to the right person at the right time.
34 Training course content Social Engineering Social engineering attacks have the same common element: deception (with the goal of getting an employee to do something the social engineer desires ) Verify the identity of the person making an information request Verify the person is authorized to receive the information
35 Warning Signs of a Social Engineering Attack Refusal to give call back number Out-of-ordinary request Claim of authority Stresses urgency Threatens negative consequences of non-compliance Shows discomfort when questioned Name dropping Compliments or flattery Flirting
36 Common Social Engineering Strategies Posing as a fellow employee a new employee requesting help someone in authority a vendor or systems manufacturer calling to offer a system patch or update an employee of a vendor, partner company, or law enforcement Offering help if a problem occurs, then making the problem occur, thereby manipulating the victim to call them for help free software or patch for victim to install
37 Common Social Engineering Strategies (continued) Sending a virus or Trojan Horse as an attachment Using a false pop-up window asking user to log in again or sign on with password Capturing victim keystrokes with a computer system or program Leaving a floppy disk or CD around the workplace with malicious software on it Using insider lingo and terminology to gain trust Offering a prize for registering at a Web site with username and password 37
38 Common Social Engineering Strategies (continued) Dropping a document or file at company mail room for intra-office delivery Modifying fax machine heading to appear to come from an internal location Asking receptionist to receive then forward a fax Asking for a file to be transferred to an apparently internal location Getting a voice mailbox set up so call backs perceive attacker as internal Pretending to be from remote office and asking for access locally
39 IT Security Learning Continuum Where does employee training fit? Where does ITACS fit? Bowen, P., Hash, J. and Wilson, M. (2006), Information Security Handbook: A Guide for Managers, NIST Special Publication
40 Teams What caused this breach? What are the main risk sources (vulnerabilities) that jeopardized Target s data? Who played what role in the breach? Be prepared to explain/defend your answer Risk Sources Incompetent employees Rogue employees Hackers Business partners Technology partners Technology components Role(s) in breach
41 Teams What mitigations were in place? What had Target already done, or what should it have done, to protect itself against each of the risks identified below? Risk Sources Incompetent employees Rogue employees Hackers Business partners Technology partners Technology components Role(s) in breach
42 Test Taking Tip - If you don t know the answer guess and then move on - Your score will be higher if you guess and move on even if your guess is wrong Here s why: Most certification tests do not penalize for wrong answers. That is, they only count the number of correct answers in computing the score In a 4 option multiple choice test, guessing at questions to which you do not know the answer is likely to get you an additional right answer ¼ of the time Guessing, and then moving on, gives you time to answer the questions that you do know, raising your score
43 Quiz
44
45
Protecting Information Assets - Week 5 - Creating a Security Aware Organization. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 5 - Creating a Security Aware Organization MIS5206 Week 5 In the News Readings Case Study 1: HDFC: Securing Online Banking Analysis Due Creating a Security Aware Organization
More informationCyber Security Issues
RHC Summit 6/9/2017 Cyber Security Issues Dennis E. Leber CISO CHFS Why is it Important? Required by Law Good Business Strategy Right Thing to Do Why is it Important? According to Bitglass' 2017 Healthcare
More informationSHS Annual Information Privacy and Security Training
SHS Annual Information Privacy and Security Training Purpose for Training Samaritan Health Services has created the following training to meet the annual regulatory requirements for education related to
More informationEmployee Security Awareness Training
Employee Security Awareness Training September 2016 Purpose Employees have access to sensitive data through the work they perform for York. Examples of sensitive data include social security numbers, medical
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationChapter 12. Information Security Management
Chapter 12 Information Security Management We Have to Design It for Privacy... and Security. Tension between Maggie and Ajit regarding terminology to use with Dr. Flores. Overly technical communication
More informationCyber Security Stress Test SUMMARY REPORT
Cyber Security Stress Test SUMMARY REPORT predict prevent respond detect FINAL SCORE PREDICT: PREVENT: Final score: RESPOND: DETECT: BRILLIANT! You got a 100/100. That's as good as it gets. So take a second
More informationInsider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm
Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical
More informationSeven Requirements for Successfully Implementing Information Security Policies and Standards
Seven Requirements for Successfully Implementing and Standards A guide for executives Stan Stahl, Ph.D., President, Citadel Information Group Kimberly A. Pease, CISSP, Vice President, Citadel Information
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationChapter 6 Network and Internet Security and Privacy
Chapter 6 Network and Internet Security and Privacy Learning Objectives LO6.1: Explain network and Internet security concerns LO6.2: Identify online threats LO6.3: Describe cyberstalking and other personal
More informationBusiness/Commercial Client Internet Banking Awareness and Education Program
Business/Commercial Client Internet Banking 1.855.860.5952 TMClientSupport@opusbank.com www.opusbank.com Table of Contents Unsolicited Client Contact... 1 E-mail Risk... 1 Internet Risks... 3 Telephone
More informationPreventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence
Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence Presented by Keith Barger and Audra A. Dial March 19, 2014 2014 Kilpatrick Townsend & Stockton LLP Protection of
More informationData Security Policy for Research Projects
Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data... 2 6.0 Classification of Research
More informationEntertaining & Effective Security Awareness Training
Entertaining & Effective Security Awareness Training www.digitaldefense.com Technology Isn t Enough Improve Security with a Fun Training Program that Works! Social engineering, system issues and employee
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationPCI Compliance. What is it? Who uses it? Why is it important?
PCI Compliance What is it? Who uses it? Why is it important? Definitions: PCI- Payment Card Industry DSS-Data Security Standard Merchants Anyone who takes a credit card payment 3 rd party processors companies
More informationHIPAA UPDATE. Michael L. Brody, DPM
HIPAA UPDATE Michael L. Brody, DPM Objectives: How to respond to a patient s request for a copy of their records. Understand your responsibilities after you send information out to another doctor, hospital
More informationIs your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner
Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial
More informationCyber-Threats and Countermeasures in Financial Sector
Michael Mavroforakis, PhD Group CISO & CDO SEV: Workshop on Digital Enablers (Cloud & Cybersecurity) 27th March 2018 Agenda: CYBERSECURITY Potential Targets Attack Examples Insider vs Outsider Threats
More informationHow Cyber-Criminals Steal and Profit from your Data
How Cyber-Criminals Steal and Profit from your Data Presented by: Nick Podhradsky, SVP Operations SBS CyberSecurity www.sbscyber.com Consulting Network Security IT Audit Education 1 Agenda Why cybersecurity
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More informationThe CERT Top 10 List for Winning the Battle Against Insider Threats
The CERT Top 10 List for Winning the Battle Against Insider Threats Dawn Cappelli CERT Insider Threat Center Software Engineering Institute Carnegie Mellon University Session ID: STAR-203 Session Classification:
More informationToday s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches
Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches Chris Bucolo, PCIP, MBA Today s Speaker Chris Bucolo Sr. Manager, Sikich
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationGoing Paperless & Remote File Sharing
Going Paperless & Remote File Sharing Mary Twitty Family Services Director Earnest L. Hunt-Director of Sub-recipient Monitoring Tammy Smith Program Director Introduction Define the subject matter Move
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More informationRetail/Consumer Client Internet Banking Awareness and Education Program
Retail/Consumer Client Internet Banking Table of Contents Securing Your Environment... 3 Unsolicited Client Contact... 3 Protecting Your Identity... 3 1) E-mail Risk... 3 2) Internet Risks... 4 3) Telephone
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationThe Insider Threat Center: Thwarting the Evil Insider
The Insider Threat Center: Thwarting the Evil Insider The CERT Top 10 List for Winning the Battle Against Insider Threats Randy Trzeciak 14 June 2012 2007-2012 Carnegie Mellon University Notices 2011 Carnegie
More informationCYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW
CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW May 2018 Ed Plawecki General Counsel & Director of Government Relations UHY LLP Jamie See Manager UHY LLP Iowa Public
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationAltitude Software. Data Protection Heading 2018
Altitude Software Data Protection Heading 2018 How to prevent our Contact Centers from Data Leaks? Why is this a priority for Altitude? How does it affect the Contact Center environment? How does this
More informationDeMystifying Data Breaches and Information Security Compliance
May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts
More informationMIS5206-Section Protecting Information Assets-Exam 1
Your Name Date 1. Which of the following contains general approaches that also provide the necessary flexibility in the event of unforeseen circumstances? a. Policies b. Standards c. Procedures d. Guidelines
More informationAn Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule
An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule Legal Disclaimer: This overview is not intended as legal advice and should not be taken as such. We recommend that you consult legal
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationEmployee Privacy in the Electronic Workplace
Employee Privacy in the Electronic Workplace Jane Shea and Michael Severini Today s Speakers Jane Hils Shea, Esq. Member & Chair of Data Privacy and Information Security Practice Group Frost Brown Todd
More informationIAM Security & Privacy Policies Scott Bradner
IAM Security & Privacy Policies Scott Bradner November 24, 2015 December 2, 2015 Tuesday Wednesday 9:30-10:30 a.m. 10:00-11:00 a.m. 6 Story St. CR Today s Agenda How IAM Security and Privacy Policies Complement
More informationEBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS
EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS HOW SECURE IS YOUR VPN ACCESS? Remote access gateways such as VPNs and firewalls provide critical anywhere-anytime connections to the networks
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value
More informationSMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE
SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE Small business cybersecurity survival guide By Stephen Cobb, ESET Senior Security Researcher Computers and the internet bring many benefits to small businesses,
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationGetting over Ransomware - Plan your Strategy for more Advanced Threats
Getting over Ransomware - Plan your Strategy for more Advanced Threats Kaspersky Lab Hong Kong Eric Kwok General Manager Lapcom Ltd. BEYOND ANTI-VIRUS: TRUE CYBERSECURITY FROM KASPERSKY LAB 20 years ago
More informationManagement of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model
Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model Abhijit Vitthal Sathe Modern Institute of Business Management, Shivajinagar, Pune 411 005 abhijit_sathe@hotmail.com
More informationPreventing Insider Sabotage: Lessons Learned From Actual Attacks
Preventing Insider Sabotage: Lessons Learned From Actual Attacks Dawn Cappelli November 14, 2005 2005 Carnegie Mellon University Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting
More informationMaria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security
Migrant Student Information Exchange (MSIX) Security, Privacy and Account Management Webinar Deloitte Consulting LLP. February 22, 2018 Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationA FRAMEWORK TO EFFECTIVELY DEVELOP INSIDER THREAT CONTROLS
SESSION ID: HUM-R02 A FRAMEWORK TO EFFECTIVELY DEVELOP INSIDER THREAT CONTROLS Randy Trzeciak Director CERT National Insider Threat Center Software Engineering Institute Carnegie Mellon University Dan
More information6 Vulnerabilities of the Retail Payment Ecosystem
6 Vulnerabilities of the Retail Payment Ecosystem FINANCIAL INSTITUTION PAYMENT GATEWAY DATABASES POINT OF SALE POINT OF INTERACTION SOFTWARE VENDOR Table of Contents 4 7 8 11 12 14 16 18 Intercepting
More informationDETAILED POLICY STATEMENT
Applies To: HSC Responsible Office: HSC Information Security Office Revised: New 12/2010 Title: HSC-200 Security and Management of HSC IT Resources Policy POLICY STATEMENT The University of New Mexico
More informationData Breaches: Is IBM i Really At Risk? All trademarks and registered trademarks are the property of their respective owners.
Data Breaches: Is IBM i Really At Risk? HelpSystems LLC. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. ROBIN TATAM, CBCA CISM PCI-P Global Director
More informationTechnology Security Failures Common security parameters neglected. Presented by: Tod Ferran
Technology Security Failures Common security parameters neglected Presented by: Tod Ferran October 31 st, 2015 1 HALOCK Overview Founded in 1996 100% focus on information security Privately owned Owned
More informationREPORTING INFORMATION SECURITY INCIDENTS
INFORMATION SECURITY POLICY REPORTING INFORMATION SECURITY INCIDENTS ISO 27002 13.1.1 Author: Owner: Organisation: Document No: Chris Stone Ruskwig TruePersona Ltd SP-13.1.1 Version No: 1.0 Date: 1 st
More informationLet s get started with the module Ensuring the Security of your Clients Data.
Welcome to Data Academy. Data Academy is a series of online training modules to help Ryan White Grantees be more proficient in collecting, storing, and sharing their data. Let s get started with the module
More informationYou ve Been Hacked Now What? Incident Response Tabletop Exercise
You ve Been Hacked Now What? Incident Response Tabletop Exercise Date or subtitle Jeff Olejnik, Director Cybersecurity Services 1 Agenda Incident Response Planning Mock Tabletop Exercise Exercise Tips
More informationElectronic Communication of Personal Health Information
Electronic Communication of Personal Health Information A presentation to the Porcupine Health Unit (Timmins, Ontario) May 11 th, 2017 Nicole Minutti, Health Policy Analyst Agenda 1. Protecting Privacy
More informationLegal Considerations and Case Studies
Cybersecurity for Small & Mid-Size Businesses Phil Schenkenberg, J.D., CIPP/US Cyrus Malek, J.D., Certification in Cybersecurity and Privacy Law Legal Considerations and Case Studies Copyright, Briggs
More informationBreaches and Remediation
Breaches and Remediation Ramona Oliver US Department of Labor Personally Identifiable Information Personally Identifiable Information (PII): Any information about an individual maintained by an agency,
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationSUMMARIES OF INTERACTIVE MULTIMEDIA
SUMMARIES OF INTERACTIVE MULTIMEDIA GRADE 10-12 INTERNET TECHNOLOGIES 1. Introduction to Electronic Communications Use this lesson to: Understand the differences between the various e-communications modes
More informationData Breach Preparedness & Response
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationData Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH
Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication
More informationA Comedy of Errors: Assessing and Managing the Human Element of Cyber Risk
SESSION ID: GRC-T10 A Comedy of Errors: Assessing and Managing the Human Element of Cyber Risk R Jason Straight Sr. VP, Chief Privacy Officer UnitedLex Corp. Has anyone seen this man? 2 3 4 We re getting
More informationThe Cyber War on Small Business
The Cyber War on Small Business Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Meet Our Speaker Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Previously worked as Cyber
More informationSMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE
SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE Small business cybersecurity survival guide By Stephen Cobb, ESET Senior Security Researcher Computers and the internet bring many benefits to small businesses,
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationSecurity and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /
Security and Compliance Powered by the Cloud Ben Friedman / Strategic Accounts Director / bf@alertlogic.com Founded: 2002 Headquarters: Ownership: Houston, TX Privately Held Customers: 1,200 + Employees:
More informationCybersecurity Fundamentals Paul Jones CIO Clerk & Comptroller Palm Beach County CISSP, ITIL Expert, Security+, Project+
Cybersecurity Fundamentals Paul Jones CIO Clerk & Comptroller Palm Beach County CISSP, ITIL Expert, Security+, Project+ NOT SO LONG AGO 1981 IS IT FUNNY OR WHAT? THE BALANCING ACT Ease of Use Maintenance
More informationInformation Privacy and Security Training 2016 for Instructors and Students. Authored by: Office of HIPAA Administration
Information Privacy and Security Training 2016 for Instructors and Students Authored by: Office of HIPAA Administration Objectives After you finish this Computer-Based Learning (CBL) module, you should
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationCyber Insurance: What is your bank doing to manage risk? presented by
Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationMobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services
Augusta University Medical Center Policy Library Mobile Device Policy Policy Owner: Information Technology Support and Services POLICY STATEMENT Augusta University Medical Center (AUMC) discourages the
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationUnderstanding the Changing Cybersecurity Problem
Understanding the Changing Cybersecurity Problem Keith Price BBus, MSc, CGEIT, CISM, CISSP Founder & Principal Consultant 1 About About me - Specialise in information security strategy, architecture, and
More informationIdentity Theft, Fraud & You. PrePare. Protect. Prevent.
PrePare. Protect. Prevent. Identity Theft, Fraud & You Fraud and identity theft incidents claimed fewer victims in 2010 than in previous years. But don t get too comfortable. Average out-of-pocket consumer
More informationWhy you MUST protect your customer data
Why you MUST protect your customer data If you think you re exempt from compliance with customer data security and privacy laws because you re a small business, think again. Businesses of all sizes are
More informationDIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018
DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL June 14, 2018 A. Overriding Objective 1.1 This Directive establishes the rules and instructions for Bank Personnel with respect to Information
More informationPrivacy and Cyber Risk Management. Preparing Your Organization for Current and Emerging Risks
Privacy and Cyber Risk Management Preparing Your Organization for Current and Emerging Risks Privacy and Cyber Risk Management Agenda: Recognize security risks Discover the top techniques used by hackers
More informationIT ACCEPTABLE USE POLICY
CIO Signature Approval & Date: IT ACCEPTABLE USE POLICY 1.0 PURPOSE The purpose of this policy is to define the acceptable and appropriate use of ModusLink s computing resources. This policy exists to
More informationEthics and Information Security. 10 주차 - 경영정보론 Spring 2014
Ethics and Information Security 10 주차 - 경영정보론 Spring 2014 Ethical issue in using ICT? Learning Outcomes E-policies in an organization relationships and differences between hackers and viruses relationship
More informationUnified Communications Phase 2 Presentation to IT Services Users Group
Unified Communications Phase 2 Presentation to IT Services Users Group Wednesday 2 nd May 2018 Dr. Geoff Bradley, Head of Academic Services & IT Operations / UC2 Project Sponsor Sara McAneney, Information
More informationCERTIFIED SECURE COMPUTER USER COURSE OUTLINE
CERTIFIED SECURE COMPUTER USER COURSE OUTLINE Page 1 TABLE OF CONTENT 1 COURSE DESCRIPTION... 3 2 MODULE-1: INTRODUCTION TO DATA SECURITY... 4 3 MODULE-2: SECURING OPERATING SYSTEMS... 6 4 MODULE-3: MALWARE
More informationFrom Russia With Love
#ARDAWorld From Russia With Love Is your technology vulnerable to data theft? Do you know your own security protocols? Learn about auditing cyber-security processes and discover how to stay compliant and
More informationCyber fraud and its impact on the NHS: How organisations can manage the risk
Cyber fraud and its impact on the NHS: How organisations can manage the risk Chair: Ann Utley, Preparation Programme Manager, NHS Providers Arno Franken, Cyber Specialist, RSM Sheila Pancholi, Partner,
More informationHIPAA Privacy & Security Training. Privacy and Security of Protected Health Information
HIPAA Privacy & Security Training Privacy and Security of Protected Health Information Course Competencies: This training module addresses the essential elements of maintaining the HIPAA Privacy and Security
More informationInsider Threats. Nathalie Baracaldo. School of Information Sciences. March 26 th, 2015
Insider Threats Nathalie Baracaldo Ph.D. Candidate date School of Information Sciences March 26 th, 2015 1 Insider Attacks According to CERT insider attackers are defined as: Currently or previously employed
More informationCyber Security Updates and Trends Affecting the Real Estate Industry
Cyber Security Updates and Trends Affecting the Real Estate Industry What, Why, and How? Agenda Cyber Security Today Changes to Security Standards and Trends Protecting Yourself and Your Organization Takeways
More informationThe Data Breach: How to Stay Defensible Before, During & After the Incident
The Data Breach: How to Stay Defensible Before, During & After the Incident Alex Ricardo Beazley Insurance Breach Response Services Lynn Sessions Baker Hostetler Partner Michael Bazzell Computer Security
More informationNeil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016
Breach New Heights The role of ITAM in preventing a data breach Neil Peters-Michaud, CHAMP Cascade Asset Management ITAM Awareness Month December 2016 Agenda Why Breaches Matter to the ITAM group The cost
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationOnline Security and Safety Protect Your Computer - and Yourself!
Online Security and Safety Protect Your Computer - and Yourself! www.scscu.com Fraud comes in many shapes and sizes, but the outcome is simple: the loss of both money and time. That s why protecting your
More informationIS-906: Workplace Security Awareness. Visual 1 IS-906: Workplace Security Awareness
IS-906: Workplace Security Awareness Visual 1 Course Administration Sign-in sheet Course evaluation forms Site logistics Emergency procedures Breaks Restrooms Cell phones/blackberrys Visual 2 Course Objectives
More information