2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Size: px
Start display at page:

Download "2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager"

Transcription

1 2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

2 NIST Cybersecurity Framework (CSF) Executive Order Improving Critical Infrastructure Cybersecurity tasked the National Institute of Standards and Technology (NIST) to create a cybersecurity framework to help essential and critical organizations and infrastructure to mitigate risks. NIST released framework October Version 1.1 is currently in draft. REQUIREMENTS: Be flexible Be non prescriptive Leverage existing approaches, standards, practices Be globally applicable and applicable for any sized organization Focus on risk management vs. rote compliance 2

3 Cybersecurity Best Practices Identify Recover Protect Respond Detect 3

4 Implementation Tiers Tier 1: Partial Tier 2: Risk Informed Tier 3: Repeatable Tier 4: Adaptive Cyber-risk management profiles are not formalized and are managed on an ad hoc basis Limited awareness of cybersecurity risk at the organization level Organization-wide approach to managing cybersecurity risk has not been established Cyber-risk management policy directly approved by senior management (though not yet organization-wide) Senior management attempts to establish risk management objectives related to cybersecurity, understand the organization s threat environment, and implement cybersecurity procedures with adequate resources Formal procedures exist and are updated based upon changes in risk management processes, business requirements, and threat and technology landscape Cyber-related personnel are well-trained and can adequately perform their duties Understanding of dependencies and business partners, allowing for collaboration and risk-based management decisions Adapts cybersecurity practices in real time based upon lessons learned and predicative indicators Process of continuous improvement incorporates advanced cybersecurity technologies, real time collaboration with partners, and continuous monitoring of activities Cybersecurity practices can rapidly respond to sophisticated threats 4

5 Identify Identify the assets you need to protect. Identify the types of data you collect. Identify where the data is stored and how the data moves through the network. Identify the service providers that have access to sensitive data. Perform risk assessment to identify threats and vulnerabilities to the assets. 5

6 Protect the data through logical and physical access controls. Protect Provide security awareness training. Use technical and administrative controls to protect data. Encryption Data lifecycle Network segmentation Backups Change management/software development 6

7 Detect Detection mechanisms are in place to identify malicious activity. User access reviews are performed to detect segregation of duties issues. Anti-malware systems are used to detect and defend against malicious software. Vulnerability management program is used to identify vulnerabilities and patch systems on a regular basis. 7

8 Respond Incident response plans are in place to adequately respond to incidents. Personnel are made aware of their roles and responsibilities for responding to an incident. Analysis is performed to ensure adequate response and support recovery activities. Incidents are contained and mitigated. Response plans are reviewed and updated at least annually. 8

9 Recover Business continuity and disaster recovery plans are in place. Restoration of operations is completed in a timely manner. Business continuity and disaster recovery plans are reviewed and tested at least annually. 9

10 Key Takeaways 10 Cyber-criminals continue to use evolving, more elaborate attacks to compromise vulnerabilities. Organizations are continually challenged to ensure the security of their network and systems. The NIST CSF is a good tool to help organizations identify risks to critical assets. Use of the NIST CSF is voluntary and other cybersecurity frameworks can be used, but something should be used. Use the Implementation Tiers to determine current state and work towards a desired state.

11 Questions? Troy Hawes, Senior Manager (206)

12 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including, without limitation, legal, accounting, or investment advice. This information is not intended to create, and receipt does not constitute, a legal relationship, including, but not limited to, an accountant-client relationship. Although this information may have been prepared by professionals, it should not be used as a substitute for professional services. If legal, accounting, investment, or other professional advice is required, the services of a professional should be sought. Assurance, tax, and consulting offered through Moss Adams LLP. Investment advisory offered through Moss Adams Wealth Advisors LLC. Investment banking offered through Moss Adams Capital LLC. 12

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

Cybersecurity for Health Care Providers

Cybersecurity for Health Care Providers Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact

More information

Sage Data Security Services Directory

Sage Data Security Services Directory Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time

More information

Improving Cybersecurity through the use of the Cybersecurity Framework

Improving Cybersecurity through the use of the Cybersecurity Framework Improving Cybersecurity through the use of the Cybersecurity Framework March 11, 2015 Tom Conkle G2, Inc. Agenda Cybersecurity Framework Why it was created What is it Why it matters How do you use it 2

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive

More information

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report Nationwide Cyber Security Review: Summary Report ii Nationwide Cyber Security Review: Summary Report Acknowledgments The Multi-State Information Sharing

More information

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response Cyber Incident Response Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response 1 2 Today, no Canadian business is immune from a potential attack. It s no longer

More information

CYBERSECURITY MATURITY ASSESSMENT

CYBERSECURITY MATURITY ASSESSMENT CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance

More information

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1 Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com

More information

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management Seven Habits of Cyber Security for SMEs Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management Security Policy is an important

More information

Cyber Risk and Networked Medical Devices

Cyber Risk and Networked Medical Devices Cyber Risk and Networked Medical Devices Hot Topics Deloitte & Touche LLP February 2016 Copyright Scottsdale Institute 2016. All Rights Reserved. No part of this document may be reproduced or shared with

More information

Addressing the elephant in the operating room: a look at medical device security programs

Addressing the elephant in the operating room: a look at medical device security programs Addressing the elephant in the operating room: a look at medical device security programs Ernst & Young LLP Presenters Michael Davis Healthcare Leader Baltimore +1 410 783 3740 michael.davis@ey.com Esther

More information

Cyber Resilience. Think18. Felicity March IBM Corporation

Cyber Resilience. Think18. Felicity March IBM Corporation Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack

More information

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee

More information

Information Security Controls Policy

Information Security Controls Policy Information Security Controls Policy Version 1 Version: 1 Dated: 21 May 2018 Document Owner: Head of IT Security and Compliance Document History and Reviews Version Date Revision Author Summary of Changes

More information

Cyber Security Incident Response Fighting Fire with Fire

Cyber Security Incident Response Fighting Fire with Fire Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the

More information

American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment

American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment American Association of Port Authorities Port Security Seminar & Expo Cyber Security Preparedness and Resiliency in the Marine Environment July 20, 2017 DECIDEPLATFORM.COM The new Reality of Cyber Security

More information

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network? Cybersecurity Due Diligence Checklist Control # Control Name Risks Questions for IT 1 Make an Benign Case: Employees Inventory of using unapproved Authorized devices without Devices appropriate security

More information

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity Why is the NIST framework important? GOH Seow Hiong Executive Director, Global Policy & Government Affairs, Asia Pacific

More information

K12 Cybersecurity Roadmap

K12 Cybersecurity Roadmap K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the

More information

2017 Annual Meeting of Members and Board of Directors Meeting

2017 Annual Meeting of Members and Board of Directors Meeting 2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,

More information

External Supplier Control Obligations. Cyber Security

External Supplier Control Obligations. Cyber Security External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place

More information

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved. Medical Devices and Cyber Issues JANUARY 23, 2018 AHA and Cybersecurity Policy Approaches Role of the FDA FDA Guidance and Roles Pre-market Post-market Assistance during attack Recent AHA Recommendations

More information

ABB Ability Cyber Security Services Protection against cyber threats takes ability

ABB Ability Cyber Security Services Protection against cyber threats takes ability ABB Ability Cyber Security Services Protection against cyber threats takes ability In today s business environment, cyber security is critical for ensuring reliability of automation and control systems.

More information

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

NYDFS Cybersecurity Regulations: What do they mean? What is their impact? June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing

More information

Gujarat Forensic Sciences University

Gujarat Forensic Sciences University Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat

More information

Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist

Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist Agenda Industry Background Cybersecurity Assessment Tools Cybersecurity Best Practices 2 Cybersecurity

More information

Heavy Vehicle Cyber Security Bulletin

Heavy Vehicle Cyber Security Bulletin Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin

More information

Headline Verdana Bold

Headline Verdana Bold Headline Verdana Bold Federal Banking Agencies Issue Proposal on Cyber Risk Management Standards Standards would require largest institutions to enhance operational resilience October 2016 Executive summary

More information

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016 Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data

More information

Cybersecurity Auditing in an Unsecure World

Cybersecurity Auditing in an Unsecure World About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity

More information

Defensible Security DefSec 101

Defensible Security DefSec 101 Defensible Security DefSec 101 Security Day November 2017 Information Security Branch Paul Falohun Senior Security Analyst Dan Lathigee Senior Project Manager Content 1 Introduction 2 DefSec for PSO 3

More information

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better

More information

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS WILLIAM (THE GONZ) FLINN M.S. INFORMATION SYSTEMS SECURITY MANAGEMENT; COMPTIA SECURITY+, I-NET+, NETWORK+; CERTIFIED

More information

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The

More information

Effectively Measuring Cybersecurity Improvement: A CSF Use Case

Effectively Measuring Cybersecurity Improvement: A CSF Use Case SESSION ID: GRC R03F Effectively Measuring Cybersecurity Improvement: A CSF Use Case Greg Witte Sr. Cybersecurity Engineer G2, Inc. @TheNetworkGuy Tom Conkle Cybersecurity Engineer G2, Inc. @TomConkle

More information

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Cybersecurity and HIPAA update Agenda Introductions Cybersecurity Overview

More information

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I Standards Sections Checklist Section Security Management Process 164.308(a)(1) Information Security Program Risk Analysis (R) Assigned Security Responsibility 164.308(a)(2) Information Security Program

More information

Cyber security - why and how

Cyber security - why and how Cyber security - why and how Frankfurt, 14 June 2018 ACHEMA Cyber Attack Continuum Prevent, Detect and Respond Pierre Paterni Rockwell Automation, Connected Services EMEA Business Development Manager PUBLIC

More information

The University of Queensland

The University of Queensland UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council

More information

Protecting your data. EY s approach to data privacy and information security

Protecting your data. EY s approach to data privacy and information security Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share

More information

ACM Retreat - Today s Topics:

ACM Retreat - Today s Topics: ACM Retreat - Today s Topics: Phase II Cyber Risk Management Services - What s next? Policy Development External Vulnerability Assessment Phishing Assessment Security Awareness Notification Third Party

More information

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE SECURE AIRBORNE CONNECTIVITY: OVERVIEW Gogo Business Aviation realizes the ever-pressing need to be vigilant in staying ahead of potential

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

Information Technology Branch Organization of Cyber Security Technical Standard

Information Technology Branch Organization of Cyber Security Technical Standard Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:

More information

Cyber Hygiene: A Baseline Set of Practices

Cyber Hygiene: A Baseline Set of Practices [DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright

More information

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person) Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,

More information

COPE-ing with Cyber Risk Exposures

COPE-ing with Cyber Risk Exposures COPE-ing with Cyber Risk Exposures Russ Cohen, Chubb Ron Bushar, Mandiant Consulting September 22, 2016 1 Agenda The Challenge Transforming COPE to Cyber COPE Evaluating Risk for Cyber COPE Questions 2

More information

Designing and Building a Cybersecurity Program

Designing and Building a Cybersecurity Program Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity

More information

If you were under cyber attack would you ever know?

If you were under cyber attack would you ever know? If you were under cyber attack would you ever know? EY and Los Alamos National Laboratory introduce a shift in cybersecurity strategy and bring behavioral analytics inside Asking behavioral questions inside

More information

Cybersecurity The Evolving Landscape

Cybersecurity The Evolving Landscape Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG

More information

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017 COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime

More information

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.

More information

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of

More information

Incident Response Services

Incident Response Services Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and

More information

Emerging Issues: Cybersecurity. Directors College 2015

Emerging Issues: Cybersecurity. Directors College 2015 Emerging Issues: Cybersecurity Directors College 2015 Agenda/Objectives Define Cybersecurity Cyber Fraud Trends/Incidents FFIEC Cybersecurity awareness initiatives Community Bank expectations FFIEC Cybersecurity

More information

NEN The Education Network

NEN The Education Network NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected

More information

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust Managing Cyber Risk Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust Adam Thomas Principal Cyber Risk Services Deloitte & Touche LLP Give Us Your Feedback for this Session!

More information

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION INFORMATION TECHNOLOGY SECURITY GUIDANCE TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION ITSM.10.189 October 2017 INTRODUCTION The Top 10 Information Technology (IT) Security

More information

The Deloitte-NASCIO Cybersecurity Study Insights from

The Deloitte-NASCIO Cybersecurity Study Insights from The Deloitte-NASCIO Cybersecurity Study Insights from 2010-2016 August 21, 2018 Srini Subramanian State Government Sector Leader Deloitte Erik Avakian CISO Pennsylvania Michael Roling CISO Missouri Meredith

More information

Dell EMC Isolated Recovery

Dell EMC Isolated Recovery Dell EMC Isolated Recovery Andreas El Maghraby Advisory Systems Engineer DPS @andyem_si GLOBAL SPONSORS Incident Response: Categories of Cybercrime Activity April to June 2016 37% 27% 12% 9% 7% 7% 5% 2

More information

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE

THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE THE CRITICAL COMMUNICATIONS COMPANY CYBER SECURITY AS A SERVICE International Maritime Organization Regulations IMO has given shipowners and managers until 2021 to incorporate cyber risk management into

More information

Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015

Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015 Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report November 19, 2015 Table of contents Background Exercise objectives Quantum Dawn 3 (QD3) cyberattack scenario QD3 results

More information

Protecting your next investment: The importance of cybersecurity due diligence

Protecting your next investment: The importance of cybersecurity due diligence Protecting your next investment: The importance of cybersecurity due diligence Oct. 11, 2018 Baker Tilly Virchow Krause, LLP. All rights reserved. Baker Tilly refers to Baker Tilly Virchow Krause, LLP,

More information

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002 ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION

More information

Corporate Information Security Policy

Corporate Information Security Policy Overview Sets out the high-level controls that the BBC will put in place to protect BBC staff, audiences and information. Audience Anyone who has access to BBC Information Systems however they are employed

More information

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Enhancing the Cybersecurity of Federal Information and Assets through CSIP TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3

More information

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson Supply Chain Integrity and Security Assurance for ICT Mats Nilsson The starting point 2 B Internet users 85% Population coverage 5+ B Mobile subscriptions 10 years of Daily upload E-Books surpassing Print

More information

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology

Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology Bonnie A. Goins Adjunct Industry Professor Illinois Institute of Technology It s a hot topic!! Executives are asking their CISOs a LOT of questions about it Issues are costly, from a financial and a reputational

More information

How Secure is Blockchain? June 6 th, 2017

How Secure is Blockchain? June 6 th, 2017 How Secure is Blockchain? June 6 th, 2017 Before we get started... This is a 60 minute webcast For better viewing experience, close all other applications For better sound quality, please use headphones

More information

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud Tackling Cybersecurity with Data Analytics Identifying and combatting cyber fraud San Antonio IIA iheartaudit Conference February 24, 2017 What We ll Cover + Current threat landscape + Common security

More information

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment

Mitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment Mitigating Risk with Ongoing Cybersecurity Risk Assessment Scott Moser CISO Caesars Entertainment CSO50 Presentation Caesars Entertainment Cybersecurity Risk Management Scott Moser Chief Information Security

More information

Understanding the Changing Cybersecurity Problem

Understanding the Changing Cybersecurity Problem Understanding the Changing Cybersecurity Problem Keith Price BBus, MSc, CGEIT, CISM, CISSP Founder & Principal Consultant 1 About About me - Specialise in information security strategy, architecture, and

More information

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient? Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY

More information

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities

More information

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc. Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto March 22, 2017 Doug Westlund Senior VP, AESI Inc. Agenda Cyber Security Risks for Utilities Trends & Recent Incidents in the Utility

More information

Cybersecurity Session IIA Conference 2018

Cybersecurity Session IIA Conference 2018 www.pwc.com/me Cybersecurity Session IIA Conference 2018 Wael Fattouh Partner PwC Cybersecurity and Technology Risk PwC 2 There are only two types of companies: Those that have been hacked, and those that

More information

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk

More information

QuickBooks Online Security White Paper July 2017

QuickBooks Online Security White Paper July 2017 QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a

More information

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference www.pwc.com 2016 ISACA Atlanta Chapter Geek Week Conference Highlights from surveys 38% Amount of security incidents In 2015, 38% more security incidents were detected than in 2014. $4.9M Cost of security

More information

SFC strengthens internet trading regulatory controls

SFC strengthens internet trading regulatory controls SFC strengthens internet trading regulatory controls November 2017 Internet trading What needs to be done now? For many investors, online and mobile internet trading is now an everyday interaction with

More information

What It Takes to be a CISO in 2017

What It Takes to be a CISO in 2017 What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge

More information

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry

More information

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose

More information

NCSF Foundation Certification

NCSF Foundation Certification NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity

More information

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.

More information

Background FAST FACTS

Background FAST FACTS Background Terra Verde was founded in 2008 by cybersecurity, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance

More information

Healthcare HIPAA and Cybersecurity Update

Healthcare HIPAA and Cybersecurity Update Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Healthcare HIPAA and Cybersecurity Update Agenda > Introductions > Cybersecurity

More information

Cybersecurity and Data Protection Developments

Cybersecurity and Data Protection Developments Cybersecurity and Data Protection Developments Nathan Taylor March 8, 2017 NY2 786488 MORRISON & FOERSTER LLP 2017 mofo.com Regulatory Themes 2 A Developing Regulatory Environment 2016 2017 March CFPB

More information

Building Resilience to Denial-of-Service Attacks

Building Resilience to Denial-of-Service Attacks Building Resilience to Denial-of-Service Attacks Building resilience to denial-of-service attacks Traditionally, organizations have relied on disaster recovery (DR) solutions to provide protection from

More information

Ontario Energy Board Cyber Security Framework

Ontario Energy Board Cyber Security Framework Ontario Energy Board Cyber Security Framework Accelerating compliance using Security-as-a-Service (SECaaS) Office: 888.876.0504 Email: info@stratejm.com Website: www.stratejm.com About this Whitepaper

More information

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21 National and Cyber Security Branch Presentation for Gridseccon Quebec City, October 18-21 1 Public Safety Canada Departmental Structure 2 National and Cyber Security Branch National and Cyber Security

More information

From the Trenches: Lessons learned from using the NIST Cybersecurity Framework

From the Trenches: Lessons learned from using the NIST Cybersecurity Framework From the Trenches: Lessons learned from using the NIST Cybersecurity Framework Greg Witte Sr. Cybersecurity Engineer G2, Inc. Greg.Witte@G2-inc.com Tom Conkle Cybersecurity Engineer G2, Inc. Tom.Conkle@G2-inc.com

More information

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved.

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved. Agenda Agenda Security essentials Year in review College/university challenges Recommendations 2 About me Matt Franko Director, Risk Advisory Services matthew.franko@rsmus.com (216) 927-8224 11+ years

More information

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security Best Practices in Healthcare Risk Management Balancing Frameworks/Compliance and Practical Security Our industry is full of jargon terms that make it difficult to understand what we are buying To accelerate

More information

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing

More information