Best-in-Class Cybersecurity Program
|
|
- Betty Blankenship
- 6 years ago
- Views:
Transcription
1 The Five Pillars of a Best-in-Class security Program Session 90, March 6, 2018 Kevin Charest Divisional Senior Vice President Chief Officer 1
2 Conflict of Interest Kevin Charest, PhD Has no real or apparent conflicts of interest to report. 2
3 Agenda Introductions Background on Health Care Service Corporation s cybersecurity program Five pillars of a best-in-class cybersecurity program Implementing your cybersecurity program Q&A session 3
4 Kevin Charest Divisional Senior Vice President Chief Officer at Health Care Service Corporation Vice President of IT at UnitedHealth Group Chief Officer for the Department of Health Human Services Board Chair of The International System Certification Consortium (ISC)² 4
5 Learning Objectives Identify the five pillars of a best-in-class cybersecurity program Identify challenges barriers to overcome when building a cybersecurity program Assess an existing cybersecurity program to identify improvements Determine a course of action to improve an existing cybersecurity program Measure the effectiveness of a cybersecurity program 5
6 80+ Years of Success Tradition Over 21,000 employees million claims processed #6 on Diversity MBA s 50 Out Front for Diversity Leadership Best Places to Work for Women & Diverse Managers Our Purpose To do everything in our power to st with our members in sickness in health annually 1936 year founded LARGEST customer-owned health insurer in the U.S. 4 th largest overall 15 million members 6 Operating health insurance plans in FIVE states: IL, MT, NM, OK, TX 2,100 IT employees +$1 billion in IT spend
7 HCSC security Program security must move at the speed of the business Digital transformation is forcing evolution in cybersecurity programs HCSC is at the forefront HCSC has a fully integrated cybersecurity program that enables protects business innovation 7
8 The information security function must deal with the emergence of the digital operating model its agile business driven approach to the market. ENGAGE THE BUSINESS Be a trusted advisor to the business with a seat at the table Help guide investment decisions with security insight derived from robust metrics Offer simple transparent services to increase coverage Develop solutions with clear traceability to business objectives DELIVER RESULTS Decrease time to market for new security solutions Increase security consistency through enterprise-wide solution development Offer affordable services through reusable patterns tiered engagement Establish clean h-offs accountability IMPROVE CONTINUOUSLY Perform continuous holistic security assessment gap remediation to ensure quality Manage dem to improve agility scale appropriately Take innovative approach to solving enterprise industry wide problems Enable the growth mobility of our people 8
9 So what s in a cybersecurity program? BEST-IN-CLASS CYBERSECURITY PROGRAM 9
10 Set forth the organization s security strategy enable governance functions to manage security risk. Design, architect engineer security solutions to protect the enterprise from known potential risks threats. Manage operate security solutions to help detect security vulnerabilities events which pose risk to the enterprise. Respond, investigate remediate incidents potential breaches while enhancing architecture operations through continuous feedback. Incorporate cybersecurity into everyday business decisions, processes interactions with the customer.
11 So what s in a security Program? BEST-IN-CLASS CYBERSECURITY PROGRAM 11
12 BEST-IN-CLASS CYBERSECURITY PROGRAM Management & IT Risk Management Third-Party Subsidiary Risk IT Strategy Risk Risk IT RISK Domains Governance Risk 12 Legal, Regulatory Contractual Risk IT Risk
13 BEST-IN-CLASS CYBERSECURITY PROGRAM Management & Risk IT Policy & Governance IT Policy & Governance Policies need to evolve to address changing risks in the IT environment Training & Awareness Specialized training (privileged, developer) Gamification Phishing IS website redesign Benchmarking Program Effectiveness Risk Executive Council (IREC) 13
14 BEST-IN-CLASS CYBERSECURITY PROGRAM Management & Risk IT Resiliency Resiliency & Crisis Management - Ability to quickly adapt to disruptions while maintaining continuous business operations safeguarding people, assets overall br reputation Resiliency Components - Enterprise Impact Assessment (BIA) - Resiliency Governance - Resiliency Planning - Resiliency Exercises BR/DR Repository - Centralization Integration Inputs Outputs Future States 14 Real Estate Portfolio Internal Stakeholder Application Portfolio Crisis Management Configuration Management Human Resources Tools BR/DR Repository Financial Tools Cloud Disaster Recovery Plans Continuity Plans Partners GRC Tools
15 BEST-IN-CLASS CYBERSECURITY PROGRAM
16 GOVERNANCE BEST-IN-CLASS CYBERSECURITY PROGRAM Enterprise Enterprise PURPOSE Enable trusted, best-in-class services for customers by designing a robust resilient ecosystem for service innovation delivery. Trusted, Risk-Balanced Digital Ecosystem Enterprise-Class Services 16
17 CAPABILITY DEVELOPMENT PROCESS BEST-IN-CLASS CYBERSECURITY PROGRAM security What We Do Build enhance technical security investments, ensuring expected business value risk reduction is achieved. This is done by delivering in an agile manner to establish solutions that are resilient, flexible, efficient. Stakeholder Analysis & Communications Plan, Training Plan & Guides, Service Desk Scripts Training & Communication Requirements Design Build Test Deploy Requirements Documents Review architectural use cases, functional non-functional requirements Detailed Technical Infrastructure Design Docs Test Plan & Cases Implementation Plan Procurement Infrastructure provisioning DEV, TEST, PROD config / development 17 UAT, L&T, regression, system testing Operational runbooks Test Results Documented Integration catalog updates Production cutover Complete Ops Hoff Final reviews, signoff warranty
18 BEST-IN-CLASS CYBERSECURITY PROGRAM Stards Development Ensure the confidentiality, integrity availability of HCSC s data environments across on-premise, off-premise cloud environments through stardization automation. RISK MITIGATION Changing threat lscape with new players (e.g. governmental agencies) TECHNOLOGY Rapid pace of innovation DECENTRALIZATION Multi-vendor, multi-cloud strategy INDUSTRY Lean healthcare payer startups leading to disruption REGULATORY COMPLIANCE Shifts in regulatory compliance legislation SECURITY STANDARDS DEVELOPMENT Technology 18
19 BEST-IN-CLASS CYBERSECURITY PROGRAM Design & Aligning security design, architecture stards development in a continuous process that delivers secure computing platforms services in support of strategic business initiatives. Enterprise / Alignment Strategy Design Principles Conceptual Models DESIGN Initiatives Enterprise Executive Support GOVERN Steering Committee AUTOMATE Stards Development BUILD Risk & Engineer Processes & Controls Integration Services Develop Operational models 19 Stards Documentation Deliver Blueprints Patterns Secure Build Kits
20 BEST-IN-CLASS CYBERSECURITY PROGRAM
21 BEST-IN-CLASS CYBERSECURITY PROGRAM In-house, out-sourced, or hybrid approach Platform management Operational processes stards enforcement Threat vulnerability lifecycle management Operational metrics 21
22 BEST-IN-CLASS CYBERSECURITY PROGRAM NETWORK IS STRATEGY CLOUD PLATFORM (Sec Sided) Management Metrics are influenced by all of these factors TVM IS PROCESS/ TOOLS (Tactical) INFRA Databases IDM Applications 22
23 BEST-IN-CLASS CYBERSECURITY PROGRAM
24 BEST-IN-CLASS CYBERSECURITY PROGRAM The health care industry is under attack According to the Identity Theft Resource Center, cyber attacks were the leading cause of data breach incidents for the eighth year in succession, accounting for 55.5 percent of the overall number of breaches in 2016, with 145 successful cyber attacks targeting health care. 24
25 BEST-IN-CLASS CYBERSECURITY PROGRAM Evolving Threat Lscape The world has changed. It is not what it was a decade or even 2 or 3 years ago. We are defending our members on the front lines of a rapidly evolving cyber threat lscape. security isn t a black white notion of secure or not secure but rather a constant state of the gray area in the middle. Powerful Adversaries The healthcare industry is facing threats we have never seen before as sophisticated nation-state attacks replace rogue hackers. Significant Impact Massive breaches exposing millions of personal records have shattered consumer confidence brought cybersecurity into the spotlight. 25
26 BEST-IN-CLASS CYBERSECURITY PROGRAM Adopting Assume Breach Methodology We adopted this methodology to demonstrate the tactics impact of an advanced threat. This approach enables us to realize the benefit of a breach simulation to measure our cyber defense capabilities. Assumed Breach Assumed Click Incremental Sophistication breach is a case of when not if. The Advanced Threat Simulation assumes a threat has penetrated the network can established an initial foothold. People cannot be controlled are susceptible to attacks that result in a compromise of their access. The Simulation assumes an attacker can gain execution on an endpoint. Advanced threats are profit oriented will use the minimum sophistication required to breach a target. Testing activities are performed to determine the minimum amount of complexity required to bypass a given security control. 26
27 BEST-IN-CLASS CYBERSECURITY PROGRAM Adversarial Simulation The purpose of Adversarial Simulation is to test the effectiveness of enterprise security controls when confronted with a targeted advanced threat using varying levels of sophistication. The simulation is performed to assist in the prioritization of security controls that can consistently identify mitigate the impact of an advanced threat. the process of safely attacking a network from the outside in as a hacker would has become a must-have for health care organizations. - Larry Pesce, Pauldotcom Weekly Adversarial simulation assesses enterprise ability to: DEFEND Restrict pivots through host based security tools system hardening Restrict lateral movement with network segmentation choke points DETECT Identify activity through security tools or system event logs Correlate malicious activities across the enterprise Identify anomalous or abnormal use of accounts systems 27 RESPOND Properly escalate triage Quarantine the compromise area or network Prevent exfiltration of data Eradicate the threat resume normal business operation
28 BEST-IN-CLASS CYBERSECURITY PROGRAM & Investigation Assume Breach Detection & Response Capabilities TTP Matrix Advance Threat Analysis (ATA) Proactive Threat Hunting Threat Actors Incident Response (IR) Develops, maintains incident response activities, plans Threat Intelligence Platform Adversary Attack Digital Forensics Service (DFS) Computer, Network, Malware Forensics 24x7 Incident Detection Monitoring (SID&M) Big Data Lake
29 BEST-IN-CLASS CYBERSECURITY PROGRAM
30 BEST-IN-CLASS CYBERSECURITY PROGRAM Incorporate cybersecurity into everyday business decisions, processes interactions with the customer Checks & balance between security management & all other groups & Customer Enablement Underst the customer needs Management & Risk FRAMEWORK Design & Feedback to IT & business groups 30 Leverage Ops resources to implement solutions
31 KEY ACTIVITIES BEST-IN-CLASS CYBERSECURITY PROGRAM Liaison OVERVIEW Improve the relationship with the business portfolios to underst their strategy, processes, approach strengthen the enterprise security posture. 1. Connect the business to security to define implement key investments 2. Educate the business on security capabilities, stards policies 3. Provide business feedback into IS services, processes capabilities for improvement 4. Empower the business to make the correct business decisions under the guidance of the BISOs 5. Anticipate predict security needs engage for remediation 31
32 1 Create Strategic Plan 2 security Program Assessment Roadmap to Building a security Program Year 1 3 Create Prioritized Tactical Plan 4 Begin execution on people, process, & technology plan 5 Continuous Improvement Year 2 6 Address the gaps 7 Validate appropriate talent mix Year security Program Maturity Assessment 9 Third Party Adversarial Test 10 Enhance strategic plan
33 Questions? Kevin Charest Kevin Charest, PhD Health Care Service Corporation, a Mutual Legal Reserve Company Make sure to complete online session evaluation. Thank you! 33
34 Appendix 34
35 Set forth the organization s security strategy enable governance functions to manage security risk. Design, architect engineer security solutions to protect the enterprise from known potential risks threats. Manage operate security solutions to help detect security vulnerabilities events which pose risk to the enterprise. Respond, investigate remediate incidents potential breaches while enhancing architecture operations through continuous feedback. Incorporate cybersecurity into everyday business decisions, processes interactions with the customer. security Strategy Platform Management Big Data Lake IT Liaison IT Policy Governance IS Processes Tools Fusion Center (SOC) IS Intake Dem IT Risk Management Stards IS Threat Vulnerability Management Red Team IT GRC Controls IS Metrics Reporting Blue Team IT Resiliency Identity Access Management Forensics Incident Response
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationSecuring Digital Transformation
September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationCybersecurity. Securely enabling transformation and change
Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationSOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM OVERVIEW The Verizon 2016 Data Breach Investigations Report highlights that attackers are regularly outpacing the defenders.
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationMATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services
MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services THE NEED FOR MATURE CYBER DEFENSE CAPABILITIES The average annual cost of cyber crime reached $11.7 million per organization
More informationIncident Response Services to Help You Prepare for and Quickly Respond to Security Incidents
Services to Help You Prepare for and Quickly Respond to Security Incidents The Challenge The threat landscape is always evolving and adversaries are getting harder to detect; and with that, cyber risk
More informationMITIGATE CYBER ATTACK RISK
SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations
More informationCROWDSTRIKE FALCON FOR THE PUBLIC SECTOR
C R O W D S T R I K E P U B L I C S E C T O R S O L U T I O N S CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR SECURE YOUR ENTERPRISE WITH A THAT PROVIDES UNRIVALED PROTECTION, SECURITY EXPERTISE, AND OPTIMAL
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationThe University of Queensland
UQ Cyber Security Strategy 2017-2020 NAME: UQ Cyber Security Strategy DATE: 21/07/2017 RELEASE:0.2 Final AUTHOR: OWNER: CLIENT: Marc Blum Chief Information Officer Strategic Information Technology Council
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationCopyright 2016 EMC Corporation. All rights reserved.
1 BUILDING BUSINESS RESILIENCY Isolated Recovery Services NAZIR VELLANI (ERNST & YOUNG) & DAVID EDBORG (EMC GLOBAL SERVICES) 2 PRESENTERS Nazir Vellani (EY) Senior Manager Tel: +1 214 596 8985 Email: nazir.vellani@ey.com
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments, diagnosis and audits of your organization, the protection mechanisms
More informationOne Hospital s Cybersecurity Journey
MAY 11 12, 2017 SAN FRANCISCO, CA One Hospital s Cybersecurity Journey SanFrancisco.HealthPrivacyForum.com #HITprivacy Introduction Senior Director Information Systems Technology, Children s Mercy Hospital
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationEngaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,
Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1 Speaker Introduction Sanjeev
More informationEvolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha
Evolving the Security Strategy for Growth Eric Schlesinger Global Director and CISO Polaris Alpha Evolving the Security Strategy for Growth Where Do We Start? Our History, Making History In late 2016,
More informationRSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE
WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationCybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference
www.pwc.com 2016 ISACA Atlanta Chapter Geek Week Conference Highlights from surveys 38% Amount of security incidents In 2015, 38% more security incidents were detected than in 2014. $4.9M Cost of security
More informationChanging the Game: An HPR Approach to Cyber CRM007
Speakers: Changing the Game: An HPR Approach to Cyber CRM007 Michal Gnatek, Senior Vice President, Marsh & McLennan Karen Miller, Sr. Treasury & Risk Manager, FireEye, Inc. Learning Objectives At the end
More informationFFIEC Cyber Security Assessment Tool. Overview and Key Considerations
FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain
More informationCyber Risk A Corporate Directors' Briefing Webcast Q&A Summary
Cyber Risk A Corporate Directors' Briefing Webcast Q&A Summary Cyber experts from Marsh & McLennan Companies and WomenCorporateDirectors hosted an engaging webcast on August 16 th entitled Cyber Risk A
More informationCyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response
Cyber Incident Response Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response 1 2 Today, no Canadian business is immune from a potential attack. It s no longer
More informationVendor Risk Management. How to Confront Third-Party Cyber Risk in Your Supply Chain
Vendor Risk Management How to Confront Third-Party Cyber Risk in Your Supply Chain Leading Threat Vector Third-Party Cyber Risk In 2017, WannaCry, a ransomware capability released by ShadowBrokers to the
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More information112 th Annual Conference May 6-9, 2018 St. Louis, Missouri
8:30 10:30 May 6, 2018 Room 240 Complex 112 th Annual Conference May 6-9, 2018 St. Louis, Missouri Moderator/Speakers: Kevin Wachtel Finance Director/Treasurer, Villa Park, IL Alex Brown Senior Manager,
More informationCyber Security Incident Response Fighting Fire with Fire
Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the
More informationAKAMAI CLOUD SECURITY SOLUTIONS
AKAMAI CLOUD SECURITY SOLUTIONS Whether you sell to customers over the web, operate data centers around the world or in the cloud, or support employees on the road, you rely on the Internet to keep your
More informationManaging Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust
Managing Cyber Risk Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust Adam Thomas Principal Cyber Risk Services Deloitte & Touche LLP Give Us Your Feedback for this Session!
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationIntegrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise
February 11 14, 2018 Gaylord Opryland Resort and Convention Center, Nashville #DRI2018 Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise Tejas Katwala CEO
More informationCYBERSECURITY MATURITY ASSESSMENT
CYBERSECURITY MATURITY ASSESSMENT ANTICIPATE. IMPROVE. PREPARE. The CrowdStrike Cybersecurity Maturity Assessment (CSMA) is unique in the security assessment arena. Rather than focusing solely on compliance
More informationSecurity by Default: Enabling Transformation Through Cyber Resilience
Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,
More informationTransformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018
Transformation in Technology Barbara Duck Chief Information Officer Investor Day 2018 Key Takeaways 1Transformation in Technology driving out cost, supporting a more technologyenabled business Our new
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationAZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments
AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES To Secure Azure and Hybrid Cloud Environments Introduction Cloud is at the core of every successful digital transformation initiative. With cloud comes new
More informationCybersecurity Session IIA Conference 2018
www.pwc.com/me Cybersecurity Session IIA Conference 2018 Wael Fattouh Partner PwC Cybersecurity and Technology Risk PwC 2 There are only two types of companies: Those that have been hacked, and those that
More informationManaged Endpoint Defense
DATA SHEET Managed Endpoint Defense Powered by CB Defense Next-gen endpoint threat detection and response DEPLOY AND HARDEN. Rapidly deploy and optimize endpoint prevention with dedicated security experts
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationSecurity Incident Management in Microsoft Dynamics 365
Security Incident Management in Microsoft Dynamics 365 Published: April 26, 2017 This document describes how Microsoft handles security incidents in Microsoft Dynamics 365 2017 Microsoft Corporation. All
More informationRSA ADVANCED SOC SERVICES
RSA ADVANCED SOC SERVICES Consulting services to improve threat detection and response EXECUTIVE SUMMARY A holistic approach to enhanced cybersecurity operations This service is for organizations needing
More informationCyber Security Technologies
1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationCYBER SOLUTIONS & THREAT INTELLIGENCE
CYBER SOLUTIONS & THREAT INTELLIGENCE STRENGTHEN YOUR DEFENSE DarkTower is a global advisory firm focused on security for some of the world s leading organizations. Our security services, along with real-world
More informationDo You Know Your Organization's Top 10 Security Risks?
SESSION ID: GRC-F01 Do You Know Your Organization's Top 10 Security Risks? Min-Hwei Liu Director, Information Security, Aetna 14,300 Network alerts # of Applications # of Servers Monitored What does the
More informationSecuring the Internet of Things (IoT) at the U.S. Department of Veterans Affairs
Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs Dominic Cussatt Acting Deputy Assistant Secretary / Chief Information Security Officer (CISO) February 20, 2017 The Cyber
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More informationEFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave
EFFECTIVELY TARGETING ADVANCED THREATS Terry Sangha Sales Engineer at Trustwave THE CHALLENGE PROTECTING YOUR ENVIRONMENT IS NOT GETTING EASIER ENDPOINT POINT OF SALE MOBILE VULNERABILITY MANAGEMENT CYBER
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationwith Advanced Protection
with Advanced Email Protection OVERVIEW Today s sophisticated threats are changing. They re multiplying. They re morphing into new variants. And they re targeting people, not just technology. As organizations
More informationSix Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP
Six Weeks to Security Operations The AMP Story Mike Byrne Cyber Security AMP 1 Agenda Introductions The AMP Security Operations Story Lessons Learned 2 Speaker Introduction NAME: Mike Byrne TITLE: Consultant
More informationBringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016
Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016 Dirk Lybaert Chief Group Corporate Affairs We constantly keep people connected to the
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationBuilding Resilience in a Digital Enterprise
Building Resilience in a Digital Enterprise Top five steps to help reduce the risk of advanced targeted attacks To be successful in business today, an enterprise must operate securely in the cyberdomain.
More informationHOSTED SECURITY SERVICES
HOSTED SECURITY SERVICES A PROVEN STRATEGY FOR PROTECTING CRITICAL IT INFRASTRUCTURE AND DEVICES Being always-on, always-connected might be good for business, but it creates an ideal climate for cybercriminal
More informationConverged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products
Converged security Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products Increased risk and wasted resources Gartner estimates more than $1B in
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationService. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution
Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being
More informationGovernment IT Modernization and the Adoption of Hybrid Cloud
Government IT Modernization and the Adoption of Hybrid Cloud An IDC InfoBrief, Sponsored by VMware June 2018 Federal and National Governments Are at an Inflection Point Federal and national governments
More informationHow to Prepare a Response to Cyber Attack for a Multinational Company.
You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationMitigating Risk with Ongoing Cybersecurity Risk Assessment. Scott Moser CISO Caesars Entertainment
Mitigating Risk with Ongoing Cybersecurity Risk Assessment Scott Moser CISO Caesars Entertainment CSO50 Presentation Caesars Entertainment Cybersecurity Risk Management Scott Moser Chief Information Security
More informationDepartment of Management Services REQUEST FOR INFORMATION
RESPONSE TO Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 250 South President
More informationMcAfee epolicy Orchestrator
McAfee epolicy Orchestrator Centrally get, visualize, share, and act on security insights Security management requires cumbersome juggling between tools and data. This puts the adversary at an advantage
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationWHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS
WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS 1 INTRODUCTION Mergers & Acquisitions (M&A) are undertaken for a variety of strategic reasons that aim for greater synergy,
More informationSIEM Solutions from McAfee
SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an
More informationNebraska CERT Conference
Nebraska CERT Conference Security Methodology / Incident Response Patrick Hanrion Security Center of Excellence Sr. Security Consultant Agenda Security Methodology Security Enabled Business Framework methodology
More informationIntroducing Cyber Observer
"Organizations are failing at early breach detection, with more than 92% of breaches undetected by the breached organization. The situation can be improved with stronger threat intelligence, the addition
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationToday s cyber threat landscape is evolving at a rate that is extremely aggressive,
Preparing for a Bad Day The importance of public-private partnerships in keeping our institutions safe and secure Thomas J. Harrington Today s cyber threat landscape is evolving at a rate that is extremely
More informationSecuring Data in the Cloud: Point of View
Securing Data in the Cloud: Point of View Presentation by Infosys Limited www.infosys.com Agenda Data Security challenges & changing compliance requirements Approach to address Cloud Data Security requirements
More informationCloudSOC and Security.cloud for Microsoft Office 365
Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationTHE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM
THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM Modern threats demand analytics-driven security and continuous monitoring Legacy SIEMs are Stuck in the Past Finding a mechanism to collect, store
More informationPA TechCon. Cyber Wargaming: You ve been breached: Now what? April 26, 2016
PA TechCon Cyber Wargaming: You ve been breached: Now what? April 26, 2016 Cyber attacks are on the rise $3.79M The average cost of a cyber incident [1] o f i n c i d e n t s 15% s t i l l t a k e d a
More informationSecure the value chain. Risk management in the omnichannel consumer and retail environment
Secure the value chain Risk management in the omnichannel consumer and retail environment Table of contents See the dark side 2 of security Review developing 2 security trends Address organizational 3
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More information