Insider Threats to the Healthcare Industry
|
|
- Kristian Tyler
- 6 years ago
- Views:
Transcription
1 Insider Threats to the Healthcare Industry George J. Silowash Carnegie Mellon University Software Engineering Institute Pittsburgh, PA October 24, Carnegie Mellon University
2 Notices 2013 Carnegie Mellon University Except for the U.S. government purposes described below, this material SHALL NOT be reproduced or used in any other manner without requesting formal permission from the Software Engineering Institute at This material was created in the performance of Federal Government Contract Number FA C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The U.S. government's rights to use, modify, reproduce, release, perform, display, or disclose this material are restricted by the Rights in Technical Data-Noncommercial Items clauses (DFAR and DFAR Alternate I) contained in the above identified contract. Any reproduction of this material or portions thereof marked with this legend must also reproduce the disclaimers contained on this slide. Although the rights granted by contract do not require course attendance to use this material for U.S. government purposes, the SEI recommends attendance to ensure proper understanding. THE MATERIAL IS PROVIDED ON AN AS IS BASIS, AND CARNEGIE MELLON DISCLAIMS ANY AND ALL WARRANTIES, IMPLIED OR OTHERWISE (INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, RESULTS OBTAINED FROM USE OF THE MATERIAL, MERCHANTABILITY, AND/OR NON-INFRINGEMENT). CERT is a registered mark owned by Carnegie Mellon University. 2
3 CERT Organizational Overview Carnegie Mellon University Operates a DoD FFRDC called the Software Engineering Institute CERT is a Technical Division within SEI The Original Computer Emergency Response Team; Est.1988 Research and development targeting DoD Challenge Problems Largest of the 3 technical programs (~250 employees) 3
4 What is the CERT Insider Threat Center? Center of insider threat expertise Began working in this area in 2001 with the U.S. Secret Service Our mission: The CERT Insider Threat Center conducts empirical research and analysis to develop & transition socio-technical solutions to combat insider cyber threats. 4
5 Goal for an Insider Threat Program Opportunities for prevention, detection, and response for an insider incident 5
6 What is Insider Threat? 6
7 Insider Threat Issue Insiders pose a substantial threat by virtue of their knowledge of, and access to, their employers systems and/or databases. Insiders can bypass existing physical and electronic security measures through legitimate measures. 7
8 The Insider Threat There is not one type of insider threat Threat is to an organization s critical assets People Information Technology Facilities Based on the motive(s) of the insider Impact is to Confidentiality, Availability, Integrity There is not one solution for addressing the insider threat Technology alone may not be the most effective way to prevent and/or detect an incident perpetrated by a trusted insider 8
9 What is a Malicious Insider Threat? Current or former employee, contractor, or other business partner who has or had authorized access to an organization s network, system or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization s information or information systems. 9
10 Separate the Target from the Impact from the Actor Target Critical Assets People Technology Information Facilities Impact Confidentiality Availability Integrity Actor(s) Employees Current Former Contractors Subcontractors Suppliers Trusted Business Partners WHAT HOW WHO 10
11 Types of Insider Crimes Insider IT sabotage An insider s use of IT to direct specific harm at an organization or an individual. Insider theft of intellectual property (IP) An insider s use of IT to steal intellectual property from the organization. This category includes industrial espionage involving insiders. Insider fraud An insider s use of IT for the unauthorized modification, addition, or deletion of an organization's data (not programs or systems) for personal gain, or theft of information which leads to fraud (identity theft, credit card fraud). 11
12 CERT s Insider Threat Case Database 12
13 Critical Infrastructure Sectors ** This does not include espionage cases involving classified information 13
14 How Bad Is the Insider Threat? 14
15 2013 US State of Cybercrime Survey -1 CSO Magazine, USSS, CERT & Price Waterhouse Cooper 501 respondents Percentage of Participants Who Experienced an Insider Incident 34% of organizations have more than 5000 employees % of organizations 60 have less than employees % 39% 55% 49% 51% 43% 53% 53% Source: 2013 US State of Cybercrime Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Price Waterhouse Cooper, June
16 2013 US State of Cybercrime Survey % of respondents Damage caused by insider attacks more damaging than outsider attacks Most common insider cyber incident Unintentional exposure of private or sensitive data (34%) Theft of intellectual property (IP) (34%) Unauthorized access to/ use of information, systems or networks Theft of other (proprietary) info including customer records, financial records, etc (30%) (31%) Source: 2013 US State of Cybercrime Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Price Waterhouse Cooper, June
17 2013 US State of Cybercrime Survey -3 How Insider Intrusions Are Handled 9% 7% 3% 82% Internally (without legal action or law enforcement) Internally (with legal action) Externally (notifying law enforcement) Externally (filing a civil action) Reason(s) CyberCrimes were not referred for legal action Damage level insufficient to warrant prosecution Lack of evidence/not enough information to prosecute Could not identify the individual/ individuals responsible for committing the ecrime % 40% 36% 34% 32% 37% Concerns about negative publicity 9% 14% Concerns about liability 7% 9% Concerns that competitors would use incident to their advantage Prior negative response from law enforcement 6% 7% 5% 6% Unaware that we could report these crimes 5% 4% L.E. suggested incident was national security related 4% 4% Other 12% 11% Don't know 28% 20% Source: 2013 US State of Cybercrime Survey, CSO Magazine, U.S. Secret Service, Software Engineering Institute CERT Program at Carnegie Mellon University and Price Waterhouse Cooper, June
18 Insider Crime Profiles 18
19 IT Sabotage 19
20 TRUE STORY A security guard at a U.S. hospital, after submitting resignation notice Misused his badge to obtain access to sensitive areas. Installed malicious code on an HVAC system Controlled operating room pumps, chillers, etc. Uninstalled anti-virus software Had access to patient records 20
21 TRUE STORY An insider at a non-profit specializing in organ donation was terminated. Remotely accessed systems and deleted donation databases, accounting files, backups, and applications. Used a former co-worker s administrator account 21
22 Mitigation Strategies Restrict Access to removable media Audit Physical Security event logs for anomalous behavior. Badge accesses Monitor critical systems for changes. Have a trusted baseline image. Compare systems to the trusted baseline. Disable accounts on separation. Alert on account usage anomalies VPN account name vs. network login name 22
23 Other Cases of IT Sabotage Financial Institution customers lose all access to their money from Friday night through Monday Fired system administrator sabotages systems on his way out A logic bomb sits undetected for 6 months before finally wreaking havoc on a telecommunications firm SCADA systems for an oil-exploration company is temporarily disabled A contractor, who s request for permanent employment was rejected, planted malicious code following termination System administrator at a manufacturing plant, passed over for promotion, deployed logic bomb prior to resigning, deleting critical software required to run operation Financial damage $10M; Forced to lay off 80 employees 23
24 Stressors / Sanctions Observed in Cases Termination gross insubordination violation of company rules poor performance not being a team player close to Christmas false information on background check discussion about termination of employment Passed over for promotion Demotion due to poor performance due to project completion Sanctions reprimands for work-related issues reprimands for aggressive and malicious behavior suspension for excessive absenteeism Transfer between departments Supervisor new supervisor hired disagreement with supervisor Access changed Financial disagreement over salary & compensation bonuses lower than expected failure of offering of severance package Death in family Divorce Explosive disagreement with colleagues Termination of subcontractor contract Termination of partnership because of money Co-workers overriding decisions Responsibilities removed from projects Outsourcing of project Suspension of Internet access 24
25 Summary of Insider Threats Current or former employee? Type of position Gender Target IT Sabotage Former Technical (e.g. sys admins, programmers, or DBAs) Male Network, systems, or data Fraud Current Non-technical (e.g. data entry, customer service) or their managers Fairly equally split between male and female PII or Customer Information Theft of Intellectual Property Current (within 30 days of resignation) Technical (e.g. scientists, programmers, engineers) or sales Male IP (trade secrets) or customer Info Access used Unauthorized Authorized Authorized When Outside normal working hours During normal working hours During normal working hours Where Remote access At work At work 25
26 How do you handle privileged technical employees and contractors who are on the HR radar? 26
27 Fraud 27
28 TRUE STORY An insider within a radiology department of a hospital accessed patient records for the purposes of committing credit card fraud. Used fellow employee s unlocked workstations to look up information when they stepped away. Colluded with a former employee to apply for credit cards in patient names. 28
29 TRUE STORY A front desk coordinator at a medical clinic stole PII of more than 1000 patients which contributed to over $2.8 million in fraudulent Medicare claims. Colluded with outsider who operated a medical claims service. Printed out over a 1000 records Had controls to limit number of records that could be viewed. Failed to notice the limit was exceeded regularly. 29
30 Mitigation Strategies Train employees on the dangers of leaving a workstation unlocked. Set workstations to lock after a set time period. Monitor and/or restrict print jobs. Review logs regularly to identify anomalies. 30
31 Other Cases of Fraud An accounts payable clerk, over a period of 3 years, issued 127 unauthorized checks to herself an others... Checks totaled over $875,000 A database administrator at major US Insurance Co. downloaded 60,000 employee records onto removable media and solicited bids for sale over the Internet An office manager for a trucking firm fraudulently puts her husband on the payroll for weekly payouts, and erases records of payments Over almost a year loss of over $100K 31
32 Summary of Insider Threats Current or former employee? Type of position Gender Target IT Sabotage Former Technical (e.g. sys admins, programmers, or DBAs) Male Network, systems, or data Fraud Current Non-technical (e.g. data entry, customer service) or their managers Fairly equally split between male and female PII or Customer Information Theft of Intellectual Property Current (within 30 days of resignation) Technical (e.g. scientists, programmers, engineers) or sales Male IP (trade secrets) or customer Info Access used Unauthorized Authorized Authorized When Outside normal working hours During normal working hours During normal working hours Where Remote access At work At work 32
33 Have you seriously considered how your employees could misuse your systems for financial gain? 33
34 Recent Fraud Study 34
35 Theft of Intellectual Property 35
36 TRUE STORY A foreign national employed as a technical operations associate at a pharmaceutical company steals 45GB of information, including confidential and proprietary information. ed IP to foreign investors in hopes of starting a new company Used external storage The organization spent over $500 million to develop one drug that was disclosed 36
37 TRUE STORY The Director of Operations at a in-home infusion services firm steals intellectual property, such as policies, patient databases, employee lists, and contracts to start a new business. Worked with an outsider Had 13,000 files on home computer, presumably IP 37
38 Other Cases of Theft of IP Simulation software for the reactor control room in a US nuclear power plant was being run from outside the US A former software engineer born in that country took it with him when he left the company. 38
39 Mitigation Strategies Recognize anomalies in your environment Know your assets. Does your organization do business in foreign countries? Large volumes of data transfer Monitor and limit the use of removable media Understand where all exit points of your enclave exist USB, mobile devices, wireless, tethered devices, VPNs, connections to partners, etc. 39
40 Do you check for stolen information when employees, contractors, and other trusted business partners with access to critical information leave? 40
41 Summary of Insider Threats Current or former employee? Type of position Gender Target IT Sabotage Former Technical (e.g. sys admins, programmers, or DBAs) Male Network, systems, or data Fraud Current Non-technical (e.g. data entry, customer service) or their managers Fairly equally split between male and female PII or Customer Information Theft of Intellectual Property Current (within 30 days of resignation) Technical (e.g. scientists, programmers, engineers) or sales Male IP (trade secrets) or customer Info Access used Unauthorized Authorized Authorized When Outside normal working hours During normal working hours During normal working hours Where Remote access At work At work 41
42 Our Suggestion Continuous Logging Targeted Monitoring Real-time Alerting 42
43 Common Sense Guide to Mitigating Insider Threats 43
44 Best Practices for Insider Threat Mitigation Consider threats from insiders and business partners in enterprise-wide risk assessments. Clearly document and consistently enforce policies and controls. Incorporate insider threat awareness into periodic security training for all employees. Beginning with the hiring process, monitor and respond to suspicious or disruptive behavior. Anticipate and manage negative issues in the work environment. Know your assets. Implement strict password and account management policies and practices. Enforce separation of duties and least privilege. Define explicit security agreements for any cloud services, especially access restrictions and monitoring capabilities. Institute stringent access controls and monitoring policies on privileged users. Institutionalize system change controls. Use a log correlation engine or security information and event management (SIEM) system to log, monitor, and audit employee actions. Monitor and control remote access from all end points, including mobile devices. Develop a comprehensive employee termination procedure. Implement secure backup and recovery processes. Develop a formalized insider threat program. Establish a baseline of normal network device behavior. Be especially vigilant regarding social media. Close the doors to unauthorized data exfiltration. 44
45 The CERT Top 10 List for Winning the Battle Against Insider Threats 45
46 CERT s Insider Threat Services 46
47 Insider Threat Assessment (ITA) Objective: To measure an organization s level of preparedness to address insider threats to their organization. Method: Document Review, Process Observation, and Onsite interviews using insider threat assessment workbooks based on all insider threat cases in the CERT case library. Outcome: Confidential report of findings with findings and recommendations. Areas of Focus: Information Technology/Security; Software Engineering; Data Owners; Human Resources; Physical Security; Legal / Contracting; Trusted Business Partners. 47
48 CERT Insider Threat Workshops Goal: participants leave with actionable steps they can take to better manage the risk of insider threat in their organization ½ day, One day, Two days - Presentations and interactive exercises Addresses technical, organizational, personnel, security, and process issues Exercises Address portions of the insider threat assessment Purpose: assist participants in assessing their own organization's vulnerability to insider threat in specific areas of concern 48
49 Building an Insider Threat Program Goal: CERT staff work with senior executives from across the organization to develop a strategic action plan, based on actual cases of insider threats at the participating organization and research by CERT staff, to address and mitigate the risk of insider threat at the organization. Key differences from standard workshop Tailored course material based on actual insider incidents at the organization. Cases are provided in advance by the organization, and treated with strict confidentiality. Workshop is preceded by a 3-day onsite by CERT staff to work with the organization s staff to familiarize themselves with the provided case material. Second day of workshop CERT staff and executives work together to create the Organization s strategic plan for preventing, detecting and responding to insider threats. 49
50 CERT Resources Insider Threat Center website ( Common Sense Guide to Mitigating Insider Threats, 4th Ed. ( The Insider Threat and Employee Privacy: An Overview of Recent Case Law, Computer Law and Security Review, Volume 29, Issue 4, August 2013 by Carly L. Huth Insider threat workshops Insider threat assessments New controls from CERT Insider Threat Lab Insider threat exercises The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud) (SEI Series in Software Engineering) by Dawn M. Cappelli, Andrew P. Moore and Randall F. Trzeciak 50
51 Discussion 51
52 Point of Contact George J. Silowash Cyber Security Threat & Incident Analyst CERT Program Software Engineering Institute Carnegie Mellon University 4500 Fifth Avenue Pittsburgh, PA Phone 52
The Insider Threat Center: Thwarting the Evil Insider
The Insider Threat Center: Thwarting the Evil Insider The CERT Top 10 List for Winning the Battle Against Insider Threats Randy Trzeciak 14 June 2012 2007-2012 Carnegie Mellon University Notices 2011 Carnegie
More informationThe CERT Top 10 List for Winning the Battle Against Insider Threats
The CERT Top 10 List for Winning the Battle Against Insider Threats Dawn Cappelli CERT Insider Threat Center Software Engineering Institute Carnegie Mellon University Session ID: STAR-203 Session Classification:
More informationInsider Threats: Actual Attacks by Current and Former Software Engineers
Insider Threats: Actual Attacks by Current and Former Software Engineers 9 June 2011 Dawn Cappelli 2007-2011 Carnegie Mellon University Agenda Introduction to the CERT Insider Threat Center CERT s Insider
More informationInsider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm
Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical
More informationComponents and Considerations in Building an Insider Threat Program
Components and Considerations in Building an Insider Threat Program Carly Huth Insider Threat Researcher, CEWM Carly L. Huth is an insider threat researcher in the Cyber Enterprise and Workforce Management
More information2013 US State of Cybercrime Survey
2013 US State of Cybercrime Survey Unknown How 24 % Bad is the Insider Threat? Insiders 51% 2007-2013 Carnegie Mellon University Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting
More informationPreventing Insider Sabotage: Lessons Learned From Actual Attacks
Preventing Insider Sabotage: Lessons Learned From Actual Attacks Dawn Cappelli November 14, 2005 2005 Carnegie Mellon University Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting
More informationMitigation Controls on. 13-Dec-16 1
Mitigation Controls on 13-Dec-16 1 An organization s users are its greatest assets and its most challenging adversaries. one of the vulnerabilities posed by insiders is their knowledge of the quality of
More informationNISPOM Change 2: Considerations for Building an Effective Insider Threat Program
NISPOM Change 2: Considerations for Building an Effective Insider Threat Program Randall Trzeciak (rft@cert.org) July 7, 2016 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213
More informationA FRAMEWORK TO EFFECTIVELY DEVELOP INSIDER THREAT CONTROLS
SESSION ID: HUM-R02 A FRAMEWORK TO EFFECTIVELY DEVELOP INSIDER THREAT CONTROLS Randy Trzeciak Director CERT National Insider Threat Center Software Engineering Institute Carnegie Mellon University Dan
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationThe Enemy Within: Dealing with Insider Threats
The Enemy Within: Dealing with Insider Threats PERSONAL FACTORS Greed or Financial Need Anger/Revenge Problems at Work Ideology/Identification Divided Loyalty Ingratiation Compulsive and Destructive Behavior
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationInsider Threats. Nathalie Baracaldo. School of Information Sciences. March 26 th, 2015
Insider Threats Nathalie Baracaldo Ph.D. Candidate date School of Information Sciences March 26 th, 2015 1 Insider Attacks According to CERT insider attackers are defined as: Currently or previously employed
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationA Comedy of Errors: Assessing and Managing the Human Element of Cyber Risk
SESSION ID: GRC-T10 A Comedy of Errors: Assessing and Managing the Human Element of Cyber Risk R Jason Straight Sr. VP, Chief Privacy Officer UnitedLex Corp. Has anyone seen this man? 2 3 4 We re getting
More informationRegulation P & GLBA Training
Regulation P & GLBA Training Overview Regulation P governs the treatment of nonpublic personal information about consumers by the financial institution. (Gramm-Leach-Bliley Act of 1999) The GLBA is composed
More informationModel-Driven Insider Threat Control Selection and Deployment
Model-Driven Insider Threat Control Selection and Deployment Randy Trzeciak Dan Costa Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Document Markings Copyright 2017 Carnegie
More informationCyber Hygiene: A Baseline Set of Practices
[DISTRIBUTION STATEMENT A] Approved for public Cyber Hygiene: A Baseline Set of Practices Matt Trevors Charles M. Wallen Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Copyright
More information2005 E-Crime Watch Survey Survey Results Conducted by CSO magazine in cooperation with the U.S. Secret Service and CERT Coordination Center
OVERALL RESULTS E-Crime Watch Survey: 2005 Field Dates: 3/3/05 3/14/05 Total completed surveys: 819 Margin of Error: +/- 3.4% NOTE TO EDITOR For the purpose of this survey, electronic crime, intrusion,
More informationPROCEDURE COMPREHENSIVE HEALTH SERVICES, INC
PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC APPROVAL AUTHORITY: President, CHSi GARY G. PALMER /s/ OPR: Director, Information Security NUMBER: ISSUED: VERSION: APRIL 2015 2 THOMAS P. DELAINE JR. /s/ 1.0
More informationCyber Security Issues
RHC Summit 6/9/2017 Cyber Security Issues Dennis E. Leber CISO CHFS Why is it Important? Required by Law Good Business Strategy Right Thing to Do Why is it Important? According to Bitglass' 2017 Healthcare
More informationHIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED
HIPAA COMPLIANCE WHAT YOU NEED TO DO TO ENSURE YOU HAVE CYBERSECURITY COVERED HEALTHCARE ORGANIZATIONS ARE UNDER INTENSE SCRUTINY BY THE US FEDERAL GOVERNMENT TO ENSURE PATIENT DATA IS PROTECTED Within
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationSecuring Data Centers: The Human Element
Securing Data Centers: The Human Element Michael Rozin Zvi Kremer April 12, 2018 Perpetrators, Threat Actors Security Personnel Targets, Enablers Securing Data Centers: The Threat Verizon London, Dec 6,
More informationDefining Computer Security Incident Response Teams
Defining Computer Security Incident Response Teams Robin Ruefle January 2007 ABSTRACT: A computer security incident response team (CSIRT) is a concrete organizational entity (i.e., one or more staff) that
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationsecurity FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.
security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name. Security for Your Business Mitigating risk is a daily reality for business owners, but you don t have
More informationDefending Our Digital Density.
New Jersey Cybersecurity & Communications Integration Cell Defending Our Digital Density. @NJCybersecurity www.cyber.nj.gov NJCCIC@cyber.nj.gov The New Jersey Cybersecurity & Communications Integration
More informationRIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015
www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad
More informationInformation Security Is a Business
Information Security Is a Business Continuity Issue: Are You Ready? Dr. Nader Mehravari Cyber Risk and Resilience Management Team CERT Division Software Engineering Institute Carnegie Mellon University
More informationQuestion 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:
Cybercrime Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1: Organizations can prevent cybercrime from occurring through the proper use of personnel, resources,
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationQuickBooks Online Security White Paper July 2017
QuickBooks Online Security White Paper July 2017 Page 1 of 6 Introduction At Intuit QuickBooks Online (QBO), we consider the security of your information as well as your customers and employees data a
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationCybersecurity 2016 Survey Summary Report of Survey Results
Introduction In 2016, the International City/County Management Association (ICMA), in partnership with the University of Maryland, Baltimore County (UMBC), conducted a survey to better understand local
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationThe Cyber War on Small Business
The Cyber War on Small Business Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Meet Our Speaker Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Previously worked as Cyber
More informationRAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures
RAPID7 INFORMATION SECURITY An Overview of Rapid7 s Internal Security Practices and Procedures 060418 TABLE OF CONTENTS Overview...3 Compliance...4 Organizational...6 Infrastructure & Endpoint Security...8
More informationLegal, Ethical, and Professional Issues in Information Security
Legal, Ethical, and Professional Issues in Information Security Downloaded from http://www.utc.edu/center-information-securityassurance/course-listing/cpsc3600.php Minor Changes from Dr. Enis KARAARSLAN
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationISSP Network Security Plan
ISSP-000 - Network Security Plan 1 CONTENTS 2 INTRODUCTION (Purpose and Intent)... 1 3 SCOPE... 2 4 STANDARD PROVISIONS... 2 5 STATEMENT OF PROCEDURES... 3 5.1 Network Control... 3 5.2 DHCP Services...
More informationCybersecurity for Product Lifecycle Management A Research Roadmap
Cybersecurity for Product Lifecycle Management A Research Roadmap Elisa Bertino CS Department, CERIAS, and Cyber Center PLM Center Fellow Purdue University Cyber Center Why is Security Challenging in
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationCyberArk Privileged Threat Analytics
CyberArk Privileged Threat Analytics Table of Contents The New Security Battleground: Inside Your Network 3 Privileged account security 3 Collect the right data 4 Detect critical threats 5 Alert on critical
More informationData Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory
Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable
More information1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010
Standard CIP 011 1 Cyber Security Protection Standard Development Roadmap This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationOracle Data Cloud ( ODC ) Inbound Security Policies
Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...
More informationData Loss Prevention:
Data Loss Prevention: Considerations from an IT Audit Perspective ISACA November Luncheon 11 November 2010 Agenda What is data loss prevention (DLP)? Ernst & Young point of view on DLP Data loss risk assessment
More informationPreempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool. Cyber Security 3.0 Better Together August 18, 2017
Preempting Cyber Fraud: SWIFT Threat Indicator Sharing Tool Cyber Security 3.0 Better Together August 18, 2017 Research Overview Problem Statement Research Goals & Methodology Defining Insider Cashout
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationMonthly Cyber Threat Briefing
Monthly Cyber Threat Briefing January 2016 1 Presenters David Link, PM Risk and Vulnerability Assessments, NCATS Ed Cabrera: VP Cybersecurity Strategy, Trend Micro Jason Trost: VP Threat Research, ThreatStream
More informationCyber Threat Landscape April 2013
www.pwc.co.uk Cyber Threat Landscape April 2013 Cyber Threats: Influences of the global business ecosystem Economic Industry/ Competitors Technology-led innovation has enabled business models to evolve
More informationWriter Corporation. Data Protection Policy
Writer Corporation Data Protection Policy 1. Introduction The Data Protection Policy (DPP) lays a solid foundation for the development and implementation of secure practices within Writer Corporation (the
More informationSoftware, Security, and Resiliency. Paul Nielsen SEI Director and CEO
Software, Security, and Resiliency Paul Nielsen SEI Director and CEO Dr. Paul D. Nielsen is the Director and CEO of Carnegie Mellon University's Software Engineering Institute. Under Dr. Nielsen s leadership,
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationCombating Cyber Risk in the Supply Chain
SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an
More informationThe McGill University Health Centre (MUHC)
The McGill University Health Centre (MUHC) Strengthening its security posture with in- depth global intelligence Overview The need MUHC security staff wanted to more quickly identify and assess potential
More informationMobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services
Augusta University Medical Center Policy Library Mobile Device Policy Policy Owner: Information Technology Support and Services POLICY STATEMENT Augusta University Medical Center (AUMC) discourages the
More information716 West Ave Austin, TX USA
Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud
More informationDONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY
DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY Published By: Fusion Factor Corporation 2647 Gateway Road Ste 105-303 Carlsbad, CA 92009 USA 1.0 Overview Fusion Factor s intentions for publishing an
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationHandbook Webinar
800-171 Handbook Webinar Pat Toth Cybersecurity Program Manager National Institute of Standards and Technology (NIST) Manufacturing Extension Partnership (MEP) NIST MEP 800-171 Assessment Handbook Step-by-step
More informationSecuring Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)
Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF) A Guide to Leveraging Privileged Account Security to Assist with SWIFT CSCF Compliance Table of Contents Executive Summary...
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationWhat to do if your business is the victim of a data or security breach?
What to do if your business is the victim of a data or security breach? Introduction The following information is intended to help you decide how to start preparing for and some of the steps you will want
More informationINTELLIGENT BUILDING MANAGEMENT SYSTEMS: Guidance for Protecting Organizations
INTELLIGENT BUILDING MANAGEMENT SYSTEMS: Guidance for Protecting Organizations David J Brooks Michael Coole Paul Haskell-Dowland This guidance provides both the security and facility professional with
More informationProfessional Training Course - Cybercrime Investigation Body of Knowledge -
Overview The expanded use of the Internet has facilitated rapid advances in communications, systems control, and information sharing. Those advances have created enormous opportunities for society, commerce
More informationTackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud
Tackling Cybersecurity with Data Analytics Identifying and combatting cyber fraud San Antonio IIA iheartaudit Conference February 24, 2017 What We ll Cover + Current threat landscape + Common security
More informationLakeshore Technical College Official Policy
Policy Title Original Adoption Date Policy Number Information Security 05/12/2015 IT-720 Responsible College Division/Department Responsible College Manager Title Information Technology Services Director
More informationUniversity of North Texas System Administration Identity Theft Prevention Program
University of North Texas System Administration Identity Theft Prevention Program I. Purpose of the Identity Theft Prevention Program The Federal Trade Commission ( FTC ) requires certain entities, including
More informationCYBER SECURITY POLICY REVISION: 12
1. General 1.1. Purpose 1.1.1. To manage and control the risk to the reliable operation of the Bulk Electric System (BES) located within the service territory footprint of Emera Maine (hereafter referred
More informationEvaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure
Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure March 2015 Pamela Curtis Dr. Nader Mehravari Katie Stewart Cyber Risk and Resilience Management Team CERT
More informationEXHIBIT A. - HIPAA Security Assessment Template -
Department/Unit: Date: Person(s) Conducting Assessment: Title: 1. Administrative Safeguards: The HIPAA Security Rule defines administrative safeguards as, administrative actions, and policies and procedures,
More information2017 U.S. State of Cybercrime.
2017 U.S. State of Cybercrime www.csoonline.com Purpose and Methodology SURVEY SAMPLE TOTAL RESPONDENTS 510 executives at U.S. businesses, law enforcement services and government agencies SURVEY METHOD
More informationThe Confluence of Physical and Cyber Security Management
The Confluence of Physical and Cyber Security Management GOVSEC 2009 Samuel A Merrell, CISSP James F. Stevens, CISSP 2009 Carnegie Mellon University Today s Agenda: Introduction Risk Management Concepts
More informationIdentity Theft Prevention Policy
Identity Theft Prevention Policy Purpose of the Policy To establish an Identity Theft Prevention Program (Program) designed to detect, prevent and mitigate identity theft in connection with the opening
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationDisaster Recovery Self-Audit
Disaster Recovery Self-Audit Disaster Recovery Audit There are 3 steps to this process: 1. Identify all data and IT-related functions (like credit card processing, documents on your file server, member
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationData Breaches: Is IBM i Really At Risk? All trademarks and registered trademarks are the property of their respective owners.
Data Breaches: Is IBM i Really At Risk? HelpSystems LLC. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. ROBIN TATAM, CBCA CISM PCI-P Global Director
More informationCyber Insurance PROPOSAL FORM. ITOO is an Authorised Financial Services Provider. FSP No
PROPOSAL FORM Cyber Insurance Underwritten by The Hollard Insurance Co. Ltd, an authorised Financial Services Provider www.itoo.co.za @itooexpert ITOO is an Authorised Financial Services Provider. FSP.
More informationData Processing Agreement
In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal
More informationThe Cost of Denial-of-Services Attacks
The Cost of Denial-of-Services Attacks Sponsored by Akamai Technologies Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report The Cost of Denial-of-Service
More informationApplications/Data To Include in Survey (include applications that meet one or more of the following criteria)
Objective of Survey The purpose of this survey is to identify and understand 1) the nature of critical and sensitive campus-wide applications and/or data, 2) where the data is located, 3) how the data
More informationCountering the Insider Threat: Behavioral Analytics Security Intelligence Cell (BASIC)
Countering the Insider Threat: Behavioral Analytics Security Intelligence Cell (BASIC) Jesse Hughes CSG LLP Tammy Torbert Solution Architect, HP ESP In the next 35 minutes we ll cover the following: The
More informationProtecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014
Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationInformation Security Management Criteria for Our Business Partners
Information Security Management Criteria for Our Business Partners Ver. 2.1 April 1, 2016 Global Procurement Company Information Security Enhancement Department Panasonic Corporation 1 Table of Contents
More informationTrust Services Principles and Criteria
Trust Services Principles and Criteria Security Principle and Criteria The security principle refers to the protection of the system from unauthorized access, both logical and physical. Limiting access
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More information