Ⅰ Introduction 1. Ⅱ Information Security Infrastructure and Environment 2. Ⅲ Information Security Incident Prevention 8
|
|
- Ferdinand Jackson
- 5 years ago
- Views:
Transcription
1
2
3 Ⅰ Introduction 1 Ⅱ Information Security Infrastructure and Environment 2 1. Information Security Policy 2 A. Information (Personal Information) Security Policy 2 B. Information Security Policy 3 C. Personal Information Security Policy 4 2. Information (Personal Information) Security Organization 5 3. Information (Personal Information) Security Education 6 4. Information (Personal Information) Security Budget 7 Ⅲ Information Security Incident Prevention 8 1. Information Security Products and Services 8 A. Information Security Product Use 8 B. Information Security Service Use 9 2. Information Security Management 10 A. System and Network Security Inspection 10 B. Security Patch Application 11 C. System Log and Data Backup 12 Ⅳ Information Security Incident Response Information Security Incident Experience Information Security Incident Response 14 Ⅴ Information Security Awareness Executives Awareness of Information (Personal Information) Security Awareness of Information (Personal Information) Security 16
4 Ⅵ Personal Information Security Personal Information Collection and Use Personal Information Security Incident Experience Personal Information Security Incident Prevention 19 Ⅶ Information Security By Service Wireless LAN Cloud Internet of Things (IoT) Information Security (Cyber) Insurance 24
5
6
7 Ⅰ Introduction Population Effective Sample Size Data Collection Businesses with computers connected to networks (1 or more employees) 9,130 Businesses Face-to-face interview, , fax and online survey Fieldwork Period Aug. 1 Oct. 31, 2017 Effective Period Sampling Method Sampling Error Current as of Dec. 31, Education, budget, expenditure, and information security incident experience are for Jan. 1 Dec. 31, Currently invested/planned IT security activities are for until Aug. 1, 2017 Multi-stage stratified sampling Rate of information security policies ±0.70%p (95% confidence level) Sampling Design Primary Sampling Frame Secondary Sampling Frame Target businesses in the 2015 Report on the Economic Census Businesses that have established networks and one or more employee(s) among target businesses in the 2016 Yearbook of Information Society Statistics Glossary Malicious Code Security Patch Internet of Things (IoT) Information Security (Cyber) Insurance Software designed to execute malicious activities such as destroying the host system and stealing information (virus, worm, adware, spyware, etc.) Software designed to protect security vulnerabilities in the operating system (OS) or applications Intelligent information technology or service that connects objects to allows mutual communication between people and objects, as well as between objects and other objects (smart car, smart refrigerator, etc.) Insurance offered to corporations to guarantee compensation for damages inflicted by hacking, DDoS, and other intentional cyber attacks 1
8 Ⅱ Information Security Infrastructure and Environment 1. Information Security Policy A. Information (Personal Information) Security Policy 15.2% established information or personal information security policies, down by 1.9%p compared to the previous year. 15.2% of the businesses established information or personal information security policies in the form of an official document, which is a 1.9%p decrease compared to the previous year. - The rate rose from previous year in businesses with 250 or more employees (87.9%). For companies with less than 50 employees, however, fewer had an official security policy document this year compared to the previous year. Figure 2-1 Information (Personal Information) Security Policy or More 2
9 B. Information Security Policy 13.5% established information security policies in the form of an official document, down by 1.0%p compared to the previous year. 13.5% of the businesses established information security policies in the form of an official document, which is a 1.0%p decrease compared to the previous year. - The rate rose from previous year in businesses with 250 or more employees (86.2%). For companies with less than 50 employees, however, fewer had an official security policy document this year compared to the previous year. Figure 2-2 Information Security Policy or More 3
10 C. Personal Information Security Policy 14.5% established personal information security policies in the form of an official document, down by 0.8%p compared to the previous year. 14.5% of the businesses established personal information security policies in the form of an official document, which is a 0.8%p decrease compared to the previous year. - The rate rose from previous year in companies with 250 or more employees (87.6%). For companies with less than 50 employees, however, fewer had an official security policy document this year compared to the previous year. Figure 2-3 Personal Information Security Policy or More 4
11 2. Information (Personal Information) Security Organization 9.9% had an official information or personal information security organization, down by 1.1%p compared to the previous year. 9.9% of the businesses operated an official information or personal information security organization, which is a 1.1%p decrease compared to the previous year. - All groups had lower rates of information security organizations this year compared to the previous year. Figure 2-4 Information (Personal Information) Security Organization or More 5
12 3. Information (Personal Information) Security Education 30.4% conducted information or personal information security education, up by 12.4%p compared to the previous year. 30.4% of the businesses conducted information or personal information security education for its executives and employees during 2016, which is a 12.4%p increase compared to the previous year. Regular employees who use computers (90.2%) received such education at the highest rate, followed by CEOs and executives (65.5%) and Chief Information Security Officer (44.6%). Figure 2-5 Information (Personal Information) Security Education Regular Who Use Computers CEOs and Executives Chief Information Security Officer Chief Privacy Officer Personal Information Handlers IT and Information Security Staff * 2015 responses are not included because questionnaire was modified in
13 4. Information (Personal Information) Security Budget 48.1% allocated information or personal information security budget, up by 15.6%p compared to the previous year. 48.1% of the businesses allocated information or personal information security budget out of the IT-related budget during 2016, which is a 15.6%p increase compared to the previous year. - This rate is significantly rising every year, from 18.6% in 2015 to 32.5% in 2016 and 48.1% in % of the businesses allocated 5% or more of their IT budget for information or personal information security, an increase compared to the previous year. Figure 2-6 Information (Personal Information) Security Budget 36.8 Less than 1% % 5% or More 7
14 Ⅲ Information Security Incident Prevention 1. Information Security Products and Services A. Information Security Product Use 94.9% used information security product, up by 5.1%p compared to the previous year. 94.9% of the businesses used information security product, which is a 5.1%p increase compared to the previous year. Network security product was the most frequent type of product used (83.5%), followed by system (device) security products (74.8%) and others. Figure 3-1 Information Security Product Use Network Security Sy stem (Dev ice) Security Authentication Security Management Contents/ Inf ormation Leak Prev ention *Others *Surv eillance camera (CCTV) was added to Others in 2017 surv ey. 8
15 B. Information Security Service Use 48.5% used information security service, up by 8.0%p compared to the previous year. 48.5% of the businesses used information security service, which is a 8.0%p increase compared to the previous year. Maintenance and management (42.0%) was the most frequent type of service used, followed by education/training (12.7%) and security control (11.4%). Figure 3-2 Information Security Service Use Maintenance and Management Education/ Training Security Control Authentication Service Security Consulting 9
16 2. Information Security Management A. System and Network Security Inspection 64.7% conducted system and network security inspection, up by 9.2%p compared to the previous year. 64.7% of the businesses conducted system and network security inspection (vulnerability check, etc.), which is a 9.2%p increase compared to the previous year. Almost all businesses that conducted vulnerability check inspected their PCs (99.7%), followed by their server operating system (39.0%) and application programs (34.2%). Figure 3-3 System and Network Security Inspection PC Serv er Operating Sy stem (OS) Application Programs Network Dev ice (Router, Switch, Etc.) Web Database *Phy sical security *New item in 2017 surv ey. 10
17 B. Security Patch Application 96.9% applied security patches, up by 13.0%p compared to the previous year. 96.9% of the businesses applied security patches for their PCs and servers (Windows Update, etc.), which is a 13.0%p increase compared to the previous year. By type, the businesses applied patches the most for information security systems (93.4%), followed by employee PC (93.2%) and servers connected to external entities (89.6%). Figure 3-4 Security Patch Application Information Security System Employee PC Servers Connected to External Entities Internal Servers *Answers f or automatic update + manual update + update only when issues arise 11
18 C. System Log and Data Backup 52.5% backed up system log or important data, up by 14.2%p compared to the previous year. 52.5% the businesses executed backup of system log or important data, which is a 14.2%p increase compared to the previous year. By type, 37.4% of the businesses executed system log backup and 46.8% executed important data backup. Figure 3-5 System Log and Data Backup System Log Backup Important Data Backup 12
19 Ⅳ Information Security Incident Response 1. Information Security Incident Experience 2.2% experienced information security incident, down by 0.9%p compared to the previous year. 2.2% of the businesses experienced security incidents during 2016, which is a 0.9%p decrease from the previous year. By type, attack by malicious codes (75.5%) was the most frequent, followed by ransomware (25.5%) and adware/spyware infection (13.0%). Figure 4-1 Information Security Incident Experience Attack by Malicious Codes Ransomware Adware/ Spyware Infection Hacking DoS/ DDoS Attack Information Leak by Company Personnel Department of Medicine APT Attack 13
20 2. Information Security Incident Response 25.9% responded to information security incidents, up by 8.8%p compared to the previous year. 25.9% of the businesses conducted activities to respond to information security incidents, which is an 8.8%p increase compared to the previous year. By type, establishing emergency contact system for response to information security incident (16.3%) was the most frequent method, followed by formulating information security incident response plan (8.0%) and consigning security response activities to external entities (7.1%). Figure 4-2 Information Security Incident Response Establish Emergency Contact System for Response to Information Security incident Formulate Information Security Incident Response Plan Consign Security Response Activities to External Entities Establish and Operate Computer Emergency Readiness Team (CERT) Organize Incident Recovery Team Subscribe to Information Security Insurance No Response Activity 14
21 Ⅴ Information Security Awareness 1. Executives' Awareness of Information (Personal Information) Security Executives from 87.4% of the businesses found information security important, up by 3.5%p compared to the previous year. Executives from 88.9% of the businesses found personal information security important, up by 2.8%p compared to the previous year. CEOs and executives in 87.4% of the businesses considered information security important, which is a 3.5%p increase compared to the previous year. CEOs and executives in 88.9% of the businesses considered personal information security important, which is a 2.8%p increase compared to the previous year. Figure 5-1 Executives' Awareness of Information (Personal Information) Security *Ratio of people who answered important and very important to the question. 15
22 2. Awareness of Information (Personal Information) Security from 81.5% of the businesses found information security important and 84.6% found personal information security important. in 81.5% of the businesses considered information security important, which is similar compared to the previous year within the error range. in 84.6% of the businesses considered personal information security important, which is similar compared to the previous year within the error range. Figure 5-2 Awareness of Information (Personal Information) Security *Ratio of people who answered important and very important to the question. 16
23 Ⅵ Personal Information Security 1. Personal Information Collection and Use 1. Personal Information Collection and Use 47.4% collected customers personal information, up by 8.2%p compared to the previous year. 45.5% used customers personal information, up by 12.4%p compared to the previous year. 47.4% of the businesses collected personal information from their customers online or offline, which is an 8.2%p increase compared to the previous year. 45.5% of the businesses used personal information from their customers online or offline, which is a 12.4%p increase compared to the previous year. Figure 6-1 Personal Information Collection and Use
24 2. Personal Information Security Incident Experience 0.2% experienced personal information security incident, down by 0.8%p compared to the previous year. 17.7% made inquiry of or reported the incident to the authorities. 0.2% of the businesses experienced personal information security incident during 2016, which is a 0.8%p decrease compared to the previous year. 17.7% of the businesses that experienced personal information security incident made inquiries or reports to related authorities, which is similar compared to the previous year within the error range. Figure 6-2 Personal Information Security Incident Experience *Inquiry or report to the authorities (n=12) should be carefully interpreted. 18
25 3. Personal Information Security Incident Prevention 85.1% took managerial measures to prevent personal information security incidents, up by 3.1%p compared to the previous year. 85.6% took technical measures to prevent personal information security incidents. 85.1% of the businesses executed managerial measures to prevent personal information security incidents, which is a 3.1%p increase compared to the previous year. Figure 6-3 Managerial Measures for Personal Information Security Incident Prevention Create Incident Prevention Manual Establish Follow- Establish Internal On Management Response and Policy Reporting System Keep a List of Warning Signs for Incidents Notify Authorities Related to Personal Information Security Incidents * Including only top 5 answers. 19
26 85.6% of the businesses executed technical measures to prevent personal information security incidents, which is similar compared to the previous year within the error range. Figure 6-4 Technical Measures for Personal Information Security Incident Prevention Prevent Damages from Computer Viruses Security Measures Using Encryption Technologies Access Control and Break-in Prevention System Measures to Prevent Forgery/ Alteration of Access Control Store Data Offline None 20
27 Ⅶ 1. Wireless LAN Information Security by Service 1. Wireless LAN 71.5% had wireless LAN, up by 20.4%p compared to the previous year. 71.5% of the businesses had wireless LAN in the company, which is a 20.4%p increase compared to the previous year. Setting wireless LAN access password (83.7%) was the most common method for wireless LAN security, followed by encrypting transmitted data (30.7%) and separating internal wireless and cable networks (25.4%). Figure 7-1 Wireless LAN Set Wireless LAN Access Password Encrypt Transmitted Data Separate Internal Wireless and Cable Networks Control/ Filter Access to Wireless LAN Block Social Media Access Via Wireless LAN Limit Use of External Commercial Wireless LAN 21
28 2. Cloud 6.6% used cloud service, up by 1.2%p compared to the previous year. 6.6% of the businesses used cloud services in their offices, which is a 1.2%p increase compared to the previous year % of the businesses stated that they have a plan to introduce a cloud service to their system or maintain their current cloud service. Establishing security policies for cloud services (34.7%) was the most common measure to ensure cloud service security. Figure 7-2 Cloud *Businesses planning to introduce (maintain) cloud service: 6.7% Establish Security Policies for Cloud Services Use Cloud Services with Security Certifications Use Cloud- Based Security Services Mandate Security Software for Devices Using Cloud Services Separate and Encrypt Sensitive Data No Cloud Service Security Measure 22
29 3. Internet of Things (IoT) 4.9% used IoT products or services. 4.9% of the businesses used IoT products or services % of the businesses stated that they have a plan to introduce IoT products or services or maintain their current IoT products or services. Data leak (48.5%) was the highest perceived threat regarding IoT systems, followed by hacking or malicious code infection (46.6%). Figure 7-3 Internet of Things (IoT) Yes No 95.1 * Businesses planning to introduce (maintain) IoT product or service: 5.5% Data Leak Hacking and Malicious Code Infection Wireless Signal Disruption or Error Device Theft/Loss * Businesses that answered somewhat concerned and very concerned 23
30 4. Information Security (Cyber) Insurance 0.6% subscribed information security (cyber) insurance. 0.6% of the businesses subscribed information security (cyber) insurance % of the businesses stated that they have a plan to subscribe to information security (cyber) insurance or maintain their current subscription. In their information security (cyber) insurance, 84.0% of the businesses sought reimbursement for damages paid for personal information leak, followed by reimbursement of costs for personal information leak responses (74.9%) and reimbursement of costs related to corporate espionage investigation and litigation (36.9%). Figure 7-4 Information Security (Cyber) Insurance Yes No * Businesses planning to subscribe to (maintain) information security (cyber) insurance: 2.2% Reimbursement of Damages Paid for Personal Information Leak Reimbursement of Costs for Personal Information Leak Responses Reimbursement of Costs Related to Corporate Espionage Investigation and Litigation Reimbursement of Damages Paid for Corporate Secret Leak Reimbursement of Damages Paid for Acting as a Gateway to Zombie PC or Other Cyberattacks Reimbursement of Costs Related to Cyber Extortion 24
31
II. Information Security Infrastructure and Environment 2. III. Information Security Incident Prevention 6. Ⅳ. Security Incidents Responses 13
I. Introduction 1 II. Information Security Infrastructure and Environment 2 1. Information Security Policy 2 2. Information Security Organizations and Officers 3 3. Information Security Education 4 4.
More informationI. Introduction 1. II. Information Security Infrastructure and Environment 2. III. Information Security Incident Prevention and Responses 6
I. Introduction 1 II. Information Security Infrastructure and Environment 2 1. Information policy 2 2. Information organizations and officers 3 3. Information education 4 4. Information budget 5 III. Information
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More informationCybersecurity Survey Results
Cybersecurity Survey Results 4 November 2015 DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
More informationChapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.
Name Date Chapter 10: Security After completion of this chapter, students should be able to: Explain why security is important and describe security threats. Explain social engineering, data wiping, hard
More informationThe Information Security Guideline for SMEs in Korea
The Information Security Guideline for SMEs in Korea Ho-Seong Kim Mi-Hyun Ahn Gang Shin Lee Jae-il Lee Abstract To address current difficulties of SMEs that are reluctant to invest in information security
More informationPULSE TAKING THE PHYSICIAN S
TAKING THE PHYSICIAN S PULSE TACKLING CYBER THREATS IN HEALTHCARE Accenture and the American Medical Association (AMA) surveyed U.S. physicians regarding their experiences and attitudes toward cybersecurity.
More informationitexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공
itexamdump 최고이자최신인 IT 인증시험덤프 http://www.itexamdump.com 일년무료업데이트서비스제공 Exam : CISA Title : Certified Information Systems Auditor Vendor : ISACA Version : DEMO Get Latest & Valid CISA Exam's Question and
More informationPerimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN
T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN Perimeter Defenses Enterprises need to take their security strategy beyond stacking up layers of perimeter defenses to building up predictive
More informationPersonal Cybersecurity
Personal Cybersecurity The Basic Principles Jeremiah School, CEO How big is the issue? 9 8 7 6 5 4 3 2 1 Estimated global damages in 2018 0 2016 2018 2020 2022 2024 2026 2028 2030 Internet Users Billions
More informationInformation Security Management Criteria for Our Business Partners
Information Security Management Criteria for Our Business Partners Ver. 2.1 April 1, 2016 Global Procurement Company Information Security Enhancement Department Panasonic Corporation 1 Table of Contents
More informationCybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls
Cybersecurity Hospitality Finance and Technology Professionals June 27, 2017 Presented by: Harvey Johnson, CPA Partner Overview Define Cyber Security Importance of Cyber Security 2017 Cyber Trends 1 About
More informationCyber Security. June 2015
Cyber Security June 2015 Table of contents Section Pages Introduction and methodology 3 Key findings 4 Respondent profile 5-9 Cyber security practices 10-25 Resources for monitoring cyber security events
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationCertified Cyber Security Specialist
Certified Cyber Security Specialist Page 1 of 7 Why Attend This course will provide participants with in-depth knowledge and practical skills to plan, deliver and monitor IT/cyber security to internal
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationClearPath OS 2200 System LAN Security Overview. White paper
ClearPath OS 2200 System LAN Security Overview White paper Table of Contents Introduction 3 Baseline Security 3 LAN Configurations 4 Security Protection Measures 4 Software and Security Updates 4 Security
More informationKeys to a more secure data environment
Keys to a more secure data environment A holistic approach to data infrastructure security The current fraud and regulatory landscape makes it clear that every firm needs a comprehensive strategy for protecting
More informationCyberEdge Group 2018 Cyberthreat Defense Report
CyberEdge Group 2018 Cyberthreat Defense Report March 21, 2018 Steve Piper, CISSP CEO CyberEdge Group Mark Bouchard, CISSP COO CyberEdge Group About The Cyberthreat Defense Report 27-question online survey
More informationCyber Insurance: What is your bank doing to manage risk? presented by
Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an
More informationDoug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017
Cyber Concerns of Local Government and What Does It Mean to Transportation Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017 Transportation and Infrastructure
More information716 West Ave Austin, TX USA
Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud
More informationShifting focus: Internet of Things (IoT) from the security manufacturer's perspective
Shifting focus: Internet of Things (IoT) from the security manufacturer's perspective Published on 27 Nov 2018 The term Internet of Things (IoT) has almost been beaten to death at this point, as more and
More informationSecuring Network Devices with the IEC Standard What You Should Know. Vance Chen Product Manager
with the IEC 62443-4-2 Standard What You Should Know Vance Chen Product Manager Industry Background As the Industrial IoT (IIoT) continues to expand, more and more devices are being connected to networks.
More informationGuide to Network Defense and Countermeasures Second Edition. Chapter 2 Security Policy Design: Risk Analysis
Guide to Network Defense and Countermeasures Second Edition Chapter 2 Security Policy Design: Risk Analysis Objectives Explain the fundamental concepts of risk analysis Describe different approaches to
More informationCYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW
CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW May 2018 Ed Plawecki General Counsel & Director of Government Relations UHY LLP Jamie See Manager UHY LLP Iowa Public
More informationWhat can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco
What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco Increasing Digital Traffic Creates a Greater Attack Surface Global IP Traffic
More informationSALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually
SALARY $49.72 - $72.54 Hourly $3,977.88 - $5,803.27 Biweekly $8,618.75 - $12,573.75 Monthly $103,425.00 - $150,885.00 Annually ISSUE DATE: 03/21/18 THE POSITION DIRECTOR OF CYBER SECURITY OPEN TO THE PUBLIC
More informationService Provider View of Cyber Security. July 2017
Service Provider View of Cyber Security July 2017 Quick Stats Caribbean and LatAm: 3 rd largest population of Internet Users You Are Here Visualization from the Opte Project of the various routes through
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationU.S. State of Cybercrime
EXCLUSIVE RESEARCH FROM EXECUTIVE SUMMARY 2017 U.S. State of Cybercrime IDG Communications, Inc. 2017 U.S. State of Cybercrime TODAY S CYBERCRIMES ARE BECOMING MORE TARGETED AND BUILT FOR MAXIMUM IMPACT,
More information3 Ways to Prevent and Protect Your Clients from a Cyber-Attack. George Anderson Product Marketing Director Business October 31 st 2017
3 Ways to Prevent and Protect Your Clients from a Cyber-Attack George Anderson Product Marketing Director Business October 31 st 2017 Agenda One ounce of prevention is worth a pound of protection 01 Aiming
More informationThe Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless
The Republic of Korea Executive Summary Today, cyberspace is a new horizon with endless possibilities, offering unprecedented economic and social benefits. However, on account of its open, anonymous and
More informationMOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner
MOBILE SECURITY 2017 SPOTLIGHT REPORT Group Partner Information Security PRESENTED BY OVERVIEW Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use
More informationi-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS
i-pcgrid WORKSHOP 2016 INTERACTIVE REMOTE ACCESS siemens.com/ruggedcom INTERACTIVE REMOTE ACCESS INTELLIGENT ELECTRONIC DEVICES Intelligent Electronic Devices (IEDs) Devices that can provide real-time
More informationISACA January 2016 Cybersecurity Snapshot US Results. Number of respondents (n) = 862
ISACA January 2016 Cybersecurity Snapshot US Results www.isaca.org/2016-cybersecurity-snapshot Number of respondents (n) = 862 Media Inquiries: Kristen Kessinger, ISACA, +1.847.660.5512, news@isaca.org
More informationDefensible and Beyond
TELUS Defensible and Beyond Mike Vamvakaris Director and Head of Cyber Security Consulting November 2017 Digital transformation brings many benefits Communication and Collaboration Autonomous and Artificial
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationCyber Security Guidelines for Securing Home and Small Office Routers
Cyber Security Guidelines for Securing Home and Small Office Routers Author: CS Risk Management Section Document Published Date: March 2018 Document History: Version Description Date 1.0 Published V1.0
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationInsider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm
Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationCloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com
Cloud Computing Faculty of Information Systems Duc.NHM nhmduc.wordpress.com Evaluating Cloud Security: An Information Security Framework Chapter 6 Cloud Computing Duc.NHM 2 1 Evaluating Cloud Security
More informationEmerging Technologies The risks they pose to your organisations
Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things
More informationChapter 11: Networks
Chapter 11: Networks Devices in a Small Network Small Network A small network can comprise a few users, one router, one switch. A Typical Small Network Topology looks like this: Device Selection Factors
More informationBASED ON INDICATOR OF COMPROMISE Hyeisun Cho, KISA; Seulgi Lee, KISA; Nakhyun Kim, KISA; Byung-ik Kim, KISA; Jun-hyung Park, KISA
CYBER THREAT ANALYSIS AND QUANTIFICATION Abstract BASED ON INDICATOR OF COMPROMISE Hyeisun Cho, KISA; Seulgi Lee, KISA; Nakhyun Kim, KISA; Byung-ik Kim, KISA; Jun-hyung Park, KISA As a large quantity of
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationCONTEMPORARY CYBER ATTACK TRENDS AND CHALLENGES DR SHASHWAT RAIZADA
CONTEMPORARY CYBER ATTACK TRENDS AND CHALLENGES DR SHASHWAT RAIZADA RECENT TRENDS IN CYBER ATTACKS Cyber Security Threats From Requests to Ransom Notes Source: www.ripandscam.com Source https://en.wikipedia.org/wiki/wannacry_ransomware_attack
More informationPreventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence
Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence Presented by Keith Barger and Audra A. Dial March 19, 2014 2014 Kilpatrick Townsend & Stockton LLP Protection of
More informationUnderstanding Persistent Connectivity: How IoT and Data Will Impact the Connected Data Center
Understanding Persistent Connectivity: How IoT and Data Will Impact the Connected Data Center Speaker: Bill Kleyman, EVP of Digital Solutions - Switch AFCOM and Informa Writer/Contributor (@QuadStack)
More informationFiscal 2015 Activities Review and Plan for Fiscal 2016
Fiscal 2015 Activities Review and 1. The Ricoh Group s Information Security Activities In response to changes emerging in the social environment, the Ricoh Group is promoting its PDCA management system
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationPosition Title: IT Security Specialist
Position Title: IT Security Specialist SASRIA SOC LIMITED Sasria, a state-owned company, is the only short-term insurer in South Africa that provides affordable voluntary cover against special risks such
More informationCyber fraud and its impact on the NHS: How organisations can manage the risk
Cyber fraud and its impact on the NHS: How organisations can manage the risk Chair: Ann Utley, Preparation Programme Manager, NHS Providers Arno Franken, Cyber Specialist, RSM Sheila Pancholi, Partner,
More informationIS Today: Managing in a Digital World 9/17/12
IS Today: Managing in a Digital World Chapter 10 Securing Information Systems Worldwide losses due to software piracy in 2005 exceeded $34 billion. Business Software Alliance, 2006 Accessories for war
More informationA Forensic Accountant in Cyber Security
A Forensic Accountant in Cyber Security Gertjan Groen, President ACFE Netherlands Chapter Fraud Awareness Week Event ACFE Belgium 14 November 2017, Brussels Personal Background Started my career in auditing
More informationDIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018
DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL June 14, 2018 A. Overriding Objective 1.1 This Directive establishes the rules and instructions for Bank Personnel with respect to Information
More information7.16 INFORMATION TECHNOLOGY SECURITY
7.16 INFORMATION TECHNOLOGY SECURITY The superintendent shall be responsible for ensuring the district has the necessary components in place to meet the district s needs and the state s requirements for
More informationThe rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services
The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services Major Trends of 2014 And relevant changes in Threat Scenario Most Target Countries and Sectors
More informationSecurity+ SY0-501 Study Guide Table of Contents
Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators
More informationCYBER SECURITY AND MITIGATING RISKS
CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationCYBER SECURITY FOR MEDICAL COLLEGES
CYBER SECURITY FOR MEDICAL COLLEGES PAGE 1 PRESENTER: BENJAMIN MOSSÉ THURSDAY, AUGUST 3, 2017 MOSSÉ SECURITY About Me PAGE 2 Chief Executive Officer of Mossé Security Founder of Mossé Cyber Security Institute
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationIncident Response Table Tops
Incident Response Table Tops Agenda Introductions SecureState overview Need for improved incident response capability https://pollev.com/securestate Overview of the exercise: Sample incident response table
More information2005 E-Crime Watch Survey Survey Results Conducted by CSO magazine in cooperation with the U.S. Secret Service and CERT Coordination Center
OVERALL RESULTS E-Crime Watch Survey: 2005 Field Dates: 3/3/05 3/14/05 Total completed surveys: 819 Margin of Error: +/- 3.4% NOTE TO EDITOR For the purpose of this survey, electronic crime, intrusion,
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationCA Security Management
CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate
More informationDefending Our Digital Density.
New Jersey Cybersecurity & Communications Integration Cell Defending Our Digital Density. @NJCybersecurity www.cyber.nj.gov NJCCIC@cyber.nj.gov The New Jersey Cybersecurity & Communications Integration
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationPCI Compliance. What is it? Who uses it? Why is it important?
PCI Compliance What is it? Who uses it? Why is it important? Definitions: PCI- Payment Card Industry DSS-Data Security Standard Merchants Anyone who takes a credit card payment 3 rd party processors companies
More informationIntroduction to Business continuity Planning
Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationWhitepaper on AuthShield Two Factor Authentication with SAP
Whitepaper on AuthShield Two Factor Authentication with SAP By AuthShield Labs Pvt. Ltd Table of Contents Table of Contents...2 1.Overview...4 2. Threats to account passwords...5 2.1 Social Engineering
More informationPass4suresVCE. Pass4sures exam vce dumps for guaranteed success with high scores
Pass4suresVCE http://www.pass4suresvce.com Pass4sures exam vce dumps for guaranteed success with high scores Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version :
More informationRFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350
Έκδοση 1.2-2018.02.14 TLP1: WHITE 1 TLP Sources may use TLP: WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.
More informationINTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.
2019 SIEM REPORT INTRODUCTION Security Information and Event Management (SIEM) is a powerful technology that allows security operations teams to collect, correlate and analyze log data from a variety of
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationCyber Security Stress Test SUMMARY REPORT
Cyber Security Stress Test SUMMARY REPORT predict prevent respond detect FINAL SCORE PREDICT: PREVENT: Final score: RESPOND: DETECT: BRILLIANT! You got a 100/100. That's as good as it gets. So take a second
More informationCritical Information Infrastructure Protection Law
Critical Information Infrastructure Protection Law CCD COE Training 8 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia.
More informationCompTIA Security Research Study Trends and Observations on Organizational Security. Carol Balkcom, Product Manager, Security+
CompTIA Security Research Study 2007 Trends and Observations on Organizational Security Carol Balkcom, Product Manager, Security+ Goals of this session To share some trends and observations related to
More informationCOUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017
COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime
More informationENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE
ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE INTRODUCTION In line with commercial industry standards, the data center used by EndNote employs a dedicated security team to protect our
More informationAltius IT Policy Collection
Altius IT Policy Collection Complete set of cyber and network security policies Over 100 Policies, Plans, and Forms Fully customizable - fully customizable IT security policies in Microsoft Word No software
More informationData Security and Privacy Principles IBM Cloud Services
Data Security and Privacy Principles IBM Cloud Services 2 Data Security and Privacy Principles: IBM Cloud Services Contents 2 Overview 2 Governance 3 Security Policies 3 Access, Intervention, Transfer
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationPOLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents
POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND October 2005 Table of Contents Introduction... 1 Purpose Of This Policy... 1 Responsibility... 1 General Policy... 2 Data Classification Policy...
More informationData Centers & Technology:
Data Centers & Technology: Risk in the digital landscape Presented by; Ralph de Mesquita Principal Risk Analyst, Risk Engineering UK Agenda Rise of cloud providers Four scenarios: where are the insurable
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationCITY OF MONTEBELLO SYSTEMS MANAGER
CITY OF MONTEBELLO 109A DEFINITION Under general administrative direction of the City Administrator, provides advanced professional support to departments with very complex computer systems, programs and
More informationNEN The Education Network
NEN The Education Network School e-security Checklist This checklist sets out 20 e-security controls that, if implemented effectively, will help to ensure that school networks are kept secure and protected
More informationProtecting Information Assets - Week 6 - Creating a Security Aware Organization. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 6 - Creating a Security Aware Organization MIS5206 Week 5 In the News Creating a Security Aware Organization Case Study 2: Autopsy of a Data Breach: The Target Case
More informationCybersecurity 2016 Survey Summary Report of Survey Results
Introduction In 2016, the International City/County Management Association (ICMA), in partnership with the University of Maryland, Baltimore County (UMBC), conducted a survey to better understand local
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationUNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21
National and Cyber Security Branch Presentation for Gridseccon Quebec City, October 18-21 1 Public Safety Canada Departmental Structure 2 National and Cyber Security Branch National and Cyber Security
More information