CYBER SECURITY AND MITIGATING RISKS

Size: px
Start display at page:

Download "CYBER SECURITY AND MITIGATING RISKS"

Transcription

1 CYBER SECURITY AND MITIGATING RISKS

2 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides

3 PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY TYPES COMPUTER HACKING MOTIVATIONS RISKS CONTROLS 4 SIMPLE STEPS FINISH

4 HACKING DEFINITON 4 Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose. Computer hacking refers to the technique or process by which an individual attempts to gather information or gain access to a computer system. People who engage in computer hacking activities are often called hackers. There is more than one type of hacking

5 MORE THAN ONE Types of Hacking. 5 ELECTICAL / MECHANICAL LIFE PHONE COMPUTER

6 BRIEF HISTORY 6 First Unix Vulnerability Phone Phreaking Worm Invented First Large Scale Attacks Sting Op. Sundevil The Movies Mainstream Culture 65% Success Rate Of Government Attacks s 1980 s s 1996 Once only a hobby for few, quickly turned into a vehicle for criminal enterprises and garnered the attention main stream culture.

7 BRIEF HISTORY (Cont.) 7 Rise of the Internet ILOVEYOU Virus, Botnets New Type of Hackers Anonymous, Lulzsec, Wikileaks Large Retail Becomes Major Target (Nieman Marcus, Home Depot) Healthcare Industry Anthem, DDHS Paradigm Shift in Cyberwarfare Democratic National Committee Rising Ransomware (WannaCry) IoT Hacking 2000 s A new wave of hackers has emerged based not on financial gain but rather social values

8 HACKER TYPES 01 WHITE HAT Good Guys; Non-Malicious Intent; Ethical Hacker 8 02 BLACK HAT Bad Guys; Malicious Intent; Cracker 03 GREY HAT White and Black Hat; Notifies Administrator of Issue 04 BLUE HAT Outside Consulting Firm that Tests a System Prior or After Launch SCRIPT KIDDIES Little Knowledge; Uses Pre-Packaged Tools HACKTIVIST Uses Hacking to Announce a Social, Religious, or Political Message; WikiLeaks

9 MODERN HACKING Types of Computer Hacking. 9 VULNERABILITY EXPLOITATION Exploiting system flaws to obtain access to data or networks TYPES SOCIAL ENGINEERING Exploiting human emotion to gain access to personal information WIRELESS Exploiting wireless flaws to remotely obtain access to data or networks

10 VULNERABILITY EXPLOITATION 10 STEP 1 STEP 2 STEP 3 NETWORK ENUMERATION VULNERABILITY IDENTIFICATION EXPLOITATION ACCESS CRITICAL DATA 3 STEPS TO VULNERABILITY EXPLOITATION While exact techniques differ, modern vulnerability exploitation generally follows three set phases.

11 SOCIAL ENGINEERING 3 Types 11 PHYSICAL Key Loggers Virus Installs Remote System Setup. ELECTRONIC Phishing s Information Gathering TELEPHONIC TELEPHONIC Telephone Calls Information Gathering

12 WIRELESS Major Threats Unauthorized Rogue Access Points New devices with wireless included 02 Compromise Internal Networks Confidentiality Integrity Availability 03 Use or Disrupt Resources Wireless DoS Inject traffic into internal networks Drive-by spammers

13 HACKER MOTIVATIONS What makes them go? 13 Curiosity and Challenges Reputation and Notoriety Money and Personal Gain Hactivism and Social Rights

14 RISK TYPES 14 It takes twenty years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently. Warren Buffett Resulting in reduced customer and vendor confidence Resulting in fines or legal action Resulting in the loss of productivity and increased operational costs Resulting in employee accountability issues

15 CONTROL FRAMEWORKS How Do We Protect Ourselves? 15 Program Management 01 NIST CSF Incident Response Logical / Physical Security ISO Cobit Training / Awareness Private Data Vendor Management Compliance Data Privacy

16 MULTI-FACTED APPROACH 16 Automated Processes and Preventative Controls Manual Processes and Detective Controls

17 RISK CONTROL Management 17 Management Data Privacy Information Security Physical Security Incident Response Training and Awareness Vendor Management Roles and Responsibilities Risk Assessment Do I know my risks regarding my information? Example Controls Roles and responsibilities for data protection have been clearly defined and assigned to specific individuals. Accessible data within the functional area is identified, classified, and inventoried in accordance with corporate Data Classification Standards. Classification of data is based on the importance of the asset, its business value and its associated security requirements.

18 RISK CONTROL Data Privacy 18 Management Data Privacy Information Security Physical Security Incident Response Training and Awareness Vendor Management Am I in compliance with all applicable privacy laws and regulations? Collection and Usage of Personal Data Notice, Consent, and Quality Knowledge Sharing Example Controls Personal Data should only be used in compliance with communicated privacy policies to customers, as well as applicable privacy laws and regulations. All procedures have been designed to protect the privacy of Personal Data in compliance with current data privacy laws. A written procedure is in place to confirm packaged knowledge from other sources can be utilized.

19 RISK CONTROL Information Security 19 Management Data Privacy Information Security Physical Security Incident Response Training and Awareness Vendor Management Access Rights Authentication Storage Transmission Backups Is my information protected? Example Controls Systems Security Network Security Information Disposal Application Development and Management Access rights to confidential data are defined and documented. Access to sensitive information is controlled by authentication methods that comply with current industry standards. The technology and processes used to store sensitive data are in accordance with current industry standards.

20 RISK CONTROL Physical Security 20 Management Data Privacy Information Security Physical Security Incident Response Training and Awareness Physical Security Walkthroughs Is my information physically secure? Example Controls Physical security controls are in place to prevent unauthorized physical access. Unscheduled physical walkthroughs are performed to check compliance with information security controls. Vendor Management

21 RISK CONTROL Incident Response 21 Management Data Privacy Information Security Physical Security Incident Response Training and Awareness Security Breach Response and Reporting Root Cause Analysis Am I prepared in the event that a breach occurs? Example Controls A written procedure is in place for the prompt reporting of any known or suspected security breach. Technology is in place to detect breaches. A process is in place after a breach to determine root causes. Vendor Management

22 RISK CONTROL Training and Awareness 22 Management Data Privacy Information Security Physical Security Incident Response Training and Awareness Vendor Management Is my organization aware of our information protection requirements? Initial Training Ongoing Training and Awareness Roll-On and Roll-Off Example Controls Personnel are required to complete training outlining the proper handling and protection of sensitive information prior to being granted access to sensitive information. Data protection training and awareness is communicated on an on-going basis and is updated annually. Roll-On and Roll-Off procedure is in place to (a) help to ensure personnel rolling onto and off the project are made aware of the requirements with respect to information protection and (b) prevent sensitive information from other projects from entering the current project environment.

23 RISK CONTROL Vendor Management 23 Management Data Privacy Vendor Compliance Do my vendors securely protect my information? Information Security Physical Security Incident Response Training and Awareness Vendor Management Example Controls A process is in place to protect against privacy concerns with regards to vendors or other third parties that handle confidential information on behalf of the company. VPN access is appropriately restricted to only those systems necessary to perform services.

24 4 SIMPLE STEPS Where to go from here PERMISSIONS File Shares, Applications, Vendors 02 PATCHING Operating System, Application 03 SYSTEM HARDENING Network Devices, Firewalls, Servers, Workstations 04 PROACTIVE TESTING Simulated penetration testing and vulnerability assessments for low hanging fruit

25 Q & A Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti

Dissecting Data Breaches. What Keeps Going Wrong?

Dissecting Data Breaches. What Keeps Going Wrong? Dissecting Data Breaches What Keeps Going Wrong? 02 WHO WE ARE Tom Stewart Uriah Robins Senior Manager IT Consulting Protiviti Senior Consultant IT Consulting Protiviti PRESENTATION AGENDA 3 START BREACH

More information

Cyber Risks in the Boardroom Conference

Cyber Risks in the Boardroom Conference Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks

More information

Checklist: Credit Union Information Security and Privacy Policies

Checklist: Credit Union Information Security and Privacy Policies Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC

More information

External Supplier Control Obligations. Cyber Security

External Supplier Control Obligations. Cyber Security External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place

More information

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person) Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,

More information

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

10 Cybersecurity Questions for Bank CEOs and the Board of Directors 4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors

More information

Penetration testing.

Penetration testing. Penetration testing Penetration testing is a globally recognized security measure that can help provide assurances that a company s critical business infrastructure is protected from internal or external

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information

Cyber Criminal Methods & Prevention Techniques. By

Cyber Criminal Methods & Prevention Techniques. By Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Meeting Agenda Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation

More information

Cyber Security Audit & Roadmap Business Process and

Cyber Security Audit & Roadmap Business Process and Cyber Security Audit & Roadmap Business Process and Organizations planning for a security assessment have to juggle many competing priorities. They are struggling to become compliant, and stay compliant,

More information

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government

More information

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services Managing IT Risk: What Now and What to Look For Presented By Tina Bode IT Assurance Services Agenda 1 2 WHAT TOP TEN IT SECURITY RISKS YOU CAN DO 3 QUESTIONS 2 IT S ALL CONNECTED Introduction All of our

More information

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017 COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime

More information

Monthly Cyber Threat Briefing

Monthly Cyber Threat Briefing Monthly Cyber Threat Briefing January 2016 1 Presenters David Link, PM Risk and Vulnerability Assessments, NCATS Ed Cabrera: VP Cybersecurity Strategy, Trend Micro Jason Trost: VP Threat Research, ThreatStream

More information

Security Policies and Procedures Principles and Practices

Security Policies and Procedures Principles and Practices Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability

More information

Cyber Security. Building and assuring defence in depth

Cyber Security. Building and assuring defence in depth Cyber Security Building and assuring defence in depth The Cyber Challenge Understanding the challenge We live in an inter-connected world that brings a wealth of information to our finger tips at the speed

More information

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:

More information

Cybersecurity Today Avoid Becoming a News Headline

Cybersecurity Today Avoid Becoming a News Headline Cybersecurity Today 2017 Avoid Becoming a News Headline Topics Making News Notable Incidents Current State of Affairs Common Points of Failure Three Quick Wins How to Prepare for and Respond to Cybersecurity

More information

Cybersecurity and Hospitals: A Board Perspective

Cybersecurity and Hospitals: A Board Perspective Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,

More information

2017 Annual Meeting of Members and Board of Directors Meeting

2017 Annual Meeting of Members and Board of Directors Meeting 2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,

More information

Securing Information Systems

Securing Information Systems Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value

More information

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014 Ethics and Information Security 10 주차 - 경영정보론 Spring 2014 Ethical issue in using ICT? Learning Outcomes E-policies in an organization relationships and differences between hackers and viruses relationship

More information

CYBER SECURITY AIR TRANSPORT IT SUMMIT

CYBER SECURITY AIR TRANSPORT IT SUMMIT CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER

More information

Art of Performing Risk Assessments

Art of Performing Risk Assessments Clinical Practice Compliance Conference Art of Performing Risk Assessments October 2016 Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) Member FBI InfraGard AGENDA Cyber Risk = Disruptive Business Risk Breaches:

More information

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for

More information

Governance Ideas Exchange

Governance Ideas Exchange www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights

More information

CYBERSECURITY PENETRATION TESTING - INTRODUCTION

CYBERSECURITY PENETRATION TESTING - INTRODUCTION CYBERSECURITY PENETRATION TESTING - INTRODUCTION Introduction Pen-testing 101 University Focus Our Environment Openness and learning Sharing and collaboration Leads to Security Weaknesses What is Penetration

More information

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW May 2018 Ed Plawecki General Counsel & Director of Government Relations UHY LLP Jamie See Manager UHY LLP Iowa Public

More information

Choosing the Right Security Assessment

Choosing the Right Security Assessment A Red Team Whitepaper Choosing the Right Security Navigating the various types of Security s and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding

More information

HIPAA Security and Privacy Policies & Procedures

HIPAA Security and Privacy Policies & Procedures Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400

More information

Kaspersky Enterprise Cybersecurity. Kaspersky Security Assessment Services. #truecybersecurity

Kaspersky Enterprise Cybersecurity. Kaspersky Security Assessment Services.  #truecybersecurity Kaspersky Enterprise Cybersecurity Kaspersky Security Assessment Services www.kaspersky.com #truecybersecurity Security Assessment Services Security Assessment Services from Kaspersky Lab. the services

More information

InfoSec Risks from the Front Lines

InfoSec Risks from the Front Lines InfoSec Risks from the Front Lines Adam Brand, Protiviti Orange County IIA Seminar Who I Am Adam Brand IT Security Services Some Incident Response Experience Lead Breach Detection Audits @adamrbrand Who

More information

The Data Breach: How to Stay Defensible Before, During & After the Incident

The Data Breach: How to Stay Defensible Before, During & After the Incident The Data Breach: How to Stay Defensible Before, During & After the Incident Alex Ricardo Beazley Insurance Breach Response Services Lynn Sessions Baker Hostetler Partner Michael Bazzell Computer Security

More information

A Practical Approach to Implement a Risk Based ISMS

A Practical Approach to Implement a Risk Based ISMS A Practical Approach to Implement a Risk Based ISMS Pascal Reiniger Chief Information Security Officer Kanton Basel-Stadt Zürich Security Interest Group Switzerland 07.11.2017 Agenda 1. Introduction 2.

More information

ANATOMY OF AN ATTACK!

ANATOMY OF AN ATTACK! ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable

More information

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco

More information

A company built on security

A company built on security Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for

More information

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities

More information

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.

More information

The Common Controls Framework BY ADOBE

The Common Controls Framework BY ADOBE The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.

More information

Incident Response Table Tops

Incident Response Table Tops Incident Response Table Tops Agenda Introductions SecureState overview Need for improved incident response capability https://pollev.com/securestate Overview of the exercise: Sample incident response table

More information

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11 AUDITING ROBOTICS AND THE INTERNET OF THINGS (IOT) APRIL 9, 2018 PRESENTERS Kara Nagel Manager, Information Security Accenture Ryan Hopkins Assistant Director, Internal Audit Services Packaging Corp. of

More information

How Breaches Really Happen

How Breaches Really Happen How Breaches Really Happen www.10dsecurity.com About Dedicated Information Security Firm Clients Nationwide, primarily in financial industry Services Penetration Testing Social Engineering Vulnerability

More information

The State of the Hack. Kevin Mandia MANDIANT

The State of the Hack. Kevin Mandia MANDIANT The State of the Hack Kevin Mandia MANDIANT Who Am I? Adjunct Professor Carnegie Mellon University 95-856 Incident Response Master of Information System Management The George Washington University Computer

More information

hidden vulnerabilities

hidden vulnerabilities hidden vulnerabilities industrial networks in 30 minutes Cyber Security introduction Frank Kemeling Certified Ethical Hacker [CEH] EC-Council Certified Security Analyst [ESCA] Licensed Penetration Tester

More information

Protect Your Organization from Cyber Attacks

Protect Your Organization from Cyber Attacks Protect Your Organization from Cyber Attacks Leverage the advanced skills of our consultants to uncover vulnerabilities our competitors overlook. READY FOR MORE THAN A VA SCAN? Cyber Attacks by the Numbers

More information

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City 1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the

More information

Cybersecurity, safety and resilience - Airline perspective

Cybersecurity, safety and resilience - Airline perspective Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,

More information

locuz.com SOC Services

locuz.com SOC Services locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security

More information

The Honest Advantage

The Honest Advantage The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents

More information

Information Security Policy

Information Security Policy April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING

More information

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1 The Cyber Threat Bob Gourley, Partner, Cognitio June 22, 2016 How we think. 1 About This Presentation Based on decades of experience in cyber conflict Including cyber defense, cyber intelligence, cyber

More information

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation How To Establish A Compliance Program Richard E. Mackey, Jr. Vice president SystemExperts Corporation Agenda High level requirements A written program A sample structure Elements of the program Create

More information

Lakeshore Technical College Official Policy

Lakeshore Technical College Official Policy Policy Title Original Adoption Date Policy Number Information Security 05/12/2015 IT-720 Responsible College Division/Department Responsible College Manager Title Information Technology Services Director

More information

Information Governance, the Next Evolution of Privacy and Security

Information Governance, the Next Evolution of Privacy and Security Information Governance, the Next Evolution of Privacy and Security Katherine Downing, MA, RHIA, CHPS, PMP Sr. Director AHIMA IG Advisors Follow me @HIPAAQueen 2017 2017 Objectives Part Part I IG Topic

More information

An ICS Whitepaper Choosing the Right Security Assessment

An ICS Whitepaper Choosing the Right Security Assessment Security Assessment Navigating the various types of Security Assessments and selecting an IT security service provider can be a daunting task; however, it does not have to be. Understanding the available

More information

Healthcare HIPAA and Cybersecurity Update

Healthcare HIPAA and Cybersecurity Update Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Healthcare HIPAA and Cybersecurity Update Agenda > Introductions > Cybersecurity

More information

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial

More information

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not

More information

Legal Issues Surrounding the Internet of Things and Other Emerging Technology

Legal Issues Surrounding the Internet of Things and Other Emerging Technology Legal Issues Surrounding the Internet of Things and Other Emerging Technology ACC Houston Chapter Meeting September 12, 2017 Jonathan Ishee Vorys Sater Seymour and Pease, LLP Dean Fisher RigNet Overview

More information

Cyber Security Program

Cyber Security Program Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by

More information

CoreMax Consulting s Cyber Security Roadmap

CoreMax Consulting s Cyber Security Roadmap CoreMax Consulting s Cyber Security Roadmap What is a Cyber Security Roadmap? The CoreMax consulting cyber security unit has created a simple process to access the unique needs of each client and allows

More information

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA CYBERSECURITY IN THE POST ACUTE ARENA AGENDA 2 Introductions 3 Assessing Your Organization 4 Prioritizing Your Review 5 206 Benchmarks and Breaches 6 Compliance 0 & Cybersecurity 0 7 Common Threats & Vulnerabilities

More information

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains

More information

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com Protect Your Endpoint, Keep Your Business Safe. White Paper Exosphere, Inc. getexosphere.com White Paper Today s Threat Landscape Cyber attacks today are increasingly sophisticated and widespread, rendering

More information

DeMystifying Data Breaches and Information Security Compliance

DeMystifying Data Breaches and Information Security Compliance May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts

More information

Certified Cyber Security Specialist

Certified Cyber Security Specialist Certified Cyber Security Specialist Page 1 of 7 Why Attend This course will provide participants with in-depth knowledge and practical skills to plan, deliver and monitor IT/cyber security to internal

More information

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA ljohnson@ffalaw.com INTRODUCTION Cyber attacks increasing Liability/actions resulting

More information

Business Risk Management

Business Risk Management slide 1 Business Risk Management Agenda slide 2 Business Risk Management Overall Issues Risk Defined Approach BRM Structure Business Operations & Critical Functions Asset Identification and Vulnerability

More information

Juniper Vendor Security Requirements

Juniper Vendor Security Requirements Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks

More information

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1 Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com

More information

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government

More information

Education Network Security

Education Network Security Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or

More information

DETAILED POLICY STATEMENT

DETAILED POLICY STATEMENT Applies To: HSC Responsible Office: HSC Information Security Office Revised: New 12/2010 Title: HSC-200 Security and Management of HSC IT Resources Policy POLICY STATEMENT The University of New Mexico

More information

Employee Security Awareness Training Program

Employee Security Awareness Training Program Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,

More information

Take Risks in Life, Not with Your Security

Take Risks in Life, Not with Your Security Take Risks in Life, Not with Your Security Redefining Cybersecurity Why We re Here agio.com Agenda The Problem(s): Threat Landscape Current Threat Landscape People are the Problem Protect Yourself Solutions

More information

The Cyber War on Small Business

The Cyber War on Small Business The Cyber War on Small Business Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Meet Our Speaker Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Previously worked as Cyber

More information

What makes a good KRI? Using FAIR to discover meaningful metrics

What makes a good KRI? Using FAIR to discover meaningful metrics SESSION ID: GRC-R02 What makes a good KRI? Using FAIR to discover meaningful metrics Steve Reznik Director, Operational Risk Management ADP Metrics Love them! or hate them? Without data, you are just another

More information

CHAPTER 8 SECURING INFORMATION SYSTEMS

CHAPTER 8 SECURING INFORMATION SYSTEMS CHAPTER 8 SECURING INFORMATION SYSTEMS BY: S. SABRAZ NAWAZ SENIOR LECTURER IN MANAGEMENT & IT SEUSL Learning Objectives Why are information systems vulnerable to destruction, error, and abuse? What is

More information

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy.

More information

Total Security Management PCI DSS Compliance Guide

Total Security Management PCI DSS Compliance Guide Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to

More information

Security Standardization and Regulation An Industry Perspective

Security Standardization and Regulation An Industry Perspective Security Standardization and Regulation An Industry Perspective Dr. Ralf Rammig Siemens AG Megatrends Challenges that are transforming our world Digitalization In the future, we ll be living in a world

More information

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc. Cyber Security For Utilities Risks, Trends & Standards IEEE Toronto March 22, 2017 Doug Westlund Senior VP, AESI Inc. Agenda Cyber Security Risks for Utilities Trends & Recent Incidents in the Utility

More information

Penetration Testing and Team Overview

Penetration Testing and Team Overview ATO Trusted Access Penetration Testing and Team Overview PRESENTED BY Name: Len Kleinman Director ATO Trusted Access Australian Taxation Office 18 May 2011 What is Vulnerability Management? The on-going

More information

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance

More information

Securing Information Systems

Securing Information Systems Introduction to Information Management IIM, NCKU System Vulnerability and Abuse (1/6) Securing Information Systems Based on Chapter 8 of Laudon and Laudon (2010). Management Information Systems: Managing

More information

Carbon Black PCI Compliance Mapping Checklist

Carbon Black PCI Compliance Mapping Checklist Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and

More information

E-guide Getting your CISSP Certification

E-guide Getting your CISSP Certification Getting your CISSP Certification Intro to the 10 CISSP domains of the Common Body of Knowledge : The Security Professional (CISSP) is an information security certification that was developed by the International

More information

Location-Specific Cyber Risk

Location-Specific Cyber Risk Location-Specific Cyber Risk Lincoln Kaffenberger Cyber Threat Intelligence Officer IMF Information Security Group John Kupcinski Director, Cyber Security KPMG 1 Agenda Why assess the cyber risks by a

More information

Express Monitoring 2019

Express Monitoring 2019 Express Monitoring 2019 WHY CHOOSE PT EXPRESS MONITORING PT Express Monitoring provides a quick evaluation of the current signaling network protection level. This service helps to discover critical vulnerabilities

More information

01.0 Policy Responsibilities and Oversight

01.0 Policy Responsibilities and Oversight Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities

More information

Gujarat Forensic Sciences University

Gujarat Forensic Sciences University Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat

More information

Background FAST FACTS

Background FAST FACTS Background Terra Verde was founded in 2008 by cybersecurity, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance

More information

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE COMPLIANCE ADVISOR NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE A PUBLICATION BY THE EXCESS LINE ASSOCIATION OF NEW YORK One Exchange Plaza 55 Broadway 29th Floor New York, New York 10006-3728 Telephone:

More information

Recommendations for Implementing an Information Security Framework for Life Science Organizations

Recommendations for Implementing an Information Security Framework for Life Science Organizations Recommendations for Implementing an Information Security Framework for Life Science Organizations Introduction Doug Shaw CISA, CRISC Director of CSV & IT Compliance Azzur Consulting Agenda Why is information

More information

Mapping BeyondTrust Solutions to

Mapping BeyondTrust Solutions to TECH BRIEF Taking a Preventive Care Approach to Healthcare IT Security Table of Contents Table of Contents... 2 Taking a Preventive Care Approach to Healthcare IT Security... 3 Improvements to be Made

More information

Forensics and Active Protection

Forensics and Active Protection Forensics and Active Protection Computer and Network Forensics Research Project 2003 Work Update Yanet Manzano Florida State University manzano@cs.fsu.edu manzano@cs.fsu.edu 1 Outline CNF Project Goal

More information

Plant Security Services Protecting productivity in the digital era October

Plant Security Services Protecting productivity in the digital era October Plant Security Services Protecting productivity in the digital era October2017 Restricted www.siemens.com/plant-security-services Internet of (hacked) Things Page 2 Use case - No OT cybersecurity company

More information

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive

More information

Vulnerability Management Policy

Vulnerability Management Policy Vulnerability Management Policy Document Type: Policy (PLCY) Endorsed By: Information Technology Policy Committee Date: 4/29/2011 Promulgated By: Chancellor Herzog Date: 6/16/2011 I. Introduction IT resources

More information