CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

Similar documents
From Russia With Love

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Cybersecurity The Evolving Landscape

Cybersecurity in Higher Ed

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

DeMystifying Data Breaches and Information Security Compliance

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Cybersecurity and Nonprofit

Altius IT Policy Collection Compliance and Standards Matrix

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Cyber Risks in the Boardroom Conference

Altius IT Policy Collection Compliance and Standards Matrix

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

NYS DFS Cybersecurity Requirements. Stephen Head Senior Manager Risk Advisory Services

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Why you should adopt the NIST Cybersecurity Framework

Cyber COBIT. Ophir Zilbiger, CEO SECOZ Shay Zandani, CEO CyberARM. December 2013

The Impact of Cybersecurity, Data Privacy and Social Media

NY State s Cybersecurity Legislation Requirements for Risk Management, Security of Applications, and the Appointed CISO

Background FAST FACTS

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Cyber Insurance: What is your bank doing to manage risk? presented by

Anticipating the wider business impact of a cyber breach in the health care industry

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

Cybersecurity, safety and resilience - Airline perspective

locuz.com SOC Services

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

How to Prepare a Response to Cyber Attack for a Multinational Company.

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Cyber Attack: Is Your Business at Risk?

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

Events Management or How to Survive Security Incidents. Belnet Security Conference May 2010

Gujarat Forensic Sciences University

What It Takes to be a CISO in 2017

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Cybersecurity Auditing in an Unsecure World

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Sage Data Security Services Directory

CYBERSECURITY: E-COMMERCE, GOVERNANCE AND APPLIED CERTIFICATIONS A ROUNDTABLE DISCUSSION 15 DECEMBER 2015

2017 Annual Meeting of Members and Board of Directors Meeting

Cyber Security. The Question of the Day. Sylint Group, Inc. How did we come up with the company name Sylint and what does it mean?

The Cyber War on Small Business

SAC PA Security Frameworks - FISMA and NIST

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

ISE North America Leadership Summit and Awards

Information Security Risk Strategies. By

2017 RIMS CYBER SURVEY

The Modern SOC and NOC

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Incident Response Table Tops

EU General Data Protection Regulation (GDPR) Achieving compliance

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Cybowall Solution Overview

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Understanding the Changing Cybersecurity Problem

Hacking and Cyber Espionage

CYBER INSURANCE: MANAGING THE RISK

Sirius Security Overview

All 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Changing the Game: An HPR Approach to Cyber CRM007

Business continuity management and cyber resiliency

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

The Evolving Threat to Corporate Cyber & Data Security

Moving from Prevention to Detection March 2017

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

What is Penetration Testing?

CACUBO Higher Education Accounting Workshop Top 10 Cyber Security Issues for Higher Education Business Managers. May 2017

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

CYBERSECURITY AND THE MIDDLE MARKET

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

InfoSec Risks from the Front Lines

Framework for Improving Critical Infrastructure Cybersecurity

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Mark Your Calendars: NY Cybersecurity Regulations to Go into Effect

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Simplifying Cyber Security and Today's Growing Regulatory Compliance

NY DFS Cybersecurity Regulations August 8, 2017

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Integrating Cyber Security with Business Continuity Management to Build the Resilient Enterprise

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Cybersecurity Today Avoid Becoming a News Headline

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Top Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk

SGS CYBER SECURITY GROWTH OPPORTUNITIES

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Ian Speller CISM PCIP MBCS. Head of Corporate Security at Sopra Steria

Table of Contents. Sample

Managed Endpoint Defense

Transcription:

0 CYBER SECURITY WORKSHOP NOVEMBER 2, 2016 Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

VIDEO: CAN IT HAPPEN TO ME? 1

2 AGENDA CYBERSECURITY WHY SUCH A BIG DEAL?

INFORMATION IS THE NEW OIL! 3 Companies are collecting and storing large amounts of data on a regular basis. This data may include information about employees, customers, intellectual property/trade secrets and business operations. This data has value to the companies producing/collecting it, to their competitors and to unknown third parties.

BREACH STATISTICS 4

BREACH STATISTICS 5 Source: BreachLevelIndex.com Source: BreachLevelIndex.com

NEWS WORTHY DATA BREACHES 6

NEWS WORTHY DATA BREACHES 7

NEWS WORTHY DATA BREACHES 8

NEWS WORTHY DATA BREACHES 9

NEWS WORTHY DATA BREACHES 10

COST OF BREACHES 11 Source: BreachLevelIndex.com

SMALL & MEDIUM BUSINESS MYTH 12 I am too insignificant to attract the interest of cyber criminals!!

SMALL & MEDIUM BUSINESS MYTH 13 It is the data that makes a business attractive, not the size especially if it is delicious data, such as lots of customer contact info, credit card data, health data, or valuable intellectual property

SMB AN ATTRACTIVE TARGET.. WHY? 14 Lack of time, budget and expertise No dedicated IT security specialist Lack of risk awareness Lack of employee training Failure to keep security defenses up Outsourcing security to unqualified contractors

SMB AN ATTRACTIVE TARGET.. WHY? 15 Automation allows modern cyber criminals to mass produce attacks with little investment! It s easier to rob a house than a museum

IMPACT OF BREACHES - SMB 16 Direct costs.. Just the tip of the Iceberg!

COSTS HIDDEN UNDERWATER 17 Litigation Costs Costs of investigation Rebuild or replacement of Network Damage to your reputation Public relations costs Increase in Insurance premiums Increase in borrowing cost

18 AGENDA HOW TO DEAL WITH CYBER RISKS?

FRAMEWORK LANDSCAPE 19 The different Cybersecurity Frameworks ISO 27001 COBIT NIST SP 800 Series PCI DSS ITIL & ISO 20000 ISO 22301 & BS 25999-2 NFPA 1600 ISO 27032, etc.

NIST CYBERSECURITY FRAMEWORK 20 01010101010101010101010101110110101011010100000001111010101101010101110101010101010101010 10101010101110010101010101010101010101011101101010110101000000011110101011010101011101110 10101101010000000111101010110101010111010101010101010101010101010111011010101101010000000 11110101011010101011101010101010101010101010101011101101010110101000000011110101011010101 In 2014, the National Institute of Standards and Technology (NIST) released the comprehensive NIST Cybersecurity Framework. This NIST Framework: Allows organizations regardless of size, degree of cyber risk or cybersecurity sophistication to apply the principles and best practices of risk management to improve the security and resilience of critical infrastructure.

FOCUS: 5 FUNCTIONAL AREAS 21 WHAT ASSETS NEED PROTECTION? IDENTIFY Cyber Risk Assessment Systems Data

FOCUS: 5 FUNCTIONAL AREAS 22 WHAT SAFEGUARDS ARE AVAILABLE? IDENTIFY PROTECT Security Training Access & Network Security Encryption & Backup

FOCUS: 5 FUNCTIONAL AREAS 23 WHAT TECHNIQUES CAN DETECT INCIDENTS? Monitoring tools IDENTIFY PROTECT DETECT Security Monitoring services Look for visible signs

FOCUS: 5 FUNCTIONAL AREAS 24 WHAT TECHNIQUES CAN CONTAIN IMPACT OF INCIDENTS? IDENTIFY PROTECT DETECT RESPOND Quarantine Breach Response Plan Perform Forensic

FOCUS: 5 FUNCTIONAL AREAS WHAT TECHNIQUES CAN RESTORE CAPABILITIES? 25 IDENTIFY PROTECT DETECT RESPOND RECOVER

FOCUS: 5 FUNCTIONAL AREAS 26 IDENTIFY PROTECT DETECT RESPOND RECOVER CYBERSECURITY

NIST CYBERSECURITY ASSESSMENT 27 INDENTIFY (ID) RECOVER (RC) PROTECT (PR) RESPOND (RS) DETECT (DE)

28 AGENDA REGULATORY ENVIRONMENT

REGULATIONS HEALTHCARE SECTOR 29 HIPAA Compliance HHS Clarification on Ransomware - 2016 Ransomware Security Incidence Demonstrate low probability of compromise Was ephi encrypted by ransomware? Yes! BREACH HAS OCCURED Incidence Response & Reporting Proc. BREACH notification provisions

NY STATE DEPT. OF FINANCIAL SERVICES 30 23 NYCRR 500

CURRENT STATUS OF THIS REGULATION? 31 Proposed Regulation as of Sep 28, 2016. 45 day public comment period. In each of the last 3 years: < 1000 Customers & < $5 million in gross revenue & < $10 million in total assets If finalized, effective from Jan 1, 2017. 180 days from 1/1/17 to comply. Certification of Compliance Jan 15, 2018 Limited exemptions WAIT & WATCH NOT A PRUDENT STRATEGY!!

THANK YOU 32 PRINCIPAL asharma@withum.com 609.945.7985

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback