Cybersecurity: Achieving Prevailing Practices. Session 229, March 8 Mark W. Dill, Partner and Principal Consultant,

Similar documents
Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

K12 Cybersecurity Roadmap

CYBERSECURITY RISK LOWERING CHECKLIST

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

University of Pittsburgh Security Assessment Questionnaire (v1.7)

CyberSecurity: Top 20 Controls

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

ISE North America Leadership Summit and Awards

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Changing face of endpoint security

Designing and Building a Cybersecurity Program

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

Ransomware A case study of the impact, recovery and remediation events

SECURITY & PRIVACY DOCUMENTATION

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

BOLSTERING DETECTION ABILITIES KENT KNUDSEN JUNE 23, 2016

Business continuity management and cyber resiliency

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

CYBERSECURITY MATURITY ASSESSMENT

Principles of Protection: Cybersecurity Data Protection. 11/01/2017 Julia Breaux William Sellers

2017 Annual Meeting of Members and Board of Directors Meeting

UCOP ITS Systemwide CISO Office Systemwide IT Policy. UC Event Logging Standard. Revision History. Date: By: Contact Information: Description:

Cyber security tips and self-assessment for business

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Altius IT Policy Collection Compliance and Standards Matrix

2015 HFMA What Healthcare Can Learn from the Banking Industry

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Tips for Passing an Audit or Assessment

What It Takes to be a CISO in 2017

CompTIA CSA+ Cybersecurity Analyst

Altius IT Policy Collection Compliance and Standards Matrix

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Compliance Is Security. Presented by: Jeff Hall Optiv Security

SECURITY PRACTICES OVERVIEW

Recommendations for Implementing an Information Security Framework for Life Science Organizations

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Altius IT Policy Collection

Ransomware A case study of the impact, recovery and remediation events

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Nebraska CERT Conference

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Defense in Depth Security in the Enterprise

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Evolution Of Cyber Threats & Defense Approaches

Critical Hygiene for Preventing Major Breaches

Cybersecurity Today Avoid Becoming a News Headline

Avoiding an Information Security Mismanagement Program through Fundamentals. Bill Curtis, SynerComm

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

NEN The Education Network

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

a. UTRGV owned, leased or managed computers that fall within the regular UTRGV Computer Security Standard

Building Resilience in a Digital Enterprise

Les joies et les peines de la transformation numérique

Information Security Controls Policy

Cyber Protections: First Step, Risk Assessment

Incident Response Table Tops

Monthly Cyber Threat Briefing

ISACA Arizona May 2016 Chapter Meeting

Digital Wind Cyber Security from GE Renewable Energy

Juniper Vendor Security Requirements

GEARS + CounterACT. Advanced Compliance Enforcement for Healthcare. December 16, Presented by:

Incident Response Plans: The Emergency Shutoff Control for Cyber Risk. Tabitha Greiner, Acumera Chris Lietz, Coalfire

One Hospital s Cybersecurity Journey

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

Vendor Security Questionnaire

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

Projectplace: A Secure Project Collaboration Solution

Chapter 5: Vulnerability Analysis

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

NOTICE TO ALL PROSPECTIVE RESPONDENTS RFP 18-ITSS/CY. Addendum No. 1 issued September 7, RFI responses are in red bold print

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Virus Outbreak

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Total Security Management PCI DSS Compliance Guide

BUILDING AND MAINTAINING SOC

Information Security Architecture Gap Assessment and Prioritization

ACM Retreat - Today s Topics:

HIPAA Security and Privacy Policies & Procedures

Cyber Criminal Methods & Prevention Techniques. By

Technology Incident Response and Impact Reduction. May 9, David Litton

align security instill confidence

Managed Security Services - Endpoint Managed Security on Cloud

Transcription:

Cybersecurity: Achieving Prevailing Practices Session 229, March 8 Mark W. Dill, Partner and Principal Consultant, 1

Conflict of Interest Mark W. Dill, CISM, CRISC Has no real or apparent conflicts of interest to report. 2

Agenda Learning Objectives NIST Cyber Security Framework (CSF) How the information was collected and distilled Critical controls discussion across hospitals of all sizes Critical Access Small-Medium Large Academic Medical Centers Resources Questions 3

Learning Objectives Compare how hospitals of all sizes have defined "prevailing practices" for information security and compliance Explain the common tools, processes, and talent levels that are being used Categorize the security practices using the NIST Cyber Security Framework (CSF): Identify, Protect, Detect, Respond, and Recover Recognize the top tactics used to defend against leading cyber threats: Hacking Malware Phishing Ransomware Discuss what is working versus what is not 4

NIST Cyber Security Framework (CSF) + 5

InfoSec Maturity 6

Note: * Not statistically relevant (yet ), given 5,500+ hospitals in 7 the U.S. Distillation Criteria Facts and opinions must be: Technically interesting and compliance relevant Useful to the audience Presented in a way that allows comparison (bed size) A reasonable sample size (30 hospitals) * Readily obtainable and current (since late 2015) Validated (partially) Sorted by objective (NIST CSF) Focused on the critical few vs. trivial many (CIS Top-20 Critical Controls)

Critical Controls Identify 1. Risk Analysis & Risk Management 2. Control Framework Detect 15. SIEM Tools (Security Information & Event Mgmt. Network 16. SIEM Tools Applications (EMR & Other Applications) 17. Penetration Testing 18. Vulnerability Scanning Respond 19. Incident Response Recover 20. IT Disaster Recovery Protect 3. Security Awareness 4. Access Control: Password Usage 5. Access Control: Access Reviews 6. Firewalls 7. Endpoint Antivirus 8. Intrusion Prevention Systems and Advanced Persistent Threat Tools (IPS and APT) 9. Network Access (or Admission) Control (NAC) 10. Patch Management 11. Encrypted Laptops 12. Encrypted Workstations 13. Mobile Device Management (MDM) 14. Encrypted EHR 8

Hospital Size Name Critical Access Hospital # Beds 25 or less Small-Medium 26-250 Large > 250 Academic Medical Center Not defined by # of beds but more than 1,000 in this research 9

Control to Threat Matching Control List Hacking Malware Phishing Ransomware Theft/Loss Identify: Risk Analysis X X X X Prevent: Security Awareness X X X Prevent: Password Strength X X Prevent: Access Control Reviews X Prevent: Firewalls X X X X Prevent: Endpoint X X X X Prevent: Intrusion Prevention Systems & Advanced Persistent Threats (IPS & APTs) X X X X Prevent: Network Access (or Admission) Control (NAC) X X X Prevent: Patch Management X X X X Prevent: Encrypted Laptops and Workstations Prevent: Mobile Device Management X X X Prevent: Encrypted EHRs X Detect: Security Information and Event Management (SIEM) X X X X Detect: Application-Layer SIEM for EHR & Other Applications X Detect: Penetration Testing X X X X Detect: Vulnerability Scanning X X X Respond: Incident Response X X X X Recover: IT Disaster Recovery X X X X 10 X

Identify: Risk Analysis Large AMC Have you performed a Risk Analysis? Yes 100% 100% 100% 100% How often? Yrs. 1.4 1.6 1.3 1.0 Do you use internal resources? Yes 17% 56% 20% 50% Do you use external resources? Yes 100% 100% 100% 100% Do you use a manual process or automated tool? Manual 100% 100% 100% 50% Do you have a Prioritized Action Plan (aka Risk Management Plan)? Yes 100% 89% 100% 100% Do you have at least 3 years of History? Yes 50% 89% 80% 100% Has management signed off on the Remediation Plan? Yes 50% 89% 30% 50% Have you identified the threat, controls in place, vulnerability and 11 Critical Access Small Med Yes 100% 89% 100% 100% possible outcome? Have you calculated the likelihood, harm level and risk score? Yes 100% 89% 100% 100% Do you maintain a risk register Yes 100% 100% 100% 100% Does your process include biomedical devices/systems Yes 0% 44% 40% 100%

Identify: Control Frameworks - 1 What Control Framework do you use? COBIT HITRUST ISO 27001 and 27002 Critical Access Yes Yes 4 Yes NIST CSF 2 Yes 17% NIST SP 800-53 1 Hybrid Popularity Yes 57% PCI Yes SANS CSC 3 Yes Hybrid (some combination of the above) Yes 83% 100% 43% 100% Small Med Large AMC 12

Identify: Control Frameworks - 2 Critical Small Access Med Large AMC How are you using the framework? Use (influenced by concepts)? Yes 13% Decision making guidiance? Yes 13% Reference Material? Yes Basis for IT policy but not practices? Yes 100% 100% 38% Extensively used for practices, (compliance not verified)? Yes 25% 50% Practices applied and compliance validated? Yes 13% 50% Frequently used to assess program maturity 13

Prevent: Security Awareness Large AMC Do you have an Awareness Plan? Yes 0% 0% 67% 100% At what frequency is the workforce awareness content presented? Months 12 12 12 12 Is your training role-based? Yes 0% 0% 33% 100% Do you use a simple slide show? Yes 100% 100% 67% 100% Do you provide periodic reminders? Yes 100% 100% 100% 100% Are you using a Learning Management System (LMS)? Yes 100% 100% 100% 100% Are you using commercially acquired content? Yes 50% 0% 0% 100% Can you capture the attendee list? Yes 100% 100% 67% 100% Do you require the completion of a quiz before passing? Yes 0% 0% 33% 100% Are users required to complete awareness/training before access is granted? Yes 100% 50% 0% 100% Do you proactively phish the workforce? Yes 50% 50% 67% 100% Are you using a homegrown tool to phish? Yes 0% 50% 0% 0% Are you using a commercial tool to phish? Yes 50% 0% 67% 100% Are your workers required to complete the assigned training? Yes 50% 50% 0% 100% 14 Critical Access Small Med

Prevent: Password Strength Password Attribute PCI Critical Small Access Mid Large Academic Minimum length? # 8 8.25 7.60 6.78 7.50 Complexity (mixture of numeric and alphanumeric)? On On 100% 29% 78% 50% Forced expiration frequency (days)? Days 90 125 90 170 128 Intruder lockout set? Yes 63% 56% 78% 50% Intruder Lockout after X attempts # 5 6 5 3 Minutes before retry allowed? Minutes 15 8 7 30 Upon reset, cannot be the same as prior X passwords? # 4 6 3 4 5 Require initial password uniqueness? On On 0% 29% 22% 50% Require change upon 1st use? On On 20% 29% 77% 100% Note: NIST SP 800-63B Digital Identity Guidelines: Authentication & Lifecycle Management will likely play a role in the future of the prevailing practices for passwords. 15

Prevent: Access Control Reviews Critical Access Large AMC Are user access rights periodically reviewed? Yes 50% 67% 70% 50% What is the frequency? Mos. 12 12 11 12 Small Med 16

Prevent: Firewalls Are you following an industry standard for addressing out of the box vulnerabilities? Critical Access Yes 17% 0% 50% 0% Is console access encrypted? Yes 17% 78% 80% 50% Are you repelling traffic to and from countries you are not doing business with (geofencing)? Yes 33% 67% 90% 0% If you have a DMZ, is a firewall in place to prevent direct access into your network? Yes 67% 78% 90% 100% Do you review the firewall rule sets at least once per year? Yes 67% 33% 50% 50% Small Med Large AMC 17

Prevent: Endpoint Are you using a technology that is not dependent upon pattern file updates? Are you using a technology that prohibits the launching of unauthorized software or processes? Critical Access Small Med Large AMC Yes 33% 33% 20% 0% Yes 33% 56% 20% 100% 18

Prevent: Intrusion Prevention Systems & Advanced Persistent Threats (IPS & APTs) Critical Small Access Med Large AMC Are the tools baked into the firewall? Yes 83% 78% 80% 0% Are the tools stand alone? Yes 17% 22% 10% 100% Are the baseline and signatures/heuristics kept up to date? Yes 83% 100% 80% 100% 19

Prevent: Network Access (or Admission) Control (NAC) Critical Small Access Med Large AMC Do you use a NAC solution? Yes 17% 11% 10% 0% Are you using a commercial tool for NAC? Yes 17% 0% 10% 0% Are you in monitor mode only? Yes 33% 11% 0% 0% Are you in block mode? Yes 0% 0% 10% 0% Does your solution offer a remedial path for devices? Yes 0% 0% 0% 0% 20

Prevent: Patch Management Critical Small Access Med Large AMC Do you patch your servers? Yes 100% 100% 100% 100% Server patch latency? Days 30-180 30-120 30-90 30-60 Do you patch your network infrastructure? Yes 100% 100% 100% 100% Infrastructure patch latency? Days 30-180 30-120 90-120 45-90 Do you patch your endpoints? Yes 100% 100% 100% 100% Endpoint patch latency? Days 0-120 15-120 30-90 30-60 Can Laptops in the field be updated while off the network? Yes 33% 11% 40% 0% Is your Office Suite being patched? Yes 0% 89% 50% 100% Office suite patch latency? Days 30-365 30-120 0-120 30-180 Are commonly vulnerable applications being patched? Yes 17% 33% 40% 100% Common vulnerable application patch latency? Days 60-120 60-120 30-90 30-180 For the platforms you patch, is the function in or outsourced? Insourced 100% 100% 80% 50% 21

Prevent: Encrypted Laptops Critical Small Access Med Large AMC Do you encrypt 100% of your laptops? Yes 67% 100% 100% 100% Are you using an OS vendor-provided tool? Yes 50% 33% 20% 50% Are you using a commercial tool? Yes 50% 67% 100% 50% Are you using pre-boot authentication with a different password? Yes 0% 44% 60% 0% How long before the screen saver is applied? Minutes 8 13 15 15 Number of lost or stolen devices reported? # 0 0 1 10+ 22

Prevent: Encrypted Workstations Critical Small Access Med Large AMC Do you encrypt any workstations? Yes 17% 33% 50% 50% Are you using AES-256/ FIPS 140-2 algorithm? Yes 17% 56% 40% 50% Are you using a risk-based approach to encryption? Yes 0% 67% 70% 50% Are your EMR Downtime (read only devices) encrypted? Yes 0% 44% 30% 0% Do you use an OS vendor-provided tool? Yes 17% 0% 20% 50% Do you use a commercial tool? Yes 0% 33% 60% 0% Do you use pre-boot authentication? Yes 0% 11% 30% 0% Do you have a reporting console? Yes 0% 11% 40% 100% Number of lost or stolen devices reported? # 0 0 0 10+ 23

Prevent: Mobile Device Management Critical Attribute Access Small Mid Large Academic MDM enforced controls? 50% 89% 75% 100% Signed usage agreement? 17% 67% 50% 100% Password/PIN length? 4 4 4-6 4 Complexity enabled? 0% 0% 0% 0% Forced expiration frequency (days)? Wipe after X tries? 8 10-16 10 Screen lock in X minutes? 5 5-10 15 15 Encryption enabled? 50% 89% 75% 100% MDM enabled remote wipe? 17% 89% 75% 100% Controlled use of unsigned applications? 0% 22% 75% 50% Monitor/block for rooted or jailbroken devices? 0% 22% 50% 100% Antivirus or spyware tools used? 0% 0% 0% 0% 24

Prevent: Encrypted EHRs Critical Small Access Med Large AMC Are the SAN or RAID disks encrypted? Yes 50% 22% 50% 0% Is the database encrypted? Yes 17% 22% 10% 0% Are there features of the EMR that are encrypted (reports, file xfers, etc.) Yes 17% 67% 20% 0% What algorithm is in use 128-bit or 256-bit? AES-256 is the norm, though some smaller EMRs are using 128-bit 25

Detect: Security Information and Event Management (SIEM) Critical Small Access Med Large AMC Collecting logs according to a plan? Yes 67% 89% 100% 100% Reactive log review (troubleshooting only)? Yes 50% 67% 50% 0% Forwarding logs to a secondary/secured server (syslog server or SIEM tool)? Yes 17% 56% 80% 100% Using open sourced tools? Yes 17% 56% 10% 50% Using a commercial tool? Yes 33% 22% 70% 100% Proactive log review (hunting for anomalies and problems)? Yes 17% 22% 60% 100% Using inhouse staff to monitor? Yes 67% 44% 70% 100% Using a managed service to monitor? Yes 17% 22% 40% 50% Number of log sources correlated <=5, 6-10, and >10? # 3-5 5-10 12 10 or More Applying User (and device) Behavior Analytics (UBA)? Yes 17% 0% 20% 50% How long are log files retained? Mos. 12 5 9 3 26

Detect: Application-Layer SIEM for EHR & Other Applications Critical Small Access Med Large AMC Reactive only Yes 50% 56% 80% 0% Proactive log review (hunting for anomalies and problems) Yes 33% 44% 20% 100% Granular enough to report on view-only access Yes 33% 67% 70% 100% Using a commercial tool? Yes 33% 44% 70% 100% Are applications beyond the EMR in scope? Yes 17% 0% 40% 100% 27

Detect: Penetration Testing Critical Small Access Med Large AMC Doing Y/N? Yes 50% 78% 60% 100% Frequency? Mos. 36 12-24 12-24 12 Performed by Internal Staff only? Yes 0% 0% 0% 0% Performed by 3rd Party? Yes 50% 78% 60% 100% Scope: Public facing systems only? Yes 33% 56% 60% 0% Scope: Public and internal systems? Yes 17% 22% 40% 100% Scope: Biomedical devices? Yes 0% 0% 0% 50% 28

Detect: Vulnerability Scanning Critical Small Access Med Large AMC Doing Y/N? Yes 67% 78% 80% 100% Using an open sourced tool? Yes 17% 11% 0% 0% Using a commercial tool? Yes 50% 67% 80% 100% Are results shared with leadership and remediated quickly? Yes 50% 67% 30% 100% Performed by Internal Staff only? Yes 33% 56% 50% 100% Performed by 3rd Party? Yes 33% 33% 50% 0% Scope: Public facing systems only? Yes 17% 44% 20% 0% Scope: Public and internal systems? Yes 50% 33% 60% 100% Scope: Biomedical devices? Yes 0% 0% 10% 100% 29

Respond: Incident Response Critical Small Access Med Large AMC Do you have a policy and procedure? Yes 100% 89% 100% 100% Do you use an incident reporting form? Yes 83% 56% 80% 100% Do you have an incident response team? Yes 50% 67% 90% 100% Do you have a playbook(s)? Yes 0% 22% 50% 100% Are the playbooks scenario-specific? Yes 0% 11% 50% 100% Do you exercise the playbooks in a tabletop? Yes 0% 22% 50% 100% What is the frequency of your testing? Mos. 0 12-24 12-18 12 Do you test beyond tabletop? Yes 0% 0% 0% 100% 30

Recover: IT Disaster Recovery Critical Small Access Med Large AMC Do you have a policy and procedure? Yes 50% 89% 90% 100% Have you performed a Business Impact Analysis (BIA)? Yes 0% 33% 40% 50% Do you have a compliance-oriented plan? Yes 0% 33% 60% 100% Do you have step-by-step recovery plans? Yes 17% 33% 20% 100% Do you exercise the plans in a tabletop Yes 0% 33% 30% 50% Do you exercise the plans in fail over or bare metal recovery tests? Yes 0% 0% 10% 50% Are the Recovery Time and Recovery Point Objectives (RTO & RPO) regularly Yes 0% 0% 50% 50% met? Have you increased backup retention to address ransomware Yes 0% 0% 10% 0% Do you redirect My Documents to the network and back it up? Yes 17% 67% 30% 100% How do you backup laptop data? Yes Undefined (or "end user is responsible"), a few small-mid sized hospitals provide a virtual desktop 31

Recap Risk analysis implementing NIST SP800-30 is not that difficult Policies and procedures are the basis for setting behavioral expectations and awareness content Awareness static content about HIPAA will not manage anything but compliance risk real time awareness at "time-of-click" works best Prevailing practices achieve them first before striving for a best practice Layered defenses are still required: Preventive controls are usually best Don't ignore detective, response and recovery capabilities Cost not all improvements need to "break the bank" Outsourcing InfoSec source only "High Volume/Low Complexity" processes 32

Summary In this session, we Compared "prevailing practices" for information security and compliance by hospital size Explained the common tools, processes, and talent levels that are being used Categorized the security practices using the NIST Cyber Security Framework Reviewed the top tactics used to defend against leading cyber threats Discussed what is working versus what is not 33

Resources CIS Critical Controls (Top-20) https://www.sans.org/media/critical-security-controls/critical-controls-poster-2016.pdf CIS Measurement Companion https://www.cisecurity.org/white-papers/a-measurement-companion-to-the-ciscritical-controls/ Free Nessus vulnerability scanner (for not-for-profit hospitals) https://www.tenable.com/about-tenable/tenable-in-the-community/tenablecharitable-organization-subscription-program Free awareness content (branded, but good content) https://phishme.com/resources/cbfree-computer-based-training/ NIST Cybersecurity Framework Assessment Tool Draft https://www.nist.gov/sites/default/files/documents/2016/09/15/baldrigecybersecurity-excellence-builder-draft-09.2016.pdf 34

Questions Mark W. Dill, CISM, CRISC Partner and Principal Consultant, tw-security Mark.Dill@tw-security.com 440-549-6009 Please complete the online session evaluation 35

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback