Cybersecurity: Ongoing Challenges and Increasing Threats (Medium and Large Firm Focus) Wednesday, May 25 10:00 a.m. 11:00 a.m.

Similar documents
Vice President and Chief Information Security Officer FINRA Technology, Cyber & Information Security

Fundamentals of Cybersecurity Controls Thursday, February 11 10:00 a.m. 11:00 a.m.

Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

Chief Compliance Officer s (CCO s) Role in Cybersecurity Thursday, February 22 10:00 a.m. 11:00 a.m.

Effective Practices for Insider Threats and Third-Party Risk Management Thursday, February 22 10:00 a.m. 11:00 a.m.

Steps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m.

Ransomware A case study of the impact, recovery and remediation events

Cybersecurity Overview

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ

Standing Together for Financial Industry Resilience Quantum Dawn IV after-action report June 2018

How Secure is Blockchain? June 6 th, 2017

Cybersecurity and the Board of Directors

NYDFS Cybersecurity Regulations

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015

DATA BREACH NUTS AND BOLTS

Canada Life Cyber Security Statement 2018

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Cyber Risks in the Boardroom Conference

Sage Data Security Services Directory

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

FDIC InTREx What Documentation Are You Expected to Have?

Ransomware A case study of the impact, recovery and remediation events

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

Digital Health Cyber Security Centre

Effective Cyber Incident Response in Insurance Companies

Department of Management Services REQUEST FOR INFORMATION

Too Little Too Late: Top Reasons Why You Got Hacked

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Cyber Security Program

BHConsulting. Your trusted cybersecurity partner

Sirius Security Overview

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

Information Governance, the Next Evolution of Privacy and Security

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Defensible Security DefSec 101

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Les joies et les peines de la transformation numérique

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

Investigating Insider Threats

Hacking and Cyber Espionage

Getting Your Privacy House in Order

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Cyber Security Risk Management and Identity Theft

locuz.com SOC Services

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Cyber-Threats and Countermeasures in Financial Sector

Emerging Issues: Cybersecurity. Directors College 2015

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

The Insider Threat Center: Thwarting the Evil Insider

Qualification Examination Program Restructure and Regulatory Continuing Education (CE) Program Changes Tuesday, October 9 1:00 p.m. 2:00 p.m.

Cyber Risks, Coverage, and the Board of Directors.

The CERT Top 10 List for Winning the Battle Against Insider Threats

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

DeMystifying Data Breaches and Information Security Compliance

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Cybersecurity Auditing in an Unsecure World

Security and Privacy Governance Program Guidelines

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

The Evolving Threat to Corporate Cyber & Data Security

Cyber Attack: Is Your Business at Risk?

Background FAST FACTS

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

NYS DFS Cybersecurity Requirements. Stephen Head Senior Manager Risk Advisory Services

What It Takes to be a CISO in 2017

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

How to Prepare a Response to Cyber Attack for a Multinational Company.

How to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016

BHConsulting. Your trusted cybersecurity partner

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group

Financial Regulations, Enforcement & Cybersecurity

Must Have Items for Your Cybersecurity or IT Budget in 2018

Cybersecurity The Evolving Landscape

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Global Security Consulting Services, compliancy and risk asessment services

PIPELINE SECURITY An Overview of TSA Programs

PROPOSED INTERPRETIVE NOTICE

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

Incident Response Table Tops

2017 Annual Meeting of Members and Board of Directors Meeting

CYBER SOLUTIONS & THREAT INTELLIGENCE

t a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.

Taking a Business Risk Portfolio (BRP) Approach to Information Security

Navigate IT Security with a Framework as Your Guide

Transcription:

Cybersecurity: Ongoing Challenges and Increasing Threats (Medium and Large Firm Focus) Wednesday, May 25 10:00 a.m. 11:00 a.m. Hear about the latest IT security threats to your clients and to your practice. This update will highlight the threats that are prevalent today and what steps you should take to protect you and your clients. Panelists will share useful practices for protecting your practice. Moderator: John Brady Vice President and Chief Information Security Officer FINRA Technology Administration Panelists: Gerard (Jerry) Brady Managing Director, Chief Information Security Officer and Global Head of IT Security Morgan Stanley Michelle Wraight Director and Chief Privacy Officer Pershing LLC Andy Zolper Chief Information Security Officer Raymond James Financial, Inc. 2016 Financial Industry Regulatory Authority, Inc. All rights reserved. 1

Cybersecurity: Ongoing Challenges and Increasing Threats (Medium and Large Firm Focus) Panelist Bios: Moderator: John Brady is a Vice President in Technology for Cyber and Information Security for FINRA, and is the organization s Chief Information Security Officer (CISO). In this capacity, he is responsible for all aspects of FINRA s information and cyber security programs, as well as ensures compliance with related laws and regulations. He oversees staff focused in four primary information security areas: security architecture and controls, security management tools, application security, and identity management. Mr. Brady, along with counterparts in FINRA s Data Privacy Office, establishes policy and technical controls to ensure information is appropriately protected throughout its lifecycle. He began his career with FINRA over 10 years ago as the Director of Networks and Firewalls. He then broadened and deepened his technical knowledge by taking on responsibility for server and storage infrastructure, where he led system engineering efforts to expand capacity and performance of Market Regulation systems in response to data volumes growing more than 40 percent year over year. Mr. Brady recently led the establishment, design, and implementation of FINRA s new data centers and the seamless migration of more than 175 applications from an outsourcer to those new data centers. Prior to the commencement of his work with FINRA in October 2002, Mr. Brady was Director of Networks at VeriSign from 2000 to 2002 and Network Solutions from 1998 to 2000. From 1995 to 1998, he built and operated Citibank s Internet Web and email services as Vice President, Internet Services. From 1993 to 1995, Mr. Brady worked for Sun Microsystems as Senior Consultant, where he built integrated network systems for prominent customers. Mr. Brady began his professional career as a member of technical staff at The Aerospace Corporation from 1987 to 1993, designing satellite systems and command and control networks for the Air Force Space Command. Mr. Brady holds a bachelor s degree in Computer and Electrical Engineering from Purdue University of West Lafayette in Indiana, and a master s degree in Industrial Engineering and Operations Research from the University of California at Berkeley. He also is an (ISC)2 Certified Information Systems Security Professional (CISSP). Panelists: Gerard Brady is a Managing Director of Morgan Stanley in Technology and Data based in New York. He is the Head of IT Security and is the Chief Information Security Officer. Mr. Brady joined Morgan Stanley in August 2005 and has more than 26 years of industry experience in information security. Prior to joining the firm, Mr. Brady worked at Guardent (acquired by VeriSign), where he was the Chief Technology Officer and Chief Security Officer. Before joining Guardent, Mr. Brady worked at Prudential as the Enterprise Information Security Officer and at Internet Security Systems running emerging technologies and enterprise security software. Michelle Wraight is Director and Chief Privacy Officer at Pershing, LLC, a BNY Mellon Company, with firm-wide responsibilities for managing the Privacy and Data Protection Program. She has been with Pershing since 2008. Ms. Wraight has over 20 years of experience in the Information Security and Data Protection field, having worked in both the pharmaceutical and financial industries. Prior to her current position, Ms. Wraight was the Information Security Officer at Pershing Managed Account Solutions. Ms. Wraight has shared her many years of security and privacy expertise with clients and colleagues through several speaking engagements at Pershing, BNY Mellon, SIFMA, FINRA, International Association of Privacy Professionals, Industry Conferences and a local University. Mr. Wraight holds a bachelor's degree in Information Technology is a member of the FBI Infragard Program, the International Association of Privacy Professionals and has achieved CISM (Certified Information Security Manager) and CRISC (Certified in Risk and Information Systems Control) industry certifications. Andy Zolper is Chief Information Security Officer for Raymond James Financial, Inc., a diversified financial services provider with subsidiaries engaged in investment and financial planning, investment banking and asset management. Through its three broker-dealer subsidiaries, Raymond James Financial has more than 6,300 financial advisers, serving more than 2.5 million accounts in more than 2,500 locations throughout the United States, Canada and overseas. As CISO, Mr. Zolper provides strategic direction to identify appropriate security measures, sponsors implementation of security solutions, manages daily security operations and provides governance to manage technology risk all 2016 Financial Industry Regulatory Authority, Inc. All rights reserved. 2

in order to help Raymond James achieve its business objectives. Mr. Zolper was previously at UBS as CISO of its Wealth Management Americas division, and later as global head of IT Risk Management. Prior to joining UBS, he led teams in IT risk management, global program management and business process reengineering at JPMorgan Chase. Before working at JPMC, Mr. Zolper was responsible for application development at Sterling Resources Inc., and developed the company's process reengineering, e-learning and knowledge management software products. Before joining Sterling Resources, he served in various management roles at Verizon, ranging from staff director of competitive intelligence analysis to field management of "fiber to the curb" deployment. Mr. Zolper graduated from the Virginia Military Institute. He is a U.S. Marine Corps veteran, having served as a communications and signals intelligence officer. He is a graduate of SIFMA's Securities Industry Institute at The Wharton School, a Registered Operations Professional (Series 99), a certified Six Sigma Black Belt and a Certified Information Security Manager (CISM). He represents Raymond James on the Advisory Council of BITS, the technology policy division of The Financial Services Roundtable, and is a member of SIFMA s Cyber Security Working Group. 2016 Financial Industry Regulatory Authority, Inc. All rights reserved. 3

FINRA Annual Conference May 23 25, 2016 Washington, DC Cybersecurity: Ongoing Challenges and Increasing Threats (Medium and Large Firm Focus)

Panelists Moderator John Brady, Vice President and Chief Information Security Officer, FINRA Technology Administration Panelists Jerry Brady, Managing Director, Chief Information Security Officer and Global Head of IT Security, Morgan Stanley Michelle Wraight, Director and Chief Privacy Officer, Pershing LLC Andy Zolper, Chief Information Security Officer, Raymond James Financial, Inc. FINRA Annual Conference 2016 FINRA. All rights reserved. 1

To Access Polling Click on the schedule icon on the home screen Choose the Cybersecurity: Ongoing Challenges and Increasing Threats (Medium and Large Firm Focus)session In the lower right there is an icon: iphone Bubble with a bar graph Android Thumbs up Click on that to see polling questions and responses. FINRA Annual Conference 2016 FINRA. All rights reserved. 2

Threats & Risks FINRA Annual Conference 2016 FINRA. All rights reserved. 3

Ransomware FINRA Annual Conference 2016 FINRA. All rights reserved. 4

Ransomware Best Practices Prevention Restrict write permission on file servers / shared folders Software whitelisting Block malicious websites Educate users and user support Detect and block software behaviors indicative of malware Segment your network using firewalls Response and Recovery Quickly isolate computers that may contain malware Backup data and files; test restoration regularly FINRA Annual Conference 2016 FINRA. All rights reserved. 5

Phishing, Spear Phishing & Whaling FINRA Annual Conference 2016 FINRA. All rights reserved. 6

Phishing Best Practices Training with simulated phishes Email and web security filtering Fraud controls and thresholds in payments and funds transfers Assist users with review of questionable emails and provide a central contact for reporting Maintain secure configurations and stay current on security patches Restrict workstation administrator privileges FINRA Annual Conference 2016 FINRA. All rights reserved. 7

Insider Threat FINRA Annual Conference 2016 FINRA. All rights reserved. 8

Insider Threat Best Practices Guidance: US-CERT: Common Sense Guide to Mitigating Insider Threats MITRE: Insider Threat Program Best Practices Dept. of Energy: Predictive Model for Insider Threat Mitigation Raytheon: Best Practices for Mitigating and Investigating Insider Threats INSA: A Preliminary Examination of Insider Threat Programs in the U.S. Private Sector Effective Controls: Pre-hire screening and background checks Security Information and Event Management (SIEM) Behavioral Analytics tools HR processes for identifying and tracking insider risks FINRA Annual Conference 2016 FINRA. All rights reserved. 9

Privacy Breach Reporting FINRA Annual Conference 2016 FINRA. All rights reserved. 10

Privacy Best Practices Access to legal expertise familiar with privacy, healthcare, other relevant laws Know your information assets and legal obligations Engage senior management and the Board Awareness training for staff and management Include 3 rd parties (vendors, partners) in your plans Data Loss Prevention (DLP) tools ID Theft Red Flags program Collaboration between Data Privacy and Information Security teams FINRA Annual Conference 2016 FINRA. All rights reserved. 11

Response and Recovery Best Practices Develop incident response plans, that is playbooks for various scenarios Explore cybersecurity insurance coverage options Retain an Incident Response firm w/ forensics capabilities Establish working relationships with Law Enforcement (FBI and/or USSS) Conduct table top exercises involving all departments identified in response plans FINRA Annual Conference 2016 FINRA. All rights reserved. 12

Distributed Denial of Service FINRA Annual Conference 2016 FINRA. All rights reserved. 13

DDoS Best Practices Have a means to mitigate in-house, with a DDoS protection service, or your Internet Service Provider (ISP) Access to expertise capable of coordinating detection, mitigation and recovery Test DDoS mitigation capability regularly Avoid paying ransom Stay current on patches and secure configurations Implement a Web Application Firewall (WAF) FINRA Annual Conference 2016 FINRA. All rights reserved. 14

FINRA Annual Conference 2016 FINRA. All rights reserved. 15

Cybersecurity: Ongoing Challenges and Increasing Threats (Medium and Large Firm Focus) Tuesday, May 23 3:00 p.m. 4:00 p.m. Resources Regulatory Guidance FINRA Report on Cybersecurity Practices (February 3, 2015) www.finra.org/sites/default/files/p602363%20report%20on%20cybersecurity%20practices_0.pdf NIST Cyber Security Framework and Roadmap www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf www.nist.gov/cyberframework/upload/roadmap-021214.pdf SEC National Exam Program Risk Alert (OCIE Cyber Security Initiative) www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf SEC Cybersecurity Guidance Update (April 2015) www.sec.gov/investment/im-guidance-2015-02.pdf Tips and Templates National Cyber Security Alliance Mobile Tip Sheet https://staysafeonline.org/business-safe-online/resources/stay-cyberaware-while-on-the-gosafety-tips-for-mobile-devices Cyber Security in the Golden State (see Practical Steps ) https://oag.ca.gov/cybersecurity Strategies to Mitigate Targeted Cyber Intrusions www.asd.gov.au/infosec/mitigationstrategies.htm 2016 Financial Industry Regulatory Authority, Inc. All rights reserved. 1

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback