Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Similar documents
BHConsulting. Your trusted cybersecurity partner

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Sage Data Security Services Directory

Cybersecurity Auditing in an Unsecure World

Incident Response Services

Cybersecurity The Evolving Landscape

CYBER RESILIENCE & INCIDENT RESPONSE

align security instill confidence

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Leadership. 25 years leading in cyber. 165,000 trained since ,000+ students annually

BHConsulting. Your trusted cybersecurity partner

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Are we breached? Deloitte's Cyber Threat Hunting

CYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Cyber Security: Threat and Prevention

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Transforming Security from Defense in Depth to Comprehensive Security Assurance

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

locuz.com SOC Services

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

Cloud Security Myths Paul Mazzucco, Chief Security Officer

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

What It Takes to be a CISO in 2017

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

White Paper. How to Write an MSSP RFP

SWIFT Customer Security Programme

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange

Vulnerability Assessments and Penetration Testing

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

LESSONS LEARNED IN SMART GRID CYBER SECURITY

K12 Cybersecurity Roadmap

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Take Risks in Life, Not with Your Security

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

CYBER SOLUTIONS & THREAT INTELLIGENCE

Gujarat Forensic Sciences University

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

deep (i) the most advanced solution for managed security services

Cybersecurity. Securely enabling transformation and change

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

2017 Annual Meeting of Members and Board of Directors Meeting

ACM Retreat - Today s Topics:

NYDFS Cybersecurity Regulations

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

How to Prepare a Response to Cyber Attack for a Multinational Company.

Traditional Security Solutions Have Reached Their Limit

Click to edit Master title style. DIY vs. Managed SIEM

Cyber Resilience. Think18. Felicity March IBM Corporation

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

The New Era of Cognitive Security

Product Security Program

Cyber Security Technologies

Introduction Privacy, Security and Risk Management. What Healthcare Organizations Need to Know

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

Cybersecurity in Higher Ed

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Angela McKay Director, Government Security Policy and Strategy Microsoft

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Designing and Building a Cybersecurity Program

SOLUTION BRIEF Virtual CISO

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Cyber Threat Intelligence Debbie Janeczek May 24, 2017

CYBER SECURITY TRAINING

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Effective Strategies for Managing Cybersecurity Risks

Cybersecurity, safety and resilience - Airline perspective

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Cybersecurity Fundamentals

FOR FINANCIAL SERVICES ORGANIZATIONS

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

Department of Management Services REQUEST FOR INFORMATION

Train as you Fight: Are you ready for the Red Team?

Secure Access & SWIFT Customer Security Controls Framework

90% of data breaches are caused by software vulnerabilities.

Changing the Game: An HPR Approach to Cyber CRM007

IT Consulting and Implementation Services

The Impact of Cybersecurity, Data Privacy and Social Media

Cybersecurity Session IIA Conference 2018

CompTIA Security+ Study Guide (SY0-501)

People risk. Capital risk. Technology risk

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

RSA NetWitness Suite Respond in Minutes, Not Months

A Comprehensive Guide to Remote Managed IT Security for Higher Education

Les joies et les peines de la transformation numérique

Defining Computer Security Incident Response Teams

If you were under cyber attack would you ever know?

THE KERNEL. Our in-house professional team is highly skilled in delivering cutting-edge solutions to our clients.

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Transcription:

Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience Security program definition and implementation Risk and compliance management Advanced threat simulation and detection Knowledge Consulting Group Pure-play cybersecurity solution provider Preferred Partner for NAFCU penetration testing and security advisory services Serves public & private sector customers

Agenda Cybersecurity Today Cybersecurity and the Credit Union Industry The Path to Success and Protecting Member Data 10 Keys to Success Q&A Cybersecurity Today What is Cybersecurity? Is this different than information security and risk management? The adversary is: Professional Well-organized and funded Targeting organizations Goal oriented Persistent

Threats: Today vs The Past The Past Worms Viruses Script Kiddies Perimeter focused 20% Organized, 80% Rouge Actors Today Highly targeted Custom malware Target-specific exploits Targeting people Purpose-built implants 80% Organized, 20% Rouge Actors Critical Problem: The Gap is Widening Defense is harder than offence Security management tools and techniques must continually adapt to threats Vendors can t keep up with threats and techniques Attackers have the luxury of time Capabilities Offense Time Defense

Cybersecurity and the Credit Union Industry Credit Unions (CU) and the financial services industry has always been a consistent target All size CUs are targeted Member and payment card data has market value CUs have to worry about their own security and business that collect and process payments Trust is Paramount Digital and mobile banking provides many competitive options Consumers demand trust and ease of use Security issues and loss of trust will result in loss of members

Cybersecurity: The Path to Success Less dependency on vendor-provided solutions alone Highly skilled practitioners vs. technicians Data focus vs. system focus Deep integration of security into the CU business Continuous assessment and improvement Focus on detection and response 10 Keys to Success and Data Protection 1 2 3 4 Stick to the Plan for Expertise Fundamentals Response Now 5 6 7 8 Know Your Data Link Data to Standardization Business & Automation Processes Security Focused Culture Detection & Response 9 10 Continuous Trust But Verify Assessment

1 Stick to the Fundamentals Continuous awareness training Defense in depth Default deny-all access controls: everywhere Secure SDLC processes Disciplined configuration management Strong vulnerability management 2 Expertise Ensure you have the right team Security experts that have a business focus Leaders with the ability to communicate and drive change Deep expertise in attacks, exploits, and response

3 Plan for Response Now Incident response, forensics, and recovery Legal PR & Communications Forensic and investigative partnerships Cyber insurance 4 Security Focused Culture Weak links will always get exploited People are often the weakest link Integrate security into the DNA of the business Top down commitment to security & privacy Bottom up re-enforcement and realization

5 Know your data Who owns it? Where does it live? How it is used? What is the value? What is the potential business impact if compromised? How it needs to be protected? 6 Link Data to Business Processes Linking data, business process, and impact = CRITICALITY

7 Standardization & Automation Inconsistency is the enemy of security Standardization provides the foundation for visibility and discipline People make mistakes Automation doesn t make mistakes Automation scales and enables speed and efficiency 8 Detection & Response Know what normal looks like Identify anomalies Automated alerting Correlate events Analyze scope and impact Contain & eradicate Restore?

9 Continuous Assessment Your adversaries don t use calendars! Continually test your defenses People Process Technology Vulnerability assessments Penetration testing Social engineering Response & recovery 10 Trust But Verify Credit Unions are a highly connected business Each connection with partners presents risk Implement strong contractual security requirements and SLAs Trust their security Verify and validate security controls prior to connecting Validate security posture on an ongoing basis Partners Cloud Providers Service Providers

Summary Cybersecurity is key challenge in the CU industry It is hard, but not impossible Success requires: Committing to security as a top priority Deeply understanding your business Have the right expertise, leadership, and commitment Understanding its When not If an incident will happen Develop, execute, and stick to your cybersecurity strategy Thank You! Matt Mitchell, CISSP Director- Risk Assurance Services Knowledge Consulting Group 2000 Edmund Halley Dr. Suite 500 Reston, VA 20191 Phone: 703-467-2000 x145 Email: matt.mitchell@knowledgecg.com http://www.knowledgecg.com

Open Discussion

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback