It Takes the Village to Secure the Village SM

Similar documents
DeMystifying Data Breaches and Information Security Compliance

Staying Safe in Cyber-Space A Business and Personal Guide

KnowBe4 is the world s largest integrated platform for awareness training combined with simulated phishing attacks.

Cybersecurity in Higher Ed

Seven Requirements for Successfully Implementing Information Security Policies and Standards

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Entertaining & Effective Security Awareness Training

Cyber-Threats and Countermeasures in Financial Sector

CACUBO Higher Education Accounting Workshop Top 10 Cyber Security Issues for Higher Education Business Managers. May 2017

Panda Security 2010 Page 1

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014

Is Your Compliance Strategy Putting Your Business at Risk?

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

Cyber Security Risk Management and Identity Theft

Hacking and Cyber Espionage

Altius IT Policy Collection Compliance and Standards Matrix

Cybersecurity It Matters to SMB

Evolution of Spear Phishing. White Paper

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

CRIMINAL NETWORK INTRUSION AND DATA THEFT: Today s Security Landscape and What to Do If You ve Been Compromised

IT Audit and Risk Trends for Credit Union Internal Auditors. Blair Bautista, Director Bob Grill, Manager David Dyk, Manager

Payment Card Compliance and Challenges

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

Post-Secondary Institution Data-Security Overview and Requirements

Altius IT Policy Collection Compliance and Standards Matrix

Personal Cybersecurity

Establishing a Credible Cybersecurity Program. September 2016

Reducing Liability and Threats through Effective Cybersecurity Risk Measurement. Does Your Security Posture Stand Up to Tomorrow s New Threat?

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Cyber Insurance: What is your bank doing to manage risk? presented by

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Keep the Door Open for Users and Closed to Hackers

Cybersecurity and Hospitals: A Board Perspective

Art of Performing Risk Assessments

CITADEL INFORMATION GROUP, INC.

Onapsis: The CISO Imperative Taking Control of SAP

The NextGen cyber crime battlefield. Why organizations will always lose this battle

Balancing Between Risk and Compliance

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 1 Introduction to Security

PEOPLE CENTRIC SECURITY THE NEW

Service Provider View of Cyber Security. July 2017

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

What to do if your business is the victim of a data or security breach?

Cyber Security Updates and Trends Affecting the Real Estate Industry

Machine Learning and Advanced Analytics to Address Today s Security Challenges

Cyber Attacks & Breaches It s not if, it s When

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Cyber Security Stress Test SUMMARY REPORT

THE CYBERSECURITY LITERACY CONFIDENCE GAP

Annual Report on the Status of the Information Security Program

Building a Business Case for Cyber Threat Intelligence. 5Reasons Your. Organization Needs a Risk-Based 5Approach to Cybersecurity

PCI Compliance. What is it? Who uses it? Why is it important?

Assessing Your Incident Response Capabilities Do You Have What it Takes?

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

2017 Annual Meeting of Members and Board of Directors Meeting

The Honest Advantage

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Effective Cyber Incident Response in Insurance Companies

InfoSec Risks from the Front Lines

Top Five Ways to Protect Your Organization from Data Loss & Cyber Hackers

Digital Crime and Cybersecurity. Scott D. Ramsey, Managing Director May 2017

Cyber Security: Threat and Prevention

How NOT To Get Hacked

GDPR drives compliance to top of security project list for 2018

CCISO Blueprint v1. EC-Council

Sage Data Security Services Directory

Keys to a more secure data environment

Security Breaches: How to Prepare and Respond

How to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model

Cybersecurity Today Avoid Becoming a News Headline

Cloud Communications for Healthcare

Cybersecurity Best Practices

Cybersecurity The Evolving Landscape

Understanding the Changing Cybersecurity Problem

Regulation P & GLBA Training

CYBER SOLUTIONS & THREAT INTELLIGENCE

What It Takes to be a CISO in 2017

June 2 nd, 2016 Security Awareness

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

Information Security Risk Strategies. By

Cyber Fraud What can you do about it?

5 IT security hot topics How safe are you?

Cybersecurity Session IIA Conference 2018

Aligning Your Organization s Business Units to Achieve a Cohesive Cybersecurity Strategy

Protect Your Institution with Effective Cybersecurity Governance. Baker Tilly Virchow Krause, LLP

Combating Cyber Risk in the Supply Chain

Transcription:

It Takes the Village to Secure the Village SM Stan Stahl, Ph.D. President Information Systems Security Association Los Angeles Chapter September 30, 2013

2 Online Bank Fraud is Major Challenge. Victim Losses Often Not Reimbursed. http://www.bankinfosecurity.com/blogs/survey-says-ach-wire-fraud-growing-p-1509

3 Annual Cost of Online Bank Fraud: $1,000,000,000 Bloomberg, Aug 4, 2011: http://www.bloomberg.com/news/2011-08-04/hackers-take-1-billion-a-yearfrom-company-accounts-banks-won-t-indemnify.html

4 Financial Fraud and Identity Theft Continue to Climb 613,483,424 Financial Records Reported Breached January 10, 2005 September 19, 2013 These count only reported breaches. They count neither (1) discovered but unreported breaches nor (2) undiscovered breaches.

Average Cost of Data Breach 5 $200 Per Compromised Record $5.5 Million Per Event California Civil Code Section 56.36 $1,000 nominal damages for disclosure of medical information http://www.ponemon.org/index.php

6 State-Sponsored Intellectual Property Theft: Death by a Thousand Cuts

7 Small Business Cybercrime Risk is Significant More than ¾ of small businesses believe their companies are safe from hackers 20% - 30% of all cyberattacks hit small businesses with 250 or fewer employees 60% of small businesses close within 6 months of being victimized by cybercrime.

8 Organizations Must Comply with Cyber Security Laws & Regulations

Cyber Security Need vs. Reality 9

10 Anti-Virus Catches Only 10% of Most Prevalent Attack: 30 Days Last June http://krebsonsecurity.com/2012/06/a-closer-look-recent-email-based-malware-attacks/

11 60% of Zeus Attacks Get Through Anti-Virus programs March 2013 July 2011 https://zeustracker.abuse.ch/

12 Users Unwittingly Open the Door to Cybercrime http://www.citibank. com.us.welcome.c.tr ack.bridge.metrics.po rtal.jps.signon.online. sessionid.ssl.secure. gkkvnxs62qufdtl83ldz.udaql9ime4bn1siact 3f.uwu2e4phxrm31jy mlgaz.9rjfkbl26xnjskx ltu5o.aq7tr61oy0cmbi 0snacj.4yqvgfy5geuu xeefcoe7.paroquian sdores.org/

13 Caution: Opening that Attachment Can Be Dangerous to Your Information Booby Trapped Attachment Exploits Java Vulnerability When Opened

14 Caution: Visiting That Website Can Be Dangerous to Your Information

Anatomy of Cyber Attack 15 Exploit human & technical weakness Install malware on victim computer Cybercriminal Steal IP, Bank Acct Info, Etc Staff Servers

16 The Bottom Line: The Status Quo is No Longer Acceptable The Risk is Real The Impact Can be Existential The C-Suite Must Get Involved Everyone has Vital Role to Play Information security requires CEO attention in their individual companies Business Roundtable, 2004

17 Sun Tzu and the Art of Cyber Security Management It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles, If you do not know your enemies but do know yourself, you will win one and lose one, If you do not know your enemies nor yourself, you will be imperiled in every single battle.

The New Language of Cyber Security Management 18 Problems cannot be solved by the same level of thinking that created them Albert Einstein Information Risk = Threats Vulnerabilities Countermeasures

Information Risk Management: The Big Picture 19 Information Security Management Copyright 2013. Citadel Information Group, Inc. All Rights Reserved.

20 Information Security Management Strategy Proactively manage information security just as you proactively manage finance, operations and other critical operational functions. 1. Implement formal risk-driven information security policies and standards 2. Identify, document and control sensitive information 3. Train and educate personnel 4. Manage IT Infrastructure from an information security point of view

21 Implement a Risk-Managed Policy-Driven Layered Approach to Achieve Defense in Depth Operating Assumption: Cyber criminals will get through any particular defense Top-Management Policies and Standards Information Inventory Training / Culture 3 rd -Party IT Management & Development Security Standards Documentation Checklists & Procedures Appropriate Technology Training The Citadel. Halifax, Nova Scotia.

22 Comply with Laws, Regulations, Contracts. Take Advantage of Recommended Practices. US Federal Law HIPAA HITECH Gramm-Leach-Bliley FTC Rule FFIEC Banking Rules FISMA State Breach Disclosure & Other Laws CA Civil Code 1798.81.5 CA 1386 / SB24 Breach Disclosure Most states MasterCard and Visa Data Security Standard (PCI) European & Other Laws ISO standards ISO 27001 ISO 27002 Government Standards, Guides & Advisories NIST NSA US-CERT Practitioner Standards ISSA OWASP CSA (ISC) 2 ISACA SANS Institute

23 Provide Top-Level Governance, Management & Leadership Information security requires CEO attention in their individual companies Business Roundtable, 2004

24 The ISO 27001-02 Framework: Information Security Management System A5: Security Policy A6: Organization A7: Asset Management A8: Human Resources A9: Physical / Environmental A10: Communication & Operations Management A11: Access Control A12: Acquisition, Development & Maintenance A13: Incident Management A14: Business Continuity A15: Compliance Continuous Process Improvement Engine

25 Tactic: Be Wary of email and Links on Internet & Social Media Sites

26 Tactic: Keep Computer Programs Patched and Updated Report Available: Citadel, LinkedIn. Facebook. RSS. Twitter. ISSA-LA, CDSA, email.

27 Tactic: Be Wary of Dropbox and Other Cloud Services From Citadel Weekend Vulnerability & Patch Report: Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords. Citadel Guide: Eight Security Concerns Before Jumping Into the Cloud

28 Tactic: Test Your Web-Sites Against Common Vulnerabilities

Tactic: Take Specific Action to Protect Against Online Bank Fraud 29 Use Separate Workstation for On- Line Banking Keep Patched Use Only for On-Line Banking No email No web browsing Isolate from Corporate Network Out-Of-Band Confirmation Daily Reconciliation Manage Authorization Positive Pay

What s in it for us?

Teaching the Community

Teaching the Next Generation

Setting the Next Agenda

Wealth Creation and Protection

Passion

Purpose and Meaning

For More Information 39 Stan Stahl Stan@citadel-information.com 323-428-0441 LinkedIn: Stan Stahl Twitter: @StanStahl Citadel Information Group: www.citadel-information.com Information Security Resource Library Citadel Guides Cyber Security News of the Week Weekend Vulnerability and Patch Report ISSA-LA: www.issa-la.org Technical Meetings: 3 rd Wednesday of Month CFO-Working Group: 3 rd Friday of Odd-Months Financial Services Security Forum: 4 th Friday of Month 6 th Annual Summit: May, 2014

The Information Security Conversation 40

It Takes the Village to Secure the Village SM Thank You!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback