Cyber Security Incident Response Program. Dr. Michael C. Redmond, PhD MBCP,FBCI,CEM,PMP,MBA
|
|
- Jocelin Wheeler
- 8 years ago
- Views:
Transcription
1 Cyber Security Incident Response Program Dr. Michael C. Redmond, PhD MBCP,FBCI,CEM,PMP,MBA
2 World Economic Forum Global Technology Risks for 2015 According to the World Economic Forum s global risk perspectives survey for 2015, information and infrastructure resilience and cyber security continue to dominate the global technology risk landscape. What is really interesting is the perception that those risks have intensified in the past 12 months. No doubt this reflects both the growing sophistication of cyber attacks and the rise of hyperconnectivity i.e. all kinds of physical objects being web enabled to make up the Internet of Things, along with personal data. The challenge with so many devices connected to the Internet other than computers, is they tend to be less adequately protected The 2015 edition of the Global Risks report completes a decade of highlighting the most significant long-term risks worldwide, drawing on the perspectives of experts and global decision
3 Banking and Cyber Nearly a third of banking organizations do not require their third-party vendors to notify them in the event of an information security breach, according to a recent study on the banking sector's cybersecurity practices. The New York State Department of Financial Services issued its Update on Cyber Security in the Banking Sector: Third-Party Service Providers earlier this month to analyze the due diligence processes, policies and procedures governing relationships with thirdparty vendors, protections for safeguarding sensitive data, and protections against loss incurred due to third party information security failures.
4 Did ALL of Your Users Update 2 weeks ago Chrome? Adobe released security updates for Flash Player on Tuesday. Windows and Macintosh users should update to and Linux users should update to in order to address a variety of vulnerabilities, some of which are deemed critical and can enable code execution. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system, according to a Tuesday release, which states Adobe is aware that an exploit for CVE exists in the wild. Security updates were additionally released for Adobe Flex and ColdFusion. Adobe Flex 4.6 and earlier versions are affected by CVE , and ColdFusion versions 11 and 10 are affected by CVE Both vulnerabilities can be leveraged in reflected cross-site scripting attacks, and both are deemed important.
5 In Million Tax Records Stolen in Largest State Agency Attack Both Social Security and credit card numbers were stolen from the South Carolina Department of Revenue by hackers in August. A phishing enabled hackers to steal credentials from users and eventually steal 74 GB of encrypted and unencrypted data.
6 2012 Server Hack Leads to HIPAA Violation by Utah Department of Health In April, ,000 individuals were affected in a server hack at the authentication level that allowed hackers to access and steal SSNs and personal health records from the Utah Department of Health. One server was not configured according to normal procedure, and this allowed hackers to access the system.
7 In 2012, Global Payments Inc. PCI Data Breach Affected 1.5 Million Nearly 1.5 million consumers were affected by hackers accessing Global Payments Inc. s payment processing system in January and February.
8 On Dec , Dutch government website outage caused by cyber attack Cyber attackers crippled the Dutch government's main websites for most of Tuesday and back-up plans proved ineffective, exposing the vulnerability of critical infrastructure at a time of heightened concern about online security. The outage at 0900 GMT lasted more than seven hours and on Wednesday the government confirmed it was a cyber attack.
9 Cyber Response Ties In With Asset Management Let s discuss what should be in your Asset Management Program
10 Cyber Defense and Response What are the steps? Who is involved? How do we prepare?
11 Process Flow How can we Project Management this? What are the needed Business Processes?
12 Records* ISO 27001:2013 clause number Records of training, skills, experience and qualifications 7.2 Monitoring and measurement results 9.1 Internal audit program 9.2 Results of internal audits 9.2
13 Hackers Read The Same Publications That We Do Cnet CSO Dark Reading eweek
14 Report: 71 percent of orgs were successfully attacked in 2014 The number of successful cyber attacks against organizations is increasing, according to the 2015 Cyberthreat Defense Report from CyberEdge Group, which surveyed 814 IT security decision makers and practitioners from organizations in 19 industries across North America and Europe. Altogether, 71 percent of respondents said that their organization's global network was compromised by a successful cyber attack in 2014 a number that jumped up from 62 percent in the year prior and 22 percent said that their organization experienced six or more successful attacks, according to the report.
15 Risk Awareness of Your Organization Questions What are the key questions What areas of the organization needs to be included How do you raise Risk Awareness How do you develop the right questions for your organizations
16 Gap Knowledge To what degree Protection What s expected Response Suffering Damage Timeliness
17 Motivators Increase in the number of computer security incidents being reported Increase in the number and type of organizations being affected by computer security incidents More focused awareness by organizations on the need for security policies and practices as part of their overall risk-management strategies New laws and regulations that impact how organizations are required to protect information assets Realization that systems and network administrators alone cannot protect organizational systems and assets
18 Efficient Incident Response Program allows an organization Continuity Impacts Cost When Mitigate What Maintain What
19 3 rd Party Contracts for Security Issues What should be stated Who is responsible Who is notified
20 Questions For Thought What When How Where Why 20
21 Bank Secrecy Act Anti-Money Laundering Examination Manual Determine the underlying cause of policy, procedure, or process deficiencies These deficiencies can be the result of a number of factors, including, but not limited to, the following: Management has not assessed, or has not accurately assessed, the bank s risks. Management is unaware of relevant issues. Management is unwilling to create or enhance policies, procedures, and processes. Management or employees disregard established policies, procedures, and processes. Management or employees are unaware of or misunderstand regulatory requirements, policies, procedures, or processes. Higher-risk operations have grown faster than the capabilities of the compliance program. Changes in internal policies, procedures, and processes are poorly communicated.
22 Standards Standards and Best Practices ISO 2700 (Requirements) FFIEC PCI DSS (Credit Card Processing) And so many more Maintaining COBIT (Framework for IT Governance and Controls) ISO (Information Security Risk Management) ITIL(Framework: Identifying, planning, delivering, supporting IT for Business Functions)
23 ISO and Information Security How You Can Use Each
24 SEC The SEC s Office of Compliance Inspections and Examinations (OCIE) issued a risk alert notifying firms it will conduct IT security examinations of more than 50 registered brokerdealers and registered investment advisers. Commission s jurisdiction in cyber security is focused on the integrity of market systems, customer data protection, and disclosure of material information.
25 FFIEC The Financial Services sector is a primary target of cyber attacks FFIEC just released new Guidance on Feb 5th entitled Strengthening the Resilience of Outsourced Technology Services. That Guidance notes, among other things, that Cyber resilience covers aspects of BCM unique to disruptions caused by cyber events. FFIEC wants to see financial institutions incorporate Cyber Attack testing into its testing scenarios.
26 FFIEC "Outsourcing Technology Services Booklet" Many financial institutions depend on third-party service providers to perform or support critical operations. These financial institutions should recognize that using such providers does not relieve the financial institution of its responsibility to ensure that outsourced activities are conducted in a safe and sound manner. The responsibility for properly overseeing outsourced relationships lies with the financial institution's board of directors and senior management. An effective third-party management program should provide the framework for management to identify, measure, monitor, and mitigate the risks associated with outsourcing.
27 What are the benefits of being in compliance with the PCI DSS? What is required How do we know we are compliant
28 What are the requirements for PCI DSS? There are twelve requirements falling into categories: Build Protect Maintain Monitor
29 Different Plans Sound Similar CIRP Computer Incident Response Plan CSIRP Cyber Security Incident Response Plan CSIRT Cyber Security Incident Response Team
30 Why CSIRT Security breaches and subsequent fraud are increasing in frequency and scale. While financial institutions, retailers, healthcare providers, and other targeted organizations are doing everything possible to remain one step ahead of cyber criminals, these incidents will likely continue to happen putting sensitive information at risk. While you can t always prevent a breach, quick response can minimize reputation damage and financial impact. Proactive and timely account holder communication can help reduce costs, including those associated with increased call center activity, customer education, brand repair campaigns, regulatory compliance, and the expense of covering customer losses.
31 CSIRT Program Information Security, Governance & Risk, are all critical aspects of planning and execution of the Cyber Information Security Response Program. Who in your organization has key responsibility to develop a program?
32 3 rd Party CSIRT Testing Types of Tests Simultaneous Testing
33 Cyber Response Getting Started Program Adopt a systematic approach
34 Severity Levels
35 Gap Review Action Steps Review Establish Key Performance Indicators (KPI).
36 Integrate CSIRT into IS Integrate CSIRT Use common Build...
37 2013 Verizon Data Breach Investigations Report 2012, 66 percent of breaches that led to data compromise within days or less remained undiscovered for months or more In 69 percent of the cases, a third party discovered the breach
38 Attacks Are Not IF But WHEN Many large companies are getting hacked: Anthem, Sony, and Target to name just a few. The number of data breaches increased 27.5% in 2014 Measures against these types of security incidents are on the rise in companies.
39 Attacker Tools Rootkits Generators Backdoors And more
40 Feb 2015, Chinese hackers target US defense, finance firms after Forbes cyberattack US cyber security firms say a Chinese espionage team hacked Forbes magazine to then attack defence contractors, financial firms and other unsuspecting prey visiting the popular news website. Invincea and isight Partners detailed what they described as a watering hole campaign late last year that took advantage of Forbes.com and other legitimate websites. A Chinese advanced persistent threat compromised Forbes.com to set up a watering hole style web-based drive-by attack against US defence and financial services firms in late November 2014, Invincea said in a report posted on its website. The brazen attack took advantage of vulnerabilities in Adobe Flash and Internet Explorer software which have since been patched, according to Invincea.
41 February 13, 2015 Tennessee healthcare group notifies employees of payroll breach Tennessee-based State of Franklin Healthcare Associates (SoFHA) has notified all employees that their personal information was accessed during a security breach at the company's third party payroll vendor, and some if has already been used to file fraudulent tax returns. How many victims? All employees are being notified, and 20 to 25 have been affected. What type of personal information? Employee payroll information, including W-2s. What happened? SoFHA's third party payroll vendor was breached, access was gained to SoFHA employee payroll information, and fraudulent tax returns were filed. What was the response? SoFHA is working with national, state and local law enforcement to identify the perpetrators. SoFHA is notifying all employees, and is offering them a free year of identity theft protection services. Details: SoFHA notified local authorities in early February. As of Thursday, between 20 and 25 employees have reported being victims of tax-related identity theft. Quote: We do know that the cyber attack was contained to only employee payroll information, and at no time was any patient data compromised, Richard Panek, CEO of SoFHA, was quoted as saying. The scam is that the criminals attempt to file for, and receive, a tax refund before the real person files.
42 More Every Day Security breaches and subsequent fraud are increasing in frequency and scale.
43 Questions Getting Started Who s included Process Steps Now What
44 Risk While financial institutions, retailers, healthcare providers, and other targeted organizations are doing everything possible to remain one step ahead of cyber criminals, these incidents will likely continue to happen putting sensitive information at risk.
45 Quick Response Why? How?
46 Account Holder Communications When, Why and What
47 Employee Mitigation Auto Lock Password Manager Flashdrives And more
48 Quick Checklist to Mitigate Network Review Validate Conduct
49 CSIRT Phases What are they How do they interconnect
50 Mitigation for Social Engineering How to Mitigate Penetration because of this
51 CSIRT Program Plan for Managing Playbooks for each different types of Cyber Security Incidents (worse case does not work as in Disaster Recovery)
52 Incident Management Goals and Vision What should be included in each When is it updated How is it written
53 Analysis Methodology Identify References Research
54 Interviews and Training What s included How specifically is it done How often
55 Development and Documentation How do I know which documentation I need Where do I get the information Who should help me Passing an Audit Making sure it works
56 Testing and Exercises Validate Types of Tests Are they good enough
57 What s Needed Cyber Security Incident Response Program What s inlcuded What s a Program What s a Plan What s a Playbook
58 Basics Objective Scope Assumptions Ownership Action Steps Structure
59 Incident Incident VS Event How do I know What plans do I need for each
60 Operation Sequencing Initiation Resolution Termination
61 Look for Patterns I m not technical, how can I do this What are the Technical Teams saying Who decides the patterns anyway
62 REWI
63 Resilience Attribute The risk awareness attribute measures the degree of risk understanding, as well as anticipation What are the attributes How well the system is protected
64 Dr. Michael C. Redmond, PhD MBCP, FBCI, CEM, PMP, MBA Certified PECB ISO Instructor International Consultant, Speaker and Author SME: CSIRT and SIEM
White Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationWHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
More informationCyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s
Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s 1 Agenda Data Security Trends Root causes of Cyber Attacks How can we fix this? Secure Infrastructure Security Practices
More informationInformation Security and Risk Management
Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationInformation Technology
Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationCybersecurity Workshop
Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153
More informationPresented by Evan Sylvester, CISSP
Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information
More informationFinancial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age
Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationMedical Information Breaches: Are Your Records Safe?
Medical Information Breaches: Are Your Records Safe? Learning Objectives At the conclusion of this presentation the learner will be able to: Recognize the growing risk of data breaches Assess the potential
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationThe Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016
The Future of Data Breach Risk Management Response and Recovery Increasing electronic product life and reliability The Cybersecurity Forum April 14, 2016 Today s Topics About Merchants Information Solutions,
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More informationSummary of the State of Security
Summary of the State of Security Tram Jewett, CISA CliftonLarsonAllen LLP Virginia GFOA Annual Spring Conference, 2016 1 1 Summary of the State of Security Tram Jewett, MS., CISA, 11 years IT audit and
More informationCYBERSECURITY HOT TOPICS
1 CYBERSECURITY HOT TOPICS Secure Banking Solutions 2 Presenter Chad Knutson VP SBS Institute Senior Information Security Consultant Masters in Information Assurance CISSP, CISA, CRISC www.protectmybank.com
More informationCybersecurity Governance Update on New FFIEC Requirements
Cybersecurity Governance Update on New FFIEC Requirements cliftonlarsonallen.com Our perspective CliftonLarsonAllen Started in 1953 with a goal of total client service Today, Professional Services Firm
More informationCYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015
CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015 TODAY S PRESENTER Viviana Campanaro, CISSP Director, Security and
More informationHow To Protect Yourself From A Hacker Attack
Cybersecurity Demystified: Information Technology Security Trends Joe Oleksak, Plante Moran Agenda Data Security Trends Example Attacks Industry Examples An Answer 1 Who Are The Victims? Targets - victims
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationA Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014
A Wake-Up Call? Fight Back Against Cybercrime Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014 1 Coalfire Background Leading Information Security Consulting Firm Offices: Atlanta,
More informationRemarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014
Remarks by Thomas J. Curry Comptroller of the Currency Before the 10 th Annual Community Bankers Symposium Chicago November 7, 2014 Good morning, it s a pleasure to be here today and to have this opportunity
More informationCyber Security Management
Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies
More informationAgenda. Cyber Security: Potential Threats Impacting Organizations 1/6/2015. January 10, 2015 Scott Petree
Cyber Security: Potential Threats Impacting Organizations January 10, 2015 Scott Petree Agenda 2 Data Security Trends Root Causes of Cyber Attacks How Can We Fix This? Secure Infrastructure User Awareness
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationCybercrime and Regulatory Priorities for Cybersecurity
NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationFranchise Data Compromise Trends and Cardholder. December, 2010
Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee
More informationCompromises in Healthcare Privacy due to Data Breaches
Compromises in Healthcare Privacy due to Data Breaches S. Srinivasan, PhD Distinguished Professor of Information Systems Jesse H. Jones School of Business Texas Southern University, Houston, Texas, USA
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationWho s Doing the Hacking?
Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from
More informationWhat Do You Mean My Cloud Data Isn t Secure?
Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More information2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP
2015 CEO & Board University Cybersecurity on the Rise Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf
More informationWhite Paper September 2013 By Peer1 and CompliancePoint www.peer1.com. PCI DSS Compliance Clarity Out of Complexity
White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com PCI DSS Compliance Clarity Out of Complexity Table of Contents Introduction 1 Businesses are losing customer data 1 Customers are learning
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationPayment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.
Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History
More informationVENDOR MANAGEMENT. General Overview
VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationEd McMurray, CISA, CISSP, CTGA CoNetrix
Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationMeeting the Information Security Management Challenge in the Cyber-Age
Meeting the Information Security Management Challenge in the Cyber-Age November 2015 David Lam, CISSP, CPP Vice-President Citadel Information Group Copyright 2015. Citadel Information Group. All Rights
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationAUDIT TAX SYSTEMS ADVISORY
AUDIT TAX SYSTEMS ADVISORY Presented by: Jim Rumph Introduction JIM RUMPH, CISA Systems Manager Jim is a graduate of the University of Georgia with a Bachelor of Business Administration in Accounting and
More informationGEARS Cyber-Security Services
Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationWhat is Management Responsible For?
What is Management Responsible For? Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf & Company, P.C Regional
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationRemarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014
Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014 It s a pleasure to be with you back home in Boston. I was here just six weeks ago
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationWhat IT Auditors Need to Know About Secure Shell. SSH Communications Security
What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic
More informationwhitepaper 4 Best Practices for Building PCI DSS Compliant Networks
4 Best Practices for Building PCI DSS Compliant Networks Cardholder data is a lucrative and tempting target for cyber criminals. Recent highly publicized accounts of hackers breaching trusted retailers
More informationHow to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors
How to Protect Sensitive Corporate Data against Security Vulnerabilities of Your Vendors July 2014 Executive Summary Data breaches cost organizations millions and sometimes even billions of dollars in
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More information2 0 1 4 F G F O A A N N U A L C O N F E R E N C E
I T G OV E R NANCE 2 0 1 4 F G F O A A N N U A L C O N F E R E N C E RAJ PATEL Plante Moran 248.223.3428 raj.patel@plantemoran.com This presentation will discuss current threats faced by public institutions,
More informationCollateral Effects of Cyberwar
Your texte here. Collateral Effects of Cyberwar by Ilia Kolochenko for Geneva Information Security Day 9 th of October 2015 Quick Facts and Numbers About Cybersecurity In 2014 the annual cost of global
More informationCyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
More informationFormulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements
A Forrester Consulting Thought Leadership Paper Commissioned By Oracle Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationCYBERSTRAT IS PART OF GMTL LLP, 26 YORK STREET, LONDON, W1U 6PZ, UNITED KINGDOM WWW.CYBERSTRAT.CO INFO@CYBERSTRAT.CO
CYBERSTRAT IS PART OF GMTL LLP, 26 YORK STREET, LONDON, W1U 6PZ, UNITED KINGDOM WWW.CYBERSTRAT.CO INFO@CYBERSTRAT.CO CYBER, INFORMATION SECURITY - OVERVIEW A cyber security breach is no longer just an
More informationCyber Security An Exercise in Predicting the Future
Cyber Security An Exercise in Predicting the Future Paul Douglas, August 25, 2014 AUDIT & ACCOUNTING + CONSULTING + TAX SERVICES + TECHNOLOGY I www.pncpa.com I www.pntech.net What is Cyber Security? Measures
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationData Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan
WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data
More informationDeveloping National Frameworks & Engaging the Private Sector
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
More informationTime Is Not On Our Side!
An audit sets the baseline. Restricting The next steps Authenticating help prevent, Tracking detect, and User Access? respond. It is rare for a few days to pass without news of a security breach affecting
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationCloud Assurance: Ensuring Security and Compliance for your IT Environment
Cloud Assurance: Ensuring Security and Compliance for your IT Environment A large global enterprise has to deal with all sorts of potential threats: advanced persistent threats (APTs), phishing, malware
More informationHOSTING. Managed Security Solutions. Managed Security. ECSC Solutions
Managed Security Managed Security MANAGED SECURITY SOLUTIONS I would highly recommend for your company s network review... were by far the best company IT Manager, Credit Management Agency Presenting IT
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationCYBERSECURITY EXAMINATION SWEEP SUMMARY
This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationPresented By: Corporate Security Information Security Treasury Management
Presented By: Corporate Security Information Security Treasury Management Is Your Business Prepared for a Cyber Incident? It s not a matter of if, it s a matter of when Cyber Attacks are on the Rise; Physical
More informationEnd of Support Should Not End Your Business. Challenge of Legacy Systems
End of Support Should Not End Your Business When software vendors announce a product end-of-life (EOL), customers typically have 24 to 30 months to plan and execute their migration strategies. This period
More informationAnatomy of a Healthcare Data Breach
BUSINESS WHITE PAPER Anatomy of a Healthcare Data Breach Prevention and remediation strategies Anatomy of a Healthcare Data Breach Table of Contents 2 Increased risk 3 Mitigation costs 3 An Industry unprepared
More informationCyber Security Protecting critical health care information
OnTrend APRIL 2016 ISSUE Cyber Security Protecting critical health care information The trend Cyber Security As health care data security breaches proliferate, putting members data at risk for fraud or
More informationAre You A Sitting Duck?
The 7 Most Cricitcal I.T. Security Protections Every Business Must Have in Place Now to Protect Themselves from Cybercrime, Data Breaches, and Hacker Attacks Cybercrime is at an all-time high, and hackers
More informationCYBERSECURITY: Is Your Business Ready?
CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationIT risk management discussion 2013 PIAA Leadership Camp May 15, 2013
IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2
More informationDefining Data Security in 2015 and Beyond
Defining Data Security in 2015 and Beyond What you need to know about physical and virtual data security in a complex business environment Colocation Managed Cloud & Hosting Services Business Continuity
More informationElevation of Mobile Security Risks in the Enterprise Threat Landscape
March 2014, HAPPIEST MINDS TECHNOLOGIES Elevation of Mobile Security Risks in the Enterprise Threat Landscape Author Khaleel Syed 1 Copyright Information This document is an exclusive property of Happiest
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationPresentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy
Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationAlienVault for Regulatory Compliance
AlienVault for Regulatory Compliance Overview of Regulatory Compliance in Information Security As computers and networks have become more important in society they and the information they contain have
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More informationWhat Data? I m A Trucking Company!
What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationCyber Risks and Insurance Solutions Malaysia, November 2013
Cyber Risks and Insurance Solutions Malaysia, November 2013 Dynamic but vulnerable IT environment 2 Cyber risks are many and varied Malicious attacks Cyber theft/cyber fraud Cyber terrorism Cyber warfare
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More information