Proactive Compliance for Insider Threat Protection
|
|
- Berenice Kristina Craig
- 8 years ago
- Views:
Transcription
1 Proactive Compliance for Insider Threat Protection By Larry Knutsen, co-founder,
2 Proactive Compliance for Insider Threat Protection -2- Executive Summary Cybersecurity and the loss of sensitive data seem to appear daily in the media. On February 12, 2013, President Obama signed Executive Order 13636, Improving Critical Infrastructure Cybersecurity. This outlined the Administration s priorities. This executive order highlights the importance and critical need for improved cybersecurity. The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront. Two years later, on February 13, 2015, President Obama signed Executive Order 13691, Promoting Private Sector Cybersecurity Information Sharing. This Executive Order calls out the National Industrial Security Program to include amending Executive Order 12829, dated January 6, 1993, which established the National Industrial Security Program to safeguard Federal Government classified information that is released to contractors, licensees, and grantees of the United States Government. The conversation has moved to encompass not only cybersecurity and Information Assurance (IA), but also insider threat, which today is one of the most prevalent threats to our nation s security. In this paper, we explore the mandated compliance guidelines, from Executive Orders to policies that address insider threat, along with the anticipated changes to the National Industrial Security Program Operating Manual (NISPOM) expected to be released this fall. We will discuss the impact of the insider threat to an organization, the importance of doing a risk analysis, how to identify gaps, and what organizations can do to create and mitigate the risk of a malicious insider by adopting appropriate security measures.
3 Proactive Compliance for Insider Threat Protection -3- Policies in Place Now The Federal Government has put forth a number of important mandates over the past few years in the effort to bring security standards to a baseline for both cybersecurity and insider threat. Cybersecurity has this Administration s attention, with accountability and deliverables outlined in several Executive Orders. I think we will all agree; we are only as strong as the weakest link in the digital cyber world. These federal compliance standards must be leveraged as a framework to create a robust security posture to protect sensitive information. Beyond this basic framework, different organizations may require additional security needs. So long as these basic standards are met, you are off to a good start, and you can grow your security program as needed. Something is better than nothing and doing your homework up front, discovering your gaps, and taking steps to mitigate them are critical before you purchase anything. In my view, not all organizations require the same level of protection and some can manage sufficiently and safely with a basic program. The important thing for each organization is to strike the balance between security and risk mitigation. Doing nothing is no longer an option. What impact could the NISPOM have on you? If you have, or expect to have, government contracts, your organization will be expected to have an insider threat program. Your program should be based on published policies, linking requirements together into a robust program that includes continuous evaluation, continuous monitoring, and a holistic insider threat detection program. You can wait for the requirements to unfold or you can begin taking steps to do your homework now. At the very least, you should ask yourself, what is your company s intellectual property worth? What is your company s reputation worth? What would you say to your stockholders and employees if tomorrow s media headlines read Data Breach Occurs Insert Your Company Name Here? Senior leadership must understand you cannot guarantee there will be no leaks or prevent a trusted employee from going rogue. What you can do is know what happened when, how and by whom. Most importantly, you can limit the timeframe of bad behavior. Insider Threat Detection and proactive holistic analysis is possible if you build it into your program and you should start planning now.
4 Proactive Compliance for Insider Threat Protection -4- Getting Started When determining what is right for your organization, there are some key questions to ask yourself before you start building and investing time and money in your cybersecurity posture. This is the homework and due diligence phase. 1. What are your goals? What are you trying to Eight Questions You Should Ask protect? You cannot guarantee to leadership that your organization What are your goals? Are your HR and employee regulations supportive of what you want to create? 3. What are your current technical capabilities? won t fall prey to a 4. Who should oversee your program? malicious insider, but you 5. Bring your own device (BYOD) do you allow it? can monitor the rumble strips within your perimeter and strive to identify suitability issues early while they are small. Think of the rumble strips as those found along How good is your user activity monitoring system? Can you merge your employee information gathered from due diligence as part of the hiring process with other data your advisory panel has authorized for use within your cybersecurity program? Is your insider threat program on a private network? most major highways. When you hit them and the noise begins, your full attention is turned to your primary mission Safe Driving. For example, if a user logs onto two computers and prints in two different locations miles apart, shouldn t you ask yourself, Is this user sharing their corporate login? Mitigate suitability and network issues when they are small. 2. Are your HR and employee regulations supportive of what you want to create? Review existing policies, guidelines, and employee handbooks, and engage legal on day one. Do you have consent and disclosure for what you are trying to create? What policies need to be updated, and what is the timeline for that? Engage leadership, HR, legal, security, the CISO, and the CIO to answer these questions as you establish a path forward for your Insider Threat Detection program.
5 Proactive Compliance for Insider Threat Protection What are your current technical capabilities? What technical and non-technical programs are in place that can support a proactive insider threat detection program? What information and capabilities do you currently have that can be leveraged and where are the gaps? What, where and how are your network defenses deployed? Are they reactive or proactive? Break down the stove pipes! For example, are there processes in place to revalidate privileged users accounts and their continued need for privileged access? Are your removable media devices locked down? Do you allow unencrypted files to exit your network including those stored on removable media? Where are passwords or other sensitive PII information being stored? Are you monitoring network activity? If you see terabytes of data going out of your network after hours, do you know where is it going and why? Are you leveraging all your existing network defenses? Has complacency set in? When you have completed a basic inventory exercise, you will discover gaps in technology/capabilities that may require investment. You will also discover you already have capabilities in place to support the early stages of both a reactive and proactive insider threat program. 4. Who should oversee your program? C Suite engagement and legal is critical; CISO, HR and CIO are a must. Establish a senior advisory board to oversee the program. This board will be responsible for deciding things like what type of data can/should be used, how long data should be retained, where should the copied data reside, how can this data be used to create proactive triggers, who knows what about the program, and how to inform the workforce of its existence. Most importantly, this group must decide how the data can be used and agree on anomaly detection triggers. User privacy and the privacy of the investigative threshold are critical. Build partnerships! If you could tell your CIO how many applications exist and the frequency for which they are being used on your organization s network, this will assist your CIO in network migration. This has cost savings potential because you can weed out applications no longer being used.
6 Proactive Compliance for Insider Threat Protection Bring your own device (BYOD) do you allow it? Is there an agreement in place to obtain the necessary user attribution activity on a timely basis? Policies about BYOD should be decided by your senior advisory board (see step 4) and become an integral part of employee education efforts around security. This should also include a review of company-provided devices and policies. Should you travel to questionable countries with devices loaded with company IP? How do you spell Corporate Espionage? 6. How good is your user activity monitoring system? How close to the user does it get you? How do you monitor internal encrypted connections? Should they be monitored? You need to know who did what, when and where, and the closer you can get to user endpoint activity the better. You can t go back and collect something that occurred in the past. Plan now and only collect information you need. 7. Can you merge your employee information gathered from due diligence as part of the hiring process with other data your advisory panel has authorized for use within your cybersecurity program? This is important as it provides a holistic view of your employees. Background information on an individual, collected during their hiring process, may weigh positively or negatively on certain user activities or anomalies, and granting privilege user accesses. How often should this due diligence be initiated? Ask your advisory panel (see step 4). Context will always be the key. Just because someone works after-hours or on weekends doesn t equate to nefarious activity. Does it mean that person is working on a deadline? 8. Is your insider threat program on a private network? It should be, and with restricted access. Administrators on your primary network should not have access to this private network. This isn t about a lack of trust, it s about knowing if a privileged user account is compromised or used in a nefarious way on your primary network. This same account cannot delete or modify computer activity records. Forensics and the ability to recreate activity is a must.
7 Proactive Compliance for Insider Threat Protection -7- Once you have documented the gaps and developed a timeline on how to mitigate these gaps, you will know the level of investment needed to get your organization to the next level, especially if this level is below your threshold of risk mitigation. Your next step will be to select the correct technology and tailor it to your specific needs. Remember that the goal is to balance acceptable risk against potential damage to your organization s reputation, loss of IP, and the loss of employee/stock holder confidence. Taking the time to consider these questions will help you expand on existing capabilities or establish a program based on the needs and culture of your organization, without threatening morale or potential litigation. It will also prevent you from buying unnecessary hardware, software, and capabilities you don t need. Building Your Insider Threat Detection Program (ITDP) It is important to remember that insider threat detection and information assurance (IA) are two different missions with some overlapping areas of data and tools. An insider threat is an individual who uses his/her authorized access to wittingly or unwittingly do harm. To meet this challenge, you need more than traditional IA tools. You need a holistic program that leverages audit data from office-issued computers to include user activity computer monitoring. This needs to be merged with internal (HR, security, training, etc.) and external records (gathered during your due-diligence pre-hiring process) to create an Insider Threat Detection Program (ITDP). Avoid creating a data retrieval system. Instead, your ITDP must be reactive and proactive. Reactive allows you to respond to authorized queries about activities within your organization. Proactive requires you to create anomaly detection trigger rules based on your senior panel s approval. For example, on the information highway you have rumble strips along your perimeter and if a user or activity hits the rumble strips, your ITDP will be alerted. The activity would be reviewed in context to determine if this is a false positive or an activity that warrants a closer inspection. If it s a false positive, review your anomaly triggers to proactively correct the issue. At no point should your ITDP engage in fishing or individual profiling. Fishing would involve identifying an individual and trying to find bad behavior based on curiosity versus on an authorized investigative requirement. Protecting a user s privacy is paramount and should include treating all individuals in the same way. Do not hide the existence of the ITDP and adhere to legal, Human Resource and employee consent, plus the employee handbook (code of conduct, etc.). You must protect the anomaly triggers not the existence of the ITDP.
8 Proactive Compliance for Insider Threat Protection -8- Users can also be evaluated, and anomaly triggers can be defined holistically. To reiterate, these three steps will help you create a robust program benefiting your employees and your organization: Three Steps to Create a Robust Insider Threat Program 1. Establish a central repository for all company provided computer/it audit records to be stored on a private network. 2. Obtain a copy of internal data based on guidance and approval from your oversight committee. 3. Integrate data used during the hiring process. First, establish a central repository for all company provided computer/it audit records to be stored on a private network. This will benefit both IA and ITDP missions. It is critical to make sure your endpoint monitoring gets as close to the user as possible to meet your user monitoring requirements as approved by your senior advisory panel. Second, obtain a copy of internal data based on guidance and approval from your oversight committee. You will need to have an identity resolution process in place to ensure data accuracy. Third, integrate data used during the hiring process. Due diligence should include thorough background checks and external research of potential employees (e.g. financial information such as bankruptcies, arrest records, education confirmation). Interviews should include questions that probe a candidate s moral compass, and this information should not just reside in HR files but be included as part of the ITDP. Your oversight committee should determine the frequency for which the due diligence process should be repeated. Obviously greater frequency will ensure any issues are addressed in a more timely process.
9 Proactive Compliance for Insider Threat Protection -9- These steps will help you to focus on maintaining good employees and ensure you only collect and retain information you are authorized to have Everyone makes mistakes based on your defined purpose. Everyone makes and if an employee mistakes and if an employee missteps and an missteps and an anomaly anomaly trigger sounds an alarm, a quick and trigger sounds an alarm, proactive examination of the incident with the a quick and proactive ITDP tools will tell you whether an action is malicious or not. Establish mandatory training examination of the and education courses for users so they incident with the ITDP understand what to do and what not to do with tools will tell you whether company hardware, data and personal devices. an action is malicious Train employees to be alert for phishing attacks or not. and educate them on how to be responsible in protecting company intellectual property. It is my belief that companies spend a lot of time and effort identifying and training employees and employees want to do a good job. Suitability issues happen, and if you mitigate them early, you can save a good employee who just made a mistake before her or she crosses a line of no return. Remember, the purpose of your ITDP is to retain good employees, protect your IP, and quickly mitigate nefarious employees. Citation of privileged user statistics 1 : 73% of privileged users believe they are empowered to access all the information they can view 1 65% say these same people access sensitive or confidential data out of curiosity 1 57% indicate background checks lacking within organization before issuance of privileged credentials 1 1
10 Proactive Compliance for Insider Threat Protection -10- Data Breaches 2 Nearly 200 million records or 93,000 records per hour were stolen between January and March of 2014, an increase of 233 percent over the same quarter last year, according to the recently released SafeNet Breach Level Index Protection: How To Confidently Mitigate Insider Risks Once you have an ITDP in place, you cannot guarantee all insider threats will be stopped, but you can confidently mitigate them and limit the period of time they have to inflict damage. Data leaks are on the rise and are the lead story more often than we care to see them, but with so many happening, are we becoming numb to them? If so, this could be disastrous. Organizations would be smart to remember the extent of the damage that can be done to a company s reputation, stock prices, and customer confidence. An Incident Response Plan that activates immediately when a data breach occurs is critical to handling and responding to the loss of sensitive data. It may still be possible to recover stolen records or even limit what is being stolen if you act swiftly. A published Incident Response Plan is paramount to ensure collaboration, teamwork, protection of individual privacies, and that the incident is handled in accordance with approved company guidelines. Discovery and escalation come first. An incident response team must move quickly to alert the C-Suite and authorities if the data breach involves the loss of personally identifiable information or company IP. Does notification include regulatory bodies? Lost business may be an immediate issue and the company needs to have a plan.
11 Proactive Compliance for Insider Threat Protection -11- New Federal Guidelines Heading Your Way New NISPOM standards are due to be released this fall. Don t wait until they show up to see what you need to do to be compliant, especially when you can start now and be ahead of the game. First, take inventory of where your organization stands in terms of the recommended standards. If new requirements demand increased standards and if they are linked to contract obligations, it is important to start leveraging what you currently have in place and build from there. Will this affect current or future contract obligations? Anticipate the areas you will need to build out and proactively engage your company s resources to include available government resources to help you build a program tailored to the needs and culture of your organization. And, don t stop there. The fact is, in the face of the current threat to national and industrial security, NISPOM standards may not be enough for your risk mitigation model. In my view, guidelines should be your starting point and based on leadership requirements to include your business strategy, you may require additional protection. Doing nothing is no longer an option. Act now. Disclaimer: The views and opinions in this paper are based on Mr. Knutsen s personal experience and do not express the views of any government agency or former employer.
12 Proactive Compliance for Insider Threat Protection -12- About the Author Larry Knutsen retired from the CIA in 2012 as a Senior Intelligence Service Officer after 30 years 10 years abroad. He was responsible for creating the vision, acquiring resources long before audit/insider threat was the topic of today. Mr. Knutsen led the Agency s sophisticated CI and Security Technical Insider Threat Detection Program, which became recognized as the gold standard for the Intelligence Community. He was requested by the White House to lead an interagency team of technical and policy experts in response to unauthorized disclosure from Wiki Leaks. As a result, recommendations related to the insider threat and protection of classified information were adopted and later resulted in providing the framework for an Executive Order that was published in October Mr. Knutsen recently started a small company called Strongbox Cyber Solutions with a partner. Strongbox Cyber Solutions provides consulting services that leverage his expertise in CI and Security to guide data analytics and developers to create tailored anomaly triggers and algorithms based on unique customer requirements. The company helps organizations establish an insider threat detection program based on their risk mitigation strategy. Government Awards Mr. Knutsen was awarded the National Intelligence Superior Service Medal from the Director of National Intelligence in 2013, Distinguished Career Intelligence Medal from the Central Intelligence Agency in 2012, the National Counterintelligence Award for Community Excellence from the Director of National Counterintelligence in 2010, and the National Intelligence Meritorious Unit Citation in recognition of outstanding achievements.
13 Proactive Compliance for Insider Threat Protection -13- Appendix: Policies in Place Now The Federal Government has put forth a number of important mandates over the past few years in an effort to bring security standards to a baseline level for both overall data assurance and insider threat. We are only as strong as the weakest link in the electronic cyber world. Executive Order (EO) Promoting Private Sector Cybersecurity Information Sharing - dated February 13, 2015 to address cyber threat to public health and safety, national security, and economic security of the United States, private companies, nonprofit organization, executive departments and agencies and other entities must be able to share information related to cyber security risks and incidents and collaborate to respond in as close to real time as possible. Executive Order (EO) National Industrial Security Program dated January 6, 1993 established a National Industrial Security Program to safeguard Federal Government classified information that is released to contractors, licensees, and grantees of the United States Government. Executive Order (EO) Structural Reports to Improve the Security of Classified Networks and the Responsible sharing and Safeguarding of Classified Information - dated October 7, outlined policy, general responsibilities ranging from designating a responsible individual, implementing an insider program, to self-scans. National Industrial Security Program Operating Manual DoD M, 28 February 2006 Incorporating change 1 dated 28 March It prescribes the requirements, restrictions, and other safeguards to prevent unauthorized disclosure of classified information. National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs dated November 21, outlined capabilities to gather, integrate and centrally analyze and respond to key threat-related information; monitor employee use of classified networks; provide the workforce with insider threat awareness training; and protect the civil liberties and privacy of personnel.
14 Proactive Compliance for Insider Threat Protection -14- Fiscal Year 2013 Reporting Instructions for the Federal Information Security Management Act and Agency Privacy Management dated November 18, 2013 helps agencies improve cybersecurity performance by focusing on efforts on what data and information are entering and exiting their networks, who is on their systems and what components are on their information networks, as well as when their security status changes. Executive Order (EO) Improving Critical Infrastructure Cybersecurity dated February 12, 2013 Repeated cyber intrusions into critical infrastructure demonstrate the need for improved cybersecurity. The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront. Presidential Policy Directive (PPD)-21 on Critical Infrastructure Security and Resilience - dated February 12, 2013 advances a national unity of effort to strengthen and maintain secure, functioning, and resilient critical infrastructure. NIST SP Rev 4 Security and Privacy Controls for Federal Information Systems and Organizations dated April covers the steps in the Risk Management Frame work that address security control selection for federal information systems in accordance with the security requirements in Federal Information Processing Standard (FIPS) 200. This includes selecting an initial set of baseline security controls based on a FIPS 199 worst-case impact analysis, tailoring the baseline security controls, and supplementing the security controls based on an organizational assessment of risk.
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL INDEPENDENT EVALUATION OF THE NATIONAL CREDIT UNION ADMINISTRATION S COMPLIANCE WITH THE FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA)
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationInformation Security for Managers
Fiscal Year 2015 Information Security for Managers Introduction Information Security Overview Enterprise Performance Life Cycle Enterprise Performance Life Cycle and the Risk Management Framework Categorize
More information¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India
CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationEnterprise Audit Management Instruction for National Security Systems (NSS)
UNCLASSIFIED September 2013 Enterprise Audit Management Instruction for National Security Systems (NSS) THIS DOCUMENT PRESCRIBES STANDARDS YOUR DEPARTMENT OR AGENCY MAY REQUIRE FURTHER IMPLEMENTATION UNCLASSIFIED
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationDON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? FREEMAN WOOD HEAD OF MERCER SENTINEL NORTH AMERICA GREGG SOMMER HEAD OF OPERATIONAL RISK ASSESSMENTS MERCER
More informationwww.veriato.com Implementing a User Activity & Behavior Monitoring program
www.veriato.com Implementing a User Activity & Behavior Monitoring program Decision Point: Why Monitor Employee Activity and Behavior? The Reactive Decision The Proactive Decision Decision Point: What
More informationApplying IBM Security solutions to the NIST Cybersecurity Framework
IBM Software Thought Leadership White Paper August 2014 Applying IBM Security solutions to the NIST Cybersecurity Framework Help avoid gaps in security and compliance coverage as threats and business requirements
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationINSIDER THREAT PROGRAM DEVELOPMENT TRAINING (INSIDER THREAT SECURITY SPECIALIST COURSE)
INSIDER THREAT PROGRAM DEVELOPMENT TRAINING (INSIDER THREAT SECURITY SPECIALIST COURSE) Presented by: Jim Henderson, CISSP, CCISO CEO, Insider Threat Defense, TopSecretProtection.com, Inc. Counterespionage-Insider
More informationPACB One-Day Cybersecurity Workshop
PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance
More informationCyberArk Privileged Threat Analytics. Solution Brief
CyberArk Privileged Threat Analytics Solution Brief Table of Contents The New Security Battleground: Inside Your Network...3 Privileged Account Security...3 CyberArk Privileged Threat Analytics : Detect
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More informationManaging Business Risk
Managing Business Risk With Assurance Report Cards April 7, 2015 Table of Contents Introduction... 3 Cybersecurity is a Business Issue... 3 Standards, Control Objectives and Controls... 5 Standards and
More informationdeveloping your potential Cyber Security Training
developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company
More informationCORE Security and GLBA
CORE Security and GLBA Addressing the Graham-Leach-Bliley Act with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationHIPAA Compliance Review Analysis and Summary of Results
HIPAA Compliance Review Analysis and Summary of Results Centers for Medicare & Medicaid Services (CMS) Office of E-Health Standards and Services (OESS) Reviews 2008 Table of Contents Introduction 1 Risk
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationWritten Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.
Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government
More informationCDW-G Federal Cybersecurity Report: Danger on the Front Lines. November 2009. 2009 CDW Government, Inc.
CDW-G Federal Cybersecurity Report: Danger on the Front Lines November 2009 2009 CDW Government, Inc. 1 Table of Contents Introduction 3 Key Findings 4 The Threats 5 Frequent Threats 6 Persistence and
More informationPolicy on Information Assurance Risk Management for National Security Systems
CNSSP No. 22 January 2012 Policy on Information Assurance Risk Management for National Security Systems THIS DOCUMENT PRESCRIBES MINIMUM STANDARDS YOUR DEPARTMENT OR AGENCY MAY REQUIRE FURTHER IMPLEMENTATION
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationEverything You Wanted to Know about DISA STIGs but were Afraid to Ask
Everything You Wanted to Know about DISA STIGs but were Afraid to Ask An EiQ Networks White Paper 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue,
More informationForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002
ForeScout CounterACT and Compliance An independent assessment on how network access control maps to leading compliance mandates and helps automate GRC operations June 2012 Overview Information security
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationCybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response
Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary
More informationFederal Bureau of Investigation s Integrity and Compliance Program
Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established
More informationCyber Watch. Written by Peter Buxbaum
Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs
More informationSolving the Security Puzzle
Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big
More informationConnecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm
Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom 1 Connecting the dots:
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationNorth American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5)
Whitepaper North American Electric Reliability Corporation: Critical Infrastructure Protection, Version 5 (NERC-CIP V5) NERC-CIP Overview The North American Electric Reliability Corporation (NERC) is a
More informationDepartment of Defense DIRECTIVE
Department of Defense DIRECTIVE NUMBER 5205.16 September 30, 2014 USD(I) SUBJECT: The DoD Insider Threat Program References: See Enclosure 1 1. PURPOSE. In accordance with sections 113 and 131 through
More informationHow to get from laws to technical requirements
How to get from laws to technical requirements And how the OPM hack relates technology, policy, and law June 30, 2015 Isaac Potoczny-Jones ijones@galois.com www.galois.com Galois, Inc. Overview Outline!
More informationAdopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
More informationCyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats
Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations
More informationImplementing an Employee Monitoring Program
Implementing an Employee Monitoring Program www.spectorsoft.com Decision Point: Why Monitor Employee Activity? The Reactive Decision The Proactive Decision Decision Point: What is Right for Your Organization?
More informationCybersecurity Framework Security Policy Mapping Table
Cybersecurity Framework Security Policy Mapping Table The following table illustrates how specific requirements of the US Cybersecurity Framework [1] are addressed by the ISO 27002 standard and covered
More informationBridging the HIPAA/HITECH Compliance Gap
CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According
More informationTREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION
TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Full Compliance With Trusted Internet Connection Requirements Is Progressing; However, Improvements Would Strengthen Security September 17, 2013 Reference
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationFormulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements
A Forrester Consulting Thought Leadership Paper Commissioned By Oracle Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements
More informationMitigating the Risks of Privilege-based Attacks in Federal Agencies
WHITE PAPER Mitigating the Risks of Privilege-based Attacks in Federal Agencies Powerful compliance and risk management solutions for government agencies 1 Table of Contents Your networks are under attack
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More informationCYBERSECURITY IN HEALTHCARE: A TIME TO ACT
share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationNIST Cybersecurity Framework What It Means for Energy Companies
Daniel E. Frank J.J. Herbert Mark Thibodeaux NIST Cybersecurity Framework What It Means for Energy Companies November 14, 2013 Your Panelists Dan Frank J.J. Herbert Mark Thibodeaux 2 Overview The Cyber
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationDepartment of Homeland Security
Implementation Status of EINSTEIN 3 Accelerated OIG-14-52 March 2014 Washington, DC 20528 / www.oig.dhs.gov March 24, 2014 MEMORANDUM FOR: FROM: SUBJECT: Bobbie Stempfley Acting Assistant Secretary Office
More informationOffice of Inspector General
Office of Inspector General DEPARTMENT OF HOMELAND SECURITY U.S. Department of Homeland Security Washington, DC 20528 Office of Inspector General Security Weaknesses Increase Risks to Critical DHS Databases
More informationRecognize Nefarious Cyber Activity and Catch Those Responsible with IBM InfoSphere Entity Analytic Solutions
Building a Smarter Planet with Advanced Cyber Security Solutions Recognize Nefarious Cyber Activity and Catch Those Responsible with Highlights g Cyber Security Solutions from IBM InfoSphere Entity Analytic
More informationCybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048
Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator
More informationCybersecurity in the States 2012: Priorities, Issues and Trends
Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationReport of Evaluation OFFICE OF INSPECTOR GENERAL. OIG 2014 Evaluation of the Farm Credit OIG 2014 Administration s. Management Act.
OFFICE OF INSPECTOR GENERAL Report of Evaluation OIG 2014 Evaluation of the Farm Credit OIG 2014 Administration s Evaluation of the Farm Compliance Credit Administration s with the Federal Information
More informationSeptember 24, 2015. Mr. Hogan and Ms. Newton:
Mr. Michael Hogan and Ms. Elaine Newton Office of the Director, Information Technology Laboratory National Institute of Standards and Technology 100 Bureau Drive Mail Stop 8930 Gaithersburg, MD 20899-8930
More informationConsolidated Audit Program (CAP) A multi-compliance approach
Consolidated Audit Program (CAP) A multi-compliance approach ISSA CONFERENCE Carlos Pelaez, Director, Coalfire May 14, 2015 About Coalfire We help our clients recognize and control cybersecurity risk,
More informationTime Is Not On Our Side!
An audit sets the baseline. Restricting The next steps Authenticating help prevent, Tracking detect, and User Access? respond. It is rare for a few days to pass without news of a security breach affecting
More informationU.S. Department of Energy Office of Inspector General Office of Audits & Inspections
U.S. Department of Energy Office of Inspector General Office of Audits & Inspections Audit Report Follow-up Audit of the Department's Cyber Security Incident Management Program DOE/IG-0878 December 2012
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationThings To Do After You ve Been Hacked
Problem: You ve been hacked! Now what? Solution: Proactive, automated incident response from inside the network Things To Do After You ve Been Hacked Tube web share It only takes one click to compromise
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationData Security Concerns for the Electric Grid
Data Security Concerns for the Electric Grid Data Security Concerns for the Electric Grid The U.S. power grid infrastructure is a vital component of modern society and commerce, and represents a critical
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationApplying machine learning techniques to achieve resilient, accurate, high-speed malware detection
White Paper: Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection Prepared by: Northrop Grumman Corporation Information Systems Sector Cyber Solutions Division
More informationHow To Write A National Cybersecurity Act
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationNine Network Considerations in the New HIPAA Landscape
Guide Nine Network Considerations in the New HIPAA Landscape The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Omnibus Final Rule, released January 2013, introduced some significant
More informationThe Path Ahead for Security Leaders
The Path Ahead for Security Leaders Executive Summary What You Will Learn If you asked security leaders five years ago what their primary focus was, you would likely get a resounding: securing our operations.
More informationCorporate Overview. MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA 22153 Office: 703.636.2033 Fax: 866.761.7457 www.mindpointgroup.
Corporate Overview MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA 22153 Office: 703.636.2033 Fax: 866.761.7457 www.mindpointgroup.com IS&P Practice Areas Core Competencies Clients & Services
More informationTechnical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments
DATA SHEET Technical Testing Application, Network and Red Team Testing The Dell SecureWorks Technical Testing services deliver the independent expertise, experience and perspective you need to enhance
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationCDM Hardware Asset Management (HWAM) Capability
CDM Hardware Asset Management (HWAM) Capability Department of Homeland Security Office of Cybersecurity and Communications Federal Network Resilience Table of Contents 1 PURPOSE AND SCOPE... 2 2 THREAT
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationData Privacy and Gramm- Leach-Bliley Act Section 501(b)
Data Privacy and Gramm- Leach-Bliley Act Section 501(b) October 2007 2007 Enterprise Risk Management, Inc. Agenda Introduction and Fundamentals Gramm-Leach-Bliley Act, Section 501(b) GLBA Life Cycle Enforcement
More informationCyberprivacy and Cybersecurity for Health Data
Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies
More informationBreach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool
ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy Jeremy.Dalpiaz@icba.org www.icba.org ICBA Summary
More informationJOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More information