GEARS Cyber-Security Services

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "GEARS Cyber-Security Services"

Transcription

1

2 Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS Pre-Incident Services Incident Response Agreements Assessments of Incident Response Capability Incident Response Guidance Incident Response Plans Incident Response Training Post-Incident Services Incident Response Guidance Incident Response Mitigation Plans Applicable IT70 Labor Categories GEARS Cyber Security Services Catalog Florida DMS Page i of i

3 Introduction The Florida Department of Management Services (DMS), Division of State Purchasing (Department) provides centralized statewide contracts for use by all state agencies. DMS has released an RFI to identify vendors under GSA Schedule 70 who are able to perform cyber-security services listed in the table of contents. Specifically, DMS is seeking to identify vendors that are able to provide assessment and remediation services in the event of a cyber-security incident and provide identity protection, identity monitoring and identity restoration services to any affected individuals under GSA Schedule 70. As appliances for intrusion detection get more sophisticated attack vectors will migrate more from targeted system attacks to attacks that use comprised user credentials gained through social engineering attacks. As in previous years, the top three affected industries continue to be Public, Information and Financial Services. We know no industry or organization for that matter is immune to security failures, but given the trend and resurgence of phishing and other social engineering tactics, we see the core to strengthening organizational security lying with the human resources. Figure 1 provides a few statistics on incidents by industry and organization size. Figure 1. Security incidents by victim industry and organization size (from the 2015 Data Breach Investigations Report) GEARS Cyber Security Services Catalog Florida DMS Page 1 of 11

4 About GEARS Global Evaluation & Applied Research Solutions (GEARS) Inc. is ready to support DMS with seasoned cyber-security specialists to provide a variety of services. The GEARS team has practical experience assessing, advising and supporting financial institutions, large telecommunications and wireless carriers, firms that manage large databases of information, healthcare organizations and providers, as well as providing recommendations for risk and security management programs for global travel management firms the, the GEARS team is poised to support the cyber-security needs of DMS. We understand the threat level and can assess your environment, help DMS to minimize vulnerability and raise cyber-security awareness among your staff. Ted Ridley is a seasoned professional with extensive experience in information technology (IT) concentrating in information assurance, vulnerability assessments, application design and development, application and network security, program and project management, risk analysis and management, operational and security policy planning and development, business continuity and disaster recovery planning and strategy, and network design, validation and implementation across various public and private industries. Having two decades combined experience as a network engineer, network security administrator, incident response team manager, business operations practice manager (Managing Consultant) and independent consultant, Ted has an in-depth understanding of security issues and the associated business impact. Ted s breadth of experience in management, technical delivery and business process optimization, uniquely qualifies him to work to provide comprehensive, high return on investment (ROI) based security solutions. For more information, please contact: Ted Ridley, CSSLP, ECSA, CEH Director, Information Technology Services (301) GEARS Cyber Security Services Catalog Florida DMS Page 2 of 11

5 1. Pre-Incident Services GEARS offers a suite of Pre-Incident Services, including: Incident Response Agreements Creating terms and conditions in place ahead of time to allow for quicker response in the event of a cyber-security incident. Assessments Evaluating a State Agency s current state of information security and cyber-security incident response capability. Preparation Providing guidance on requirements and best practices. Developing Cyber-Security Incident Response Plans Developing or assisting in development of written State Agency plans for incident response in the event of a cybersecurity incident. Training Providing training for State Agency staff from basic user awareness to technical education. 1.1 Incident Response Agreements Better to be safe than sorry. Let our experienced cyber security professionals draft terms and conditions for your organizational response in the event of a cyber-security incident. The GEARS team can support your organization when a computer security attack occurs, an intrusion is recognized, or some other kind of computer security incident occurs. During this critical time, having an established incident response agreement in place provides a fast and effective means of responding. When an incident occurs, the goal of the Information Systems Incident Response Team (ISIRT) is to control and minimize any damage, preserve evidence, provide quick and efficient recovery, prevent similar future events, and gain insight into threats against the organization. At GEARS, our team is well versed on preserving chain of custody and the techniques necessary to quickly isolate the affected devices, either remotely or via telephone support until such time as onsite response teams can arrive. An effective Incident Response Agreement will not only provide the organization with clear understanding of the actions that should take place in the event of an Incident, but provide service level agreements (SLAs) GEARS Cyber Security Services Catalog Florida DMS Page 3 of 11

6 by which the response time and process will be governed (e.g. Isolation of affected devices within 1 hour). 1.2 Assessments of Incident Response Capability GEARS Cyber Team Lead, Ted Ridley, has performed numerous Enterprise Security Assessments for larger commercial organizations utilizing the ISO Enterprise Security Architecture, NIST SP , Technical Guide to Information Security and Assessment: NIST SP800-53A, Guide for Assessing the Security Controls in Federal Information Systems and Organizations; NIST SP800-30, Guide for Conducting Risk Assessments; and NIST SP800-39, Managing Information Security Risk Organization, Mission, and Information System as the guidelines for our assessment tool. Our tool provides domain based scoring of an organization s preparedness a capability for not only Incident Response, but for enterprise security practices as a whole. The tool is designed such that specific domains such as Incident Response can be evaluated individually. Figure 2 is a representative screenshot of the section of the tool used during an incident response assessment. Figure 2 Tool Used During an Incident Response Assessment (Representative) GEARS Cyber Security Services Catalog Florida DMS Page 4 of 11

7 Utilizing the guidelines noted above and the baseline tools GEARS has, we will review the organizations policy, guidelines and procedures and develop a customized tool for performing the Incident Response assessment. 1.3 Incident Response Guidance As previously noted, the GEARS team has notable experience providing guidance on Cyber Security Awareness and preparedness. In that experience we have provided guidance on the requirements and best practices for preparation. In today s worlds of threats, it s never known who will discover and have the need to first report an incident. Therefore, Incident Response preparation is an enterprise-wide effort ensuring that all staff are aware of not only how to identify potential threats and incidents, but also how to properly report them and begin the isolation process when necessary. Routine Security Awareness Training is at the core of ensuring staff are prepared to recognize and respond to incidents. GEARS has experience providing Security Awareness Training courses developed for both staff and executive level participants. Each course is tailored specifically to the intended audience. Although a large portion of base course content is consistent across industry, we realize that industry specific items are critical to providing the best training experience and most useful outcome. Therefore, we bring to bear, industry specific data in our presentation, so that, for example, training for healthcare providers will focus on those attack vectors and most commonly exploited vulnerabilities in the healthcare industry and not those most common to the financial industry. In addition to industry specific data, GEARS will bring client specific data gathered through various black box vulnerability and social engineering assessments conducted prior to providing the training. The assessments allow our presenters the ability to provide not only scenario based information on what to do in case of threats, but actual data on how your team responded to threats. 1.4 Incident Response Plans As part of our experience developing Vulnerability Management Programs, the GEARS team has worked with all levels within information technology organizations to ensure that not only the vision and regulatory needs of the Chief Information Officer are met but the GEARS Cyber Security Services Catalog Florida DMS Page 5 of 11

8 practical and tactical needs of the operations teams that will be implementing the actions from the plan are addressed as well. Having served in capacities spanning from Network Operations Engineers to Network Operations Managers to SVP of Business Operations, our team has the breadth of understanding the needs of various responsibilities of those responsible for incident management. This understanding allows us to provide practical insight and perspective in the development of Incident Response Plans (IRP). The IRP will contain information such as actions defined for both non-it personnel and IT personnel responding to an incident. The IRP will discuss the steps taken during a response to an incident. The IRP will provide contact numbers and sequencing of contact. It will not only have language describing the steps for contacting IT and/or security and escalation through management but a checklist to be completed and submitted as part of the documentation trail for each incident. Examples of areas and associated actions covered by the IRP include: The telephone contact information for the Agency 24-hour-grounds security department who then contact the Agency IT emergency contact person or effected department contact. The grounds security office will log: o The name of the caller. o Time of the call. o Contact information about the caller. o The nature of the incident. o What equipment or persons were involved? o Location of equipment or persons involved. o How the incident was detected. The IT staff member or affected department staff member who receives the call (or discovered the incident) will refer to their contact list for both management personnel to be contacted and incident response members to be contacted. The staff member will call those designated on the list. The staff member will contact the incident response manager using both and phone messages while being sure other appropriate and backup personnel and designated managers are contacted. The staff member will log the information received in the same format as the grounds security office in the previous step. The staff member could possibly add the following: GEARS Cyber Security Services Catalog Florida DMS Page 6 of 11

9 o Is the equipment affected business critical? o What is the severity of the potential impact? o Name of system being targeted, along with operating system, IP address, and location. o IP address and any information about the origin of the attack. Contacted members of the response team will meet or discuss the situation over the telephone and determine a response strategy. o Is the incident real or perceived? o Is the incident still in progress? o What data or property is threatened and how critical is it? o What is the impact on the business should the attack succeed? Minimal, serious, or critical? o What system or systems are targeted, where are they located physically and on the network? o Is the incident inside the trusted network? o Is the response urgent? o Can the incident be quickly contained? o Will the response alert the attacker and do we care? o What type of incident is this? Example: virus, worm, intrusion, abuse, damage. An incident ticket will be created. The incident will be categorized into the highest applicable level of one of the following categories: o Category one - A threat to public safety or life. o Category two - A threat to sensitive data o Category three - A threat to computer systems o Category four - A disruption of services Team members will establish and follow one of the following procedures basing their response on the incident assessment: o Worm response procedure o Virus response procedure o System failure procedure GEARS Cyber Security Services Catalog Florida DMS Page 7 of 11

10 o Active intrusion response procedure - Is critical data at risk? o Inactive Intrusion response procedure o System abuse procedure o Property theft response procedure o Website denial of service response procedure o Database or file denial of service response procedure o Spyware response procedure. The team may create additional procedures that are unforeseen in this document. If there is no applicable procedure in place, the team must document what was done and later establish a procedure for the incident. Team members will use tools such as Encase forensic techniques, including reviewing system logs, looking for gaps in logs, reviewing intrusion detection logs, and interviewing witnesses and the incident victim to determine how the incident was caused. Only authorized personnel should be performing interviews or examining evidence, and the authorized personnel may vary by situation and the organization. Team members will recommend changes to prevent the occurrence from happening again or infecting other systems. Upon management approval, the changes will be implemented. Team members will restore the affected system(s) to the uninfected state. They may do any or more of the following: o Re-install the affected system(s) from scratch and restore data from backups if necessary. Preserve evidence before doing this. o Make users change passwords if passwords may have been sniffed. o Be sure the system has been hardened by turning off or uninstalling unused services. o Be sure the system is fully patched. o Be sure real time virus protection and intrusion detection is running. o Be sure the system is logging the correct events and to the proper level. During the response and as part of the execution of the IRP the ISIRT will ensure that resulting Incident Report captures a few critical items including the following: GEARS Cyber Security Services Catalog Florida DMS Page 8 of 11

11 How the incident was discovered. The category of the incident. Where the incident occurred (whether through , firewall, etc.). Source of incident (IP addresses and other information about the attacker). Response type was implemented. Details of the response. Outcomes effectiveness of response. Additionally, the ISIRT will ensure that the necessary steps are taken to protect the organization s assets and position the legal counsel with all that may be required for prosecution. In doing so, the ISIRT will manage the following tasks that support the organization in its business continuity practices: Evidence Preservation make copies of logs, , and other communication. Keep lists of witnesses. Keep evidence as long as necessary to complete prosecution and beyond in case of an appeal. Notify proper external agencies notify the police and other appropriate agencies if prosecution of the intruder is possible. List the agencies and contact numbers here. Assess damage and cost assess the damage to the organization and estimate both the damage cost and the cost of the containment efforts. Review response and update policies plan and take preventative steps so the intrusion can't happen again. o Consider whether an additional policy could have prevented the intrusion. o Consider whether a procedure or policy was not followed which allowed the intrusion, and then consider what could be changed to ensure that the procedure or policy is followed in the future. o Was the incident response appropriate? How could it be improved? o Was every appropriate party informed in a timely manner? o Were the incident-response procedures detailed and did they cover the entire situation? How can they be improved? o Have changes been made to prevent a re-infection? Have all systems been patched, GEARS Cyber Security Services Catalog Florida DMS Page 9 of 11

12 o o o systems locked down, passwords changed, anti-virus updated, policies set, etc.? Have changes been made to prevent a new and similar infection? Should any security policies be updated? What lessons have been learned from this experience? 1.5 Incident Response Training As previously mentioned the GEARS team has developed Vulnerability Management Programs. Staff training is a key element of establishing a strong vulnerability management framework. Adding in robust technological appliance-based security solutions, while advantageous, will provide a low return on investment if staff is not aware of security threats, how to identify security threats, and how to respond to security threats. GEARS will work with DMS or other state departments and agencies to not only create an effective IRP, but we will develop interactive and engaging training sessions tailored for the various organizational roles and responsibilities, from staff through leadership, designed to educate on the precepts of the IRP, increase awareness of security threats, how to identify security threats, and how to respond to security threats. To measure the effectiveness, once training is complete, GEARS will design social engineering exercises to test the effectiveness of the training and the organization s ability to respond to an Incident. A full report on the outcome of the social engineering exercises will be provided to leadership. 2. Post-Incident Services 2.1 Incident Response Guidance GEARS will work with technical staff to assist State Agencies in providing a full response to an incident. Utilizing the agencies IRP and leveraging our experience in incident response GEARS will join the State Agencies ISIRT in an advisory capacity to ensure that the processes and steps taken will result in a ticket opened with the appropriate level / category assigned, and an incident report detailing the critical elements (How the incident was discovered; the category of the incident; how the incident occurred, the source of the incident; detail the response; outcome of the response effectiveness). This information is not only critical during the response, but for the GEARS Cyber Security Services Catalog Florida DMS Page 10 of 11

13 Incident post-mortem discussions that will be instrumental in the continuous improvement process of the agencies IRP. 2.2 Incident Response Mitigation Plans Based upon the information gathered through the investigation practices and response activities of the incident as noted previously and through an understanding od organizational priorities and critical infrastructure discussed during post-mortem meetings, the GEARS team will assist the State Agency to develop mitigation plans to limit the exposure in future incidents. Our team understands that no agency is going to be free of risks, but through proper planning and through activities of continuous improvement, risk mitigation can be achieved. 3. Applicable IT70 Labor Categories The table below lists the published rates from the GEARS GSA IT 70 Catalog Labor Categories that would be applicable in establishing an Incident Response team. GEARS GSA IT 70 Catalog (GS 35F-0377Y) Labor Category Maximum Price Project Manager III $ Security Specialist I $ Security Specialist II $ Security Specialist III $ Disaster Recovery Specialist $ Network Administrator $ IT Training Specialist III $ GEARS Cyber Security Services Catalog Florida DMS Page 11 of 11

Department of Management Services. Request for Information

Department of Management Services. Request for Information Department of Management Services Request for Information Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 Submitted By: Carlos Henley

More information

Cyber Incident Response

Cyber Incident Response State Capitol P.O. Box 2062 Albany, NY 12220-0062 www.its.ny.gov New York State Information Technology Standard IT Standard: Cyber Incident Response No: NYS-S13-005 Updated: 03/20/2015 Issued By: NYS ITS

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

REQUEST FOR INFORMATION

REQUEST FOR INFORMATION Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services 3 September 2015 6506 Loisdale Rd, Ste 325

More information

Security Policy for External Customers

Security Policy for External Customers 1 Purpose Security Policy for This security policy outlines the requirements for external agencies to gain access to the City of Fort Worth radio system. It also specifies the equipment, configuration

More information

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Cyber Security Incident Handling Policy Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Date: Oct 9, 2015 i Document Control Document Owner Classification

More information

Data Breach Response Planning: Laying the Right Foundation

Data Breach Response Planning: Laying the Right Foundation Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA

More information

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808 cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

More information

Information Security Incident Management Guidelines

Information Security Incident Management Guidelines Information Security Incident Management Guidelines INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu Version #1.0, June 21, 2006 Copyright 2006 by The Regents of The University of

More information

Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that

More information

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information

More information

Attachment A. Identification of Risks/Cybersecurity Governance

Attachment A. Identification of Risks/Cybersecurity Governance Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year

More information

Security for NG9-1-1 SYSTEMS

Security for NG9-1-1 SYSTEMS The Next Generation of Security for NG9-1-1 SYSTEMS The Challenge of Securing Public Safety Agencies A white paper from L.R. Kimball JANUARY 2010 866.375.6812 www.lrkimball.com/cybersecurity L.R. Kimball

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services

Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services 4937 Fargo Street North Charleston SC 29418 Phone 843.266.2330 Fax 843.266.2333 w w w. c o d e l y n x. c o m Request for Information: Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring,

More information

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................

More information

Navigating the Waters of Incident Response and Recovery

Navigating the Waters of Incident Response and Recovery Navigating the Waters of Incident Response and Recovery Lee Kim, Esq. Tucker Arensberg, P.C. CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 2013 Lee Kim

More information

OCIE CYBERSECURITY INITIATIVE

OCIE CYBERSECURITY INITIATIVE Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.

More information

DUUS Information Technology (IT) Incident Management Standard

DUUS Information Technology (IT) Incident Management Standard DUUS Information Technology (IT) Incident Management Standard Issue Date: October 1, 2013 Effective Date: October 1,2013 Revised Date: Number: DHHS-2013-001-E 1.0 Purpose and Objectives Computer systems

More information

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident

More information

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4 State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes

More information

IT Security Incident Management Policies and Practices

IT Security Incident Management Policies and Practices IT Security Incident Management Policies and Practices Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Date: Feb 6, 2015 i Document Control Document

More information

Enterprise Security Tactical Plan

Enterprise Security Tactical Plan Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise

More information

SECURITY. Risk & Compliance Services

SECURITY. Risk & Compliance Services SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize

More information

Cyber Security Metrics Dashboards & Analytics

Cyber Security Metrics Dashboards & Analytics Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

State of South Carolina Policy Guidance and Training

State of South Carolina Policy Guidance and Training State of South Carolina Policy Guidance and Training Policy Workshop Small Agency Threat and Vulnerability Management Policy May 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy

More information

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012

Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012 Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives Initiation date: January 2012 Completion date: June 2012 Nomination submitted by: Samuel A. Nixon

More information

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers

More information

Defensible Strategy To. Cyber Incident Response

Defensible Strategy To. Cyber Incident Response Cyber Incident Response Defensible Strategy To Cyber Incident Response Cyber Incident Response Plans Every company should develop a written plan (cyber incident response plan) that identifies cyber attack

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

Incident Handling Procedure

Incident Handling Procedure 1. Introduction Incident Handling Procedure This document provides some general guidelines and procedures for dealing with computer security incidents. The document is meant to provide Montana Tech support

More information

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008 U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Report on CAP Cybersecurity November 5, 2015

Report on CAP Cybersecurity November 5, 2015 Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets

More information

Information Technology Policy

Information Technology Policy ITP Number ITP-SEC024 Category Security Contact RA-ITCentral@pa.gov Information Technology Policy IT Security Incident Policy Effective Date August 2, 2012 Supersedes Scheduled Review Annual 1. Purpose

More information

ABB s approach concerning IS Security for Automation Systems

ABB s approach concerning IS Security for Automation Systems ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik stefan.kubik@de.abb.com The problem Most manufacturing facilities are more connected (and

More information

Threat Management: Incident Handling. Incident Response Plan

Threat Management: Incident Handling. Incident Response Plan In order to meet the requirements of VCCS Security Standards 13.1 Reporting Information Security Events, and 13.2 Management of Information Security Incidents, SVCC drafted an (IRP). Incident handling

More information

The Value of Vulnerability Management*

The Value of Vulnerability Management* The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample

More information

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow Anatomy of a Breach: A case study in how to protect your organization Presented By Greg Sparrow Agenda Background & Threat landscape Breach: A Case Study Incident Response Best Practices Lessons Learned

More information

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts SAP Cybersecurity Solution Brief Objectives Solution Benefits Quick Facts Secure your SAP landscapes from cyber attack Identify and remove cyber risks in SAP landscapes Perform gap analysis against compliance

More information

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy 2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data

More information

KEY STEPS FOLLOWING A DATA BREACH

KEY STEPS FOLLOWING A DATA BREACH KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,

More information

Cyber Security: Cyber Incident Response Guide. A Non-Technical Guide. Essential for Business Managers Office Managers Operations Managers.

Cyber Security: Cyber Incident Response Guide. A Non-Technical Guide. Essential for Business Managers Office Managers Operations Managers. The Cyber Security: Cyber Incident Response Guide appendix has been developed and distributed for educational and non-commercial purposes only. Copies and reproductions of this content, in whole or in

More information

Computer Security Incident Response Team

Computer Security Incident Response Team Computer Security Incident Response Team Operational Standards The University of Scranton Information Security Office August 2014 Table of Contents 1.0 Operational Standards Document Overview... 3 2.0

More information

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS CYBER ATTACKS INFILTRATE CRITICAL INFRASTRUCTURE SECTORS Government and enterprise critical infrastructure sectors such as energy, communications

More information

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India

¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing

More information

Security. Security consulting and Integration: Definition and Deliverables. Introduction

Security. Security consulting and Integration: Definition and Deliverables. Introduction Security Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC. Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies

More information

Cybersecurity Awareness for Executives

Cybersecurity Awareness for Executives SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity

More information

Information Security Summit 2005

Information Security Summit 2005 Information Security Summit 2005 Forensically Sound Information Security Management in a Risk Compliance Era Keynote Opening Address by Mr. Howard C Dickson Government Chief Information Officer Government

More information

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe

High Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe 2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Implementing a Framework

Implementing a Framework Implementing a Framework 44th Tennessee Higher Education Information Technology Symposium 2015 Greg Jackson Cyber Security Analyst Dynetics Inc. Information Systems Assessment Services (ISAS) www.dynetics.com

More information

Network/Cyber Security

Network/Cyber Security Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security

More information

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services

Cyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance

More information

CYBERSPACE SECURITY CONTINUUM

CYBERSPACE SECURITY CONTINUUM CYBERSPACE SECURITY CONTINUUM A People, Processes, and Technology Approach to Meeting Cyber Security Challenges in the 21 st Century 1 InterAgency Board 1550 Crystal Drive Suite 601, Arlington VA 22202

More information

Penetration Testing. I.T. Security Specialists. Penetration Testing 1

Penetration Testing. I.T. Security Specialists. Penetration Testing 1 Penetration I.T. Security Specialists ing 1 about us At Caretower, we help businesses to identify vulnerabilities within their security systems and provide an action plan to help prevent security breaches

More information

GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT

GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology A comprehensive approach

More information

Lessons from Defending Cyberspace

Lessons from Defending Cyberspace Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

CONCEPTS IN CYBER SECURITY

CONCEPTS IN CYBER SECURITY CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1 OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE

More information

Data Breach Lessons Learned. June 11, 2015

Data Breach Lessons Learned. June 11, 2015 Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin

More information

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's: Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services

More information

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a

More information

Computer Security Incident Response Team

Computer Security Incident Response Team University of Scranton Computer Security Incident Response Team Operational Standards Information Security Office 1/27/2009 Table of Contents 1.0 Operational Standards Document Overview... 3 2.0 Establishment

More information

Perspectives on Cybersecurity in Healthcare June 2015

Perspectives on Cybersecurity in Healthcare June 2015 SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

Table of Contents. Auditor's Guide to Information Systems Auditing Richard E. Cascarino Copyright 2007, John Wiley & Sons, Inc.

Table of Contents. Auditor's Guide to Information Systems Auditing Richard E. Cascarino Copyright 2007, John Wiley & Sons, Inc. Table of Contents PART I. IS Audit Process. CHAPTER 1. Technology and Audit. Technology and Audit. Batch and On-Line Systems. CHAPTER 2. IS Audit Function Knowledge. Information Systems Auditing. What

More information

Extreme Networks Security Analytics G2 Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering

More information

CYBERSECURITY INVESTIGATIONS

CYBERSECURITY INVESTIGATIONS CYBERSECURITY INVESTIGATIONS Planning & Best Practices May 4, 2016 Lanny Morrow, EnCE Managing Consultant lmorrow@bkd.com Cy Sturdivant, CISA Managing Consultant csturdivant@bkd.com Michal Ploskonka, CPA

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Incident Response Guidance for Unclassified Information Systems

Incident Response Guidance for Unclassified Information Systems Mandatory Reference: 545 File Name: 545mad_051503_cd32 Revision: 05/15/2003 Effective Date: 05/23/2003 Incident Response Guidance for Unclassified Information Systems Recent Government Information Security

More information

Office of Inspector General

Office of Inspector General Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit

More information

A Cyber Security Integrator s perspective and approach

A Cyber Security Integrator s perspective and approach A Cyber Security Integrator s perspective and approach Presentation to Saudi Arabian Monetary Agency March 2014 What is a Cyber Integrator? Security system requirements - Finance Building a specific response

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

Security Management. Keeping the IT Security Administrator Busy

Security Management. Keeping the IT Security Administrator Busy Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching

More information

Strategic Plan On-Demand Services April 2, 2015

Strategic Plan On-Demand Services April 2, 2015 Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on

More information

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS AT STATE MEDICAID AGENCIES Inquiries

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

Cisco Security Services

Cisco Security Services Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Session 334 Incident Management. Jeff Roth, CISA, CGEIT, CISSP

Session 334 Incident Management. Jeff Roth, CISA, CGEIT, CISSP Session 334 Incident Management Jeff Roth, CISA, CGEIT, CISSP SPEAKER BIOGRAPHY Jeff Roth, CISA, CGEIT Jeff Roth has over 25 years experience in IT audit, security, risk management and IT Governance experience

More information

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions Managed Security Managed Security MANAGED SECURITY SOLUTIONS I would highly recommend for your company s network review... were by far the best company IT Manager, Credit Management Agency Presenting IT

More information

Caretower s SIEM Managed Security Services

Caretower s SIEM Managed Security Services Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During

More information

Guide to Vulnerability Management for Small Companies

Guide to Vulnerability Management for Small Companies University of Illinois at Urbana-Champaign BADM 557 Enterprise IT Governance Guide to Vulnerability Management for Small Companies Andrew Tan Table of Contents Table of Contents... 1 Abstract... 2 1. Introduction...

More information

ICS-CERT Incident Response Summary Report

ICS-CERT Incident Response Summary Report ICS-CERT Incident Response Summary Report 20092011 OVERVIEW The Department of Homeland Security (DHS) Control Systems Security Program manages and operates the Industrial Control Systems Cyber Emergency

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

Vermont Information Technology Leaders

Vermont Information Technology Leaders Vermont Information Technology Leaders HIPAA COMPLIANCE POLICIES AND PROCEDURES Policy Number: InfoSec 4 Policy Title: Information Security Incident Response January 26, 2016 IDENT INFOSEC4 Type of Document:

More information

Building Best Practices for Effective Monitoring of a Third Party s Incident Event Management Program. A Shared Assessments Briefing Paper

Building Best Practices for Effective Monitoring of a Third Party s Incident Event Management Program. A Shared Assessments Briefing Paper Building Best Practices for Effective Monitoring of a Third Party s Incident Event Management Program A Shared Assessments Briefing Paper Abstract Just 43% of incident management professionals report their

More information

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015 Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information