GEARS Cyber-Security Services
|
|
- Gabriel McDowell
- 8 years ago
- Views:
Transcription
1
2 Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS Pre-Incident Services Incident Response Agreements Assessments of Incident Response Capability Incident Response Guidance Incident Response Plans Incident Response Training Post-Incident Services Incident Response Guidance Incident Response Mitigation Plans Applicable IT70 Labor Categories GEARS Cyber Security Services Catalog Florida DMS Page i of i
3 Introduction The Florida Department of Management Services (DMS), Division of State Purchasing (Department) provides centralized statewide contracts for use by all state agencies. DMS has released an RFI to identify vendors under GSA Schedule 70 who are able to perform cyber-security services listed in the table of contents. Specifically, DMS is seeking to identify vendors that are able to provide assessment and remediation services in the event of a cyber-security incident and provide identity protection, identity monitoring and identity restoration services to any affected individuals under GSA Schedule 70. As appliances for intrusion detection get more sophisticated attack vectors will migrate more from targeted system attacks to attacks that use comprised user credentials gained through social engineering attacks. As in previous years, the top three affected industries continue to be Public, Information and Financial Services. We know no industry or organization for that matter is immune to security failures, but given the trend and resurgence of phishing and other social engineering tactics, we see the core to strengthening organizational security lying with the human resources. Figure 1 provides a few statistics on incidents by industry and organization size. Figure 1. Security incidents by victim industry and organization size (from the 2015 Data Breach Investigations Report) GEARS Cyber Security Services Catalog Florida DMS Page 1 of 11
4 About GEARS Global Evaluation & Applied Research Solutions (GEARS) Inc. is ready to support DMS with seasoned cyber-security specialists to provide a variety of services. The GEARS team has practical experience assessing, advising and supporting financial institutions, large telecommunications and wireless carriers, firms that manage large databases of information, healthcare organizations and providers, as well as providing recommendations for risk and security management programs for global travel management firms the, the GEARS team is poised to support the cyber-security needs of DMS. We understand the threat level and can assess your environment, help DMS to minimize vulnerability and raise cyber-security awareness among your staff. Ted Ridley is a seasoned professional with extensive experience in information technology (IT) concentrating in information assurance, vulnerability assessments, application design and development, application and network security, program and project management, risk analysis and management, operational and security policy planning and development, business continuity and disaster recovery planning and strategy, and network design, validation and implementation across various public and private industries. Having two decades combined experience as a network engineer, network security administrator, incident response team manager, business operations practice manager (Managing Consultant) and independent consultant, Ted has an in-depth understanding of security issues and the associated business impact. Ted s breadth of experience in management, technical delivery and business process optimization, uniquely qualifies him to work to provide comprehensive, high return on investment (ROI) based security solutions. For more information, please contact: Ted Ridley, CSSLP, ECSA, CEH Director, Information Technology Services (301) tridley@getingears.com GEARS Cyber Security Services Catalog Florida DMS Page 2 of 11
5 1. Pre-Incident Services GEARS offers a suite of Pre-Incident Services, including: Incident Response Agreements Creating terms and conditions in place ahead of time to allow for quicker response in the event of a cyber-security incident. Assessments Evaluating a State Agency s current state of information security and cyber-security incident response capability. Preparation Providing guidance on requirements and best practices. Developing Cyber-Security Incident Response Plans Developing or assisting in development of written State Agency plans for incident response in the event of a cybersecurity incident. Training Providing training for State Agency staff from basic user awareness to technical education. 1.1 Incident Response Agreements Better to be safe than sorry. Let our experienced cyber security professionals draft terms and conditions for your organizational response in the event of a cyber-security incident. The GEARS team can support your organization when a computer security attack occurs, an intrusion is recognized, or some other kind of computer security incident occurs. During this critical time, having an established incident response agreement in place provides a fast and effective means of responding. When an incident occurs, the goal of the Information Systems Incident Response Team (ISIRT) is to control and minimize any damage, preserve evidence, provide quick and efficient recovery, prevent similar future events, and gain insight into threats against the organization. At GEARS, our team is well versed on preserving chain of custody and the techniques necessary to quickly isolate the affected devices, either remotely or via telephone support until such time as onsite response teams can arrive. An effective Incident Response Agreement will not only provide the organization with clear understanding of the actions that should take place in the event of an Incident, but provide service level agreements (SLAs) GEARS Cyber Security Services Catalog Florida DMS Page 3 of 11
6 by which the response time and process will be governed (e.g. Isolation of affected devices within 1 hour). 1.2 Assessments of Incident Response Capability GEARS Cyber Team Lead, Ted Ridley, has performed numerous Enterprise Security Assessments for larger commercial organizations utilizing the ISO Enterprise Security Architecture, NIST SP , Technical Guide to Information Security and Assessment: NIST SP800-53A, Guide for Assessing the Security Controls in Federal Information Systems and Organizations; NIST SP800-30, Guide for Conducting Risk Assessments; and NIST SP800-39, Managing Information Security Risk Organization, Mission, and Information System as the guidelines for our assessment tool. Our tool provides domain based scoring of an organization s preparedness a capability for not only Incident Response, but for enterprise security practices as a whole. The tool is designed such that specific domains such as Incident Response can be evaluated individually. Figure 2 is a representative screenshot of the section of the tool used during an incident response assessment. Figure 2 Tool Used During an Incident Response Assessment (Representative) GEARS Cyber Security Services Catalog Florida DMS Page 4 of 11
7 Utilizing the guidelines noted above and the baseline tools GEARS has, we will review the organizations policy, guidelines and procedures and develop a customized tool for performing the Incident Response assessment. 1.3 Incident Response Guidance As previously noted, the GEARS team has notable experience providing guidance on Cyber Security Awareness and preparedness. In that experience we have provided guidance on the requirements and best practices for preparation. In today s worlds of threats, it s never known who will discover and have the need to first report an incident. Therefore, Incident Response preparation is an enterprise-wide effort ensuring that all staff are aware of not only how to identify potential threats and incidents, but also how to properly report them and begin the isolation process when necessary. Routine Security Awareness Training is at the core of ensuring staff are prepared to recognize and respond to incidents. GEARS has experience providing Security Awareness Training courses developed for both staff and executive level participants. Each course is tailored specifically to the intended audience. Although a large portion of base course content is consistent across industry, we realize that industry specific items are critical to providing the best training experience and most useful outcome. Therefore, we bring to bear, industry specific data in our presentation, so that, for example, training for healthcare providers will focus on those attack vectors and most commonly exploited vulnerabilities in the healthcare industry and not those most common to the financial industry. In addition to industry specific data, GEARS will bring client specific data gathered through various black box vulnerability and social engineering assessments conducted prior to providing the training. The assessments allow our presenters the ability to provide not only scenario based information on what to do in case of threats, but actual data on how your team responded to threats. 1.4 Incident Response Plans As part of our experience developing Vulnerability Management Programs, the GEARS team has worked with all levels within information technology organizations to ensure that not only the vision and regulatory needs of the Chief Information Officer are met but the GEARS Cyber Security Services Catalog Florida DMS Page 5 of 11
8 practical and tactical needs of the operations teams that will be implementing the actions from the plan are addressed as well. Having served in capacities spanning from Network Operations Engineers to Network Operations Managers to SVP of Business Operations, our team has the breadth of understanding the needs of various responsibilities of those responsible for incident management. This understanding allows us to provide practical insight and perspective in the development of Incident Response Plans (IRP). The IRP will contain information such as actions defined for both non-it personnel and IT personnel responding to an incident. The IRP will discuss the steps taken during a response to an incident. The IRP will provide contact numbers and sequencing of contact. It will not only have language describing the steps for contacting IT and/or security and escalation through management but a checklist to be completed and submitted as part of the documentation trail for each incident. Examples of areas and associated actions covered by the IRP include: The telephone contact information for the Agency 24-hour-grounds security department who then contact the Agency IT emergency contact person or effected department contact. The grounds security office will log: o The name of the caller. o Time of the call. o Contact information about the caller. o The nature of the incident. o What equipment or persons were involved? o Location of equipment or persons involved. o How the incident was detected. The IT staff member or affected department staff member who receives the call (or discovered the incident) will refer to their contact list for both management personnel to be contacted and incident response members to be contacted. The staff member will call those designated on the list. The staff member will contact the incident response manager using both and phone messages while being sure other appropriate and backup personnel and designated managers are contacted. The staff member will log the information received in the same format as the grounds security office in the previous step. The staff member could possibly add the following: GEARS Cyber Security Services Catalog Florida DMS Page 6 of 11
9 o Is the equipment affected business critical? o What is the severity of the potential impact? o Name of system being targeted, along with operating system, IP address, and location. o IP address and any information about the origin of the attack. Contacted members of the response team will meet or discuss the situation over the telephone and determine a response strategy. o Is the incident real or perceived? o Is the incident still in progress? o What data or property is threatened and how critical is it? o What is the impact on the business should the attack succeed? Minimal, serious, or critical? o What system or systems are targeted, where are they located physically and on the network? o Is the incident inside the trusted network? o Is the response urgent? o Can the incident be quickly contained? o Will the response alert the attacker and do we care? o What type of incident is this? Example: virus, worm, intrusion, abuse, damage. An incident ticket will be created. The incident will be categorized into the highest applicable level of one of the following categories: o Category one - A threat to public safety or life. o Category two - A threat to sensitive data o Category three - A threat to computer systems o Category four - A disruption of services Team members will establish and follow one of the following procedures basing their response on the incident assessment: o Worm response procedure o Virus response procedure o System failure procedure GEARS Cyber Security Services Catalog Florida DMS Page 7 of 11
10 o Active intrusion response procedure - Is critical data at risk? o Inactive Intrusion response procedure o System abuse procedure o Property theft response procedure o Website denial of service response procedure o Database or file denial of service response procedure o Spyware response procedure. The team may create additional procedures that are unforeseen in this document. If there is no applicable procedure in place, the team must document what was done and later establish a procedure for the incident. Team members will use tools such as Encase forensic techniques, including reviewing system logs, looking for gaps in logs, reviewing intrusion detection logs, and interviewing witnesses and the incident victim to determine how the incident was caused. Only authorized personnel should be performing interviews or examining evidence, and the authorized personnel may vary by situation and the organization. Team members will recommend changes to prevent the occurrence from happening again or infecting other systems. Upon management approval, the changes will be implemented. Team members will restore the affected system(s) to the uninfected state. They may do any or more of the following: o Re-install the affected system(s) from scratch and restore data from backups if necessary. Preserve evidence before doing this. o Make users change passwords if passwords may have been sniffed. o Be sure the system has been hardened by turning off or uninstalling unused services. o Be sure the system is fully patched. o Be sure real time virus protection and intrusion detection is running. o Be sure the system is logging the correct events and to the proper level. During the response and as part of the execution of the IRP the ISIRT will ensure that resulting Incident Report captures a few critical items including the following: GEARS Cyber Security Services Catalog Florida DMS Page 8 of 11
11 How the incident was discovered. The category of the incident. Where the incident occurred (whether through , firewall, etc.). Source of incident (IP addresses and other information about the attacker). Response type was implemented. Details of the response. Outcomes effectiveness of response. Additionally, the ISIRT will ensure that the necessary steps are taken to protect the organization s assets and position the legal counsel with all that may be required for prosecution. In doing so, the ISIRT will manage the following tasks that support the organization in its business continuity practices: Evidence Preservation make copies of logs, , and other communication. Keep lists of witnesses. Keep evidence as long as necessary to complete prosecution and beyond in case of an appeal. Notify proper external agencies notify the police and other appropriate agencies if prosecution of the intruder is possible. List the agencies and contact numbers here. Assess damage and cost assess the damage to the organization and estimate both the damage cost and the cost of the containment efforts. Review response and update policies plan and take preventative steps so the intrusion can't happen again. o Consider whether an additional policy could have prevented the intrusion. o Consider whether a procedure or policy was not followed which allowed the intrusion, and then consider what could be changed to ensure that the procedure or policy is followed in the future. o Was the incident response appropriate? How could it be improved? o Was every appropriate party informed in a timely manner? o Were the incident-response procedures detailed and did they cover the entire situation? How can they be improved? o Have changes been made to prevent a re-infection? Have all systems been patched, GEARS Cyber Security Services Catalog Florida DMS Page 9 of 11
12 o o o systems locked down, passwords changed, anti-virus updated, policies set, etc.? Have changes been made to prevent a new and similar infection? Should any security policies be updated? What lessons have been learned from this experience? 1.5 Incident Response Training As previously mentioned the GEARS team has developed Vulnerability Management Programs. Staff training is a key element of establishing a strong vulnerability management framework. Adding in robust technological appliance-based security solutions, while advantageous, will provide a low return on investment if staff is not aware of security threats, how to identify security threats, and how to respond to security threats. GEARS will work with DMS or other state departments and agencies to not only create an effective IRP, but we will develop interactive and engaging training sessions tailored for the various organizational roles and responsibilities, from staff through leadership, designed to educate on the precepts of the IRP, increase awareness of security threats, how to identify security threats, and how to respond to security threats. To measure the effectiveness, once training is complete, GEARS will design social engineering exercises to test the effectiveness of the training and the organization s ability to respond to an Incident. A full report on the outcome of the social engineering exercises will be provided to leadership. 2. Post-Incident Services 2.1 Incident Response Guidance GEARS will work with technical staff to assist State Agencies in providing a full response to an incident. Utilizing the agencies IRP and leveraging our experience in incident response GEARS will join the State Agencies ISIRT in an advisory capacity to ensure that the processes and steps taken will result in a ticket opened with the appropriate level / category assigned, and an incident report detailing the critical elements (How the incident was discovered; the category of the incident; how the incident occurred, the source of the incident; detail the response; outcome of the response effectiveness). This information is not only critical during the response, but for the GEARS Cyber Security Services Catalog Florida DMS Page 10 of 11
13 Incident post-mortem discussions that will be instrumental in the continuous improvement process of the agencies IRP. 2.2 Incident Response Mitigation Plans Based upon the information gathered through the investigation practices and response activities of the incident as noted previously and through an understanding od organizational priorities and critical infrastructure discussed during post-mortem meetings, the GEARS team will assist the State Agency to develop mitigation plans to limit the exposure in future incidents. Our team understands that no agency is going to be free of risks, but through proper planning and through activities of continuous improvement, risk mitigation can be achieved. 3. Applicable IT70 Labor Categories The table below lists the published rates from the GEARS GSA IT 70 Catalog Labor Categories that would be applicable in establishing an Incident Response team. GEARS GSA IT 70 Catalog (GS 35F-0377Y) Labor Category Maximum Price Project Manager III $ Security Specialist I $ Security Specialist II $ Security Specialist III $ Disaster Recovery Specialist $ Network Administrator $ IT Training Specialist III $ GEARS Cyber Security Services Catalog Florida DMS Page 11 of 11
Department of Management Services. Request for Information
Department of Management Services Request for Information Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 Submitted By: Carlos Henley
More informationCyber Incident Response
State Capitol P.O. Box 2062 Albany, NY 12220-0062 www.its.ny.gov New York State Information Technology Standard IT Standard: Cyber Incident Response No: NYS-S13-005 Updated: 03/20/2015 Issued By: NYS ITS
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationCyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology
Cyber Security Incident Handling Policy Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Date: Oct 9, 2015 i Document Control Document Owner Classification
More informationData Breach Response Planning: Laying the Right Foundation
Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA
More informationSecurity Policy for External Customers
1 Purpose Security Policy for This security policy outlines the requirements for external agencies to gain access to the City of Fort Worth radio system. It also specifies the equipment, configuration
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationSecurity for NG9-1-1 SYSTEMS
The Next Generation of Security for NG9-1-1 SYSTEMS The Challenge of Securing Public Safety Agencies A white paper from L.R. Kimball JANUARY 2010 866.375.6812 www.lrkimball.com/cybersecurity L.R. Kimball
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationInformation Security Incident Management Guidelines
Information Security Incident Management Guidelines INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu Version #1.0, June 21, 2006 Copyright 2006 by The Regents of The University of
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationPractice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited
Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident
More informationCyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
4937 Fargo Street North Charleston SC 29418 Phone 843.266.2330 Fax 843.266.2333 w w w. c o d e l y n x. c o m Request for Information: Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring,
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationREQUEST FOR INFORMATION
Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services 3 September 2015 6506 Loisdale Rd, Ste 325
More informationDUUS Information Technology (IT) Incident Management Standard
DUUS Information Technology (IT) Incident Management Standard Issue Date: October 1, 2013 Effective Date: October 1,2013 Revised Date: Number: DHHS-2013-001-E 1.0 Purpose and Objectives Computer systems
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationIT Security Incident Management Policies and Practices
IT Security Incident Management Policies and Practices Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Date: Feb 6, 2015 i Document Control Document
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationPanel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices
Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationIncident Handling Procedure
1. Introduction Incident Handling Procedure This document provides some general guidelines and procedures for dealing with computer security incidents. The document is meant to provide Montana Tech support
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationInformation Technology Policy
ITP Number ITP-SEC024 Category Security Contact RA-ITCentral@pa.gov Information Technology Policy IT Security Incident Policy Effective Date August 2, 2012 Supersedes Scheduled Review Annual 1. Purpose
More informationReport on CAP Cybersecurity November 5, 2015
Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets
More informationThreat Management: Incident Handling. Incident Response Plan
In order to meet the requirements of VCCS Security Standards 13.1 Reporting Information Security Events, and 13.2 Management of Information Security Incidents, SVCC drafted an (IRP). Incident handling
More informationAnatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow
Anatomy of a Breach: A case study in how to protect your organization Presented By Greg Sparrow Agenda Background & Threat landscape Breach: A Case Study Incident Response Best Practices Lessons Learned
More informationAPPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST
APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data
More informationSAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts
SAP Cybersecurity Solution Brief Objectives Solution Benefits Quick Facts Secure your SAP landscapes from cyber attack Identify and remove cyber risks in SAP landscapes Perform gap analysis against compliance
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationCommonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012
Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives Initiation date: January 2012 Completion date: June 2012 Nomination submitted by: Samuel A. Nixon
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationData Breach Lessons Learned. June 11, 2015
Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationSecurity Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions
Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationDefensible Strategy To. Cyber Incident Response
Cyber Incident Response Defensible Strategy To Cyber Incident Response Cyber Incident Response Plans Every company should develop a written plan (cyber incident response plan) that identifies cyber attack
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationLessons from Defending Cyberspace
Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat
More informationABB s approach concerning IS Security for Automation Systems
ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik stefan.kubik@de.abb.com The problem Most manufacturing facilities are more connected (and
More informationNetwork/Cyber Security
Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security
More informationCyber Security: Cyber Incident Response Guide. A Non-Technical Guide. Essential for Business Managers Office Managers Operations Managers.
The Cyber Security: Cyber Incident Response Guide appendix has been developed and distributed for educational and non-commercial purposes only. Copies and reproductions of this content, in whole or in
More informationPenetration Testing. I.T. Security Specialists. Penetration Testing 1
Penetration I.T. Security Specialists ing 1 about us At Caretower, we help businesses to identify vulnerabilities within their security systems and provide an action plan to help prevent security breaches
More information¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India
CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing
More informationA MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS
A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS CYBER ATTACKS INFILTRATE CRITICAL INFRASTRUCTURE SECTORS Government and enterprise critical infrastructure sectors such as energy, communications
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop Small Agency Threat and Vulnerability Management Policy May 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy
More informationSecurity. Security consulting and Integration: Definition and Deliverables. Introduction
Security Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data
More informationPerspectives on Cybersecurity in Healthcare June 2015
SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationCONCEPTS IN CYBER SECURITY
CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1 OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationHIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS
Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS AT STATE MEDICAID AGENCIES Inquiries
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationCYBERSECURITY INVESTIGATIONS
CYBERSECURITY INVESTIGATIONS Planning & Best Practices May 4, 2016 Lanny Morrow, EnCE Managing Consultant lmorrow@bkd.com Cy Sturdivant, CISA Managing Consultant csturdivant@bkd.com Michal Ploskonka, CPA
More information2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy
2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,
More informationGuide to Vulnerability Management for Small Companies
University of Illinois at Urbana-Champaign BADM 557 Enterprise IT Governance Guide to Vulnerability Management for Small Companies Andrew Tan Table of Contents Table of Contents... 1 Abstract... 2 1. Introduction...
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationIncident Response Guidance for Unclassified Information Systems
Mandatory Reference: 545 File Name: 545mad_051503_cd32 Revision: 05/15/2003 Effective Date: 05/23/2003 Incident Response Guidance for Unclassified Information Systems Recent Government Information Security
More informationHow To Audit The Mint'S Information Technology
Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit
More informationInformation Security Summit 2005
Information Security Summit 2005 Forensically Sound Information Security Management in a Risk Compliance Era Keynote Opening Address by Mr. Howard C Dickson Government Chief Information Officer Government
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationCybersecurity Awareness for Executives
SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity
More informationGUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT
GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology A comprehensive approach
More informationSTATE OF NEW JERSEY Security Controls Assessment Checklist
STATE OF NEW JERSEY Security Controls Assessment Checklist Appendix D to 09-11-P1-NJOIT P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 Agency/Business (Extranet) Entity Response
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationICS-CERT Incident Response Summary Report
ICS-CERT Incident Response Summary Report 20092011 OVERVIEW The Department of Homeland Security (DHS) Control Systems Security Program manages and operates the Industrial Control Systems Cyber Emergency
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationEnd of Support Should Not End Your Business. Challenge of Legacy Systems
End of Support Should Not End Your Business When software vendors announce a product end-of-life (EOL), customers typically have 24 to 30 months to plan and execute their migration strategies. This period
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationComputer Security Incident Response Team
Computer Security Incident Response Team Operational Standards The University of Scranton Information Security Office August 2014 Table of Contents 1.0 Operational Standards Document Overview... 3 2.0
More informationBuilding Best Practices for Effective Monitoring of a Third Party s Incident Event Management Program. A Shared Assessments Briefing Paper
Building Best Practices for Effective Monitoring of a Third Party s Incident Event Management Program A Shared Assessments Briefing Paper Abstract Just 43% of incident management professionals report their
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationcarahsoft Florida Department of Management Services CARAHSOFT S RESPONSE TO THE REQUEST FOR INFORMATION
carahsoft CARAHSOFT S RESPONSE TO THE Florida Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
More informationSecurity Controls Implementation Plan
GIAC Enterprises Security Controls Implementation Plan Group Discussion and Written Project John Hally, Erik Couture 08/07/2011 Table of Contents Executive Summary 3 Introduction 3 Security Controls Implementation
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES. second edition
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES second edition The information provided in this document is presented as a courtesy to be used for informational purposes only.
More informationHigh Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe
2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationCompliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:
Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services
More informationSession 334 Incident Management. Jeff Roth, CISA, CGEIT, CISSP
Session 334 Incident Management Jeff Roth, CISA, CGEIT, CISSP SPEAKER BIOGRAPHY Jeff Roth, CISA, CGEIT Jeff Roth has over 25 years experience in IT audit, security, risk management and IT Governance experience
More informationCYBERSPACE SECURITY CONTINUUM
CYBERSPACE SECURITY CONTINUUM A People, Processes, and Technology Approach to Meeting Cyber Security Challenges in the 21 st Century 1 InterAgency Board 1550 Crystal Drive Suite 601, Arlington VA 22202
More informationTable of Contents. Auditor's Guide to Information Systems Auditing Richard E. Cascarino Copyright 2007, John Wiley & Sons, Inc.
Table of Contents PART I. IS Audit Process. CHAPTER 1. Technology and Audit. Technology and Audit. Batch and On-Line Systems. CHAPTER 2. IS Audit Function Knowledge. Information Systems Auditing. What
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationStrategic Plan On-Demand Services April 2, 2015
Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationHow To Protect Your Network From Attack From A Network Security Threat
Cisco Security Services Cisco Security Services help you defend your business from evolving security threats, enhance the efficiency of your internal staff and processes, and increase the return on your
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationCYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015
CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015 TODAY S PRESENTER Viviana Campanaro, CISSP Director, Security and
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool
ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy Jeremy.Dalpiaz@icba.org www.icba.org ICBA Summary
More information