Hawaii s Phased Plan for Alignment and Implementa7on of NGA s A Call to Ac-on for Cybersecurity
|
|
- Erin Murphy
- 8 years ago
- Views:
Transcription
1 Hawaii s Phased Plan for Alignment and Implementa7on of NGA s A Call to Ac-on for Cybersecurity Sanjeev Sonny Bhagowalia Governor s Chief Advisor on Technology and Cybersecurity State of Hawaii 11
2 Defini7on: The Expanding Remit of Security Focus of CIO Effort Remit = Responsibility Information Security IT Security OT Security Physical Security IoT Security Offensive AND Defensive Cybersecurity Source: Top Security Trends and Takeaways for 2014, C. Byrnes, Gartner 2
3 Context: Government IT Security is Approximately 10% of Government IT Spend, Which is less than 1% of Government Spend, Which is 38.9% of US GDP Federal IT Spend = $ 80 B State/Local IT Spend = $ 40 B IT Security Forecast (Spending $ B) (Federal Only) IT Security Forecast (Spending $ B) Source: h]p:// (source: World Bank) Source: h]p:// Source: h]ps:// INPUT The Federal Government will spend $ 11.7 Billion in securing its computers against hackers and other Cybersecurity threats (about 10% of overall budget). With the number and complexity of cybera]acks on the rise, government analyst Input (now Deltek) predicted that government Cybersecurity spending will increase to $ 11.7 B in 2014, a compound annual growth rate of 8.1% Do We Spend Enough in IT and IT Security in the Nacon? Are You Spending Enough in the Informacon Age? 3
4 State Governments at Risk A Call to Ac7on % Topic Area % Topic Area 92 State officials feel that Cybersecurity is very important to the State 50 CISOs manage a team of 1-5 Cybersecurity professionals only 14 CISO s feel they receive appropriate execucve commitment and adequate funding for cybersecurity 24 CISO s feel very confident in proteccng state assets against external threats 32 CISO s feel that staff have the required Cybersecurity competency 86 CISOs indicate lack of sufficient funding is key barrier to address cybersecurity 70 CISOs have reported a breach 82 CISOs feel phishing: and pharming as their top Cybersecurity threat Cybersecurity Challenges concnue in 2012 amidst escalacng threats An urgent call to execute on a robust cybersecurity strategy, with strong governance and compliance monitoring measures Comparing State Government and Global Financial Services Industry (GFSI) responses Security budget has increased 14% >60% Year- over- Year trending (reporcng an increase of 1-5%) 4% 39% Dedicated security professionals 50% have 1-5 FTEs 47% have > 100 FTEs Source: h]p:// NASCIOCybersecurityStudy2012.pdf 4
5 The State of Hawaiʻi [Government] Crossroads of the Pacific An Emerging Asia- Pacific Region in the 21st Century Budget $ 70 B GDP [$11 B State (~30% Federal)] People 1.4 M residents [41K State Gov t employees] Organiza7on Execucve Branch = 18 Departments, 108 A]ached Agencies, and 162 Boards/Commissions Four Main County Governments Business 35 Lines of Business [includes Public Safety] 220 Business Services; 100 s of Manual, Silo, Paper Processes Technology Legacy IT was up to 30+ years old and Fragmented No interoperability, No Disaster Recovery etc. Business and IT/IRM Transforma7on Plan Underway Fed 100 Award- Winner; Numerous Other Awards 5
6 Hawaii s IA/IT Security and CyberSecurity Approach (No7onal) EO 13636** ü GROWING A ü ü SUSTAINABLE ECONOMY INVESTING IN PEOPLE TRANSFORMING GOVERNMENT ***NIST CyberFramework ü REENGINEER BUSINESS ü MODERNIZE TECHNOLOGY ü INFRASTRUCTURE IMPROVE TRANSPARENCY/ ACCOUNTABILITY Completed Underway ü STATEWIDE CYBER PLAN ü SECURITY OPERATIONS CENTER ü MAPPING TO NATIONAL ü CYBERSECURITY FRAMEWORK AND NGA CALL TO ACTION LINKAGE TO FEDERAL AND STATE CYBER EFFORTS 6
7 #1 Establish a Governance and Authority Structure for Cybersecurity Current State (Execu7ve Branch Only) Overall State Transforma7on Plan Completed Baseline Assessment (As- Is) Business and IT/IRM Transformacon Plan (To- Be; T&S Plan) 2012 State IA assessed & Benchmarked against state peer and due diligence standard Centralized Authority with Federated Governance Ini7ated State CIO responsible for Informacon Assurance (IA)/IT Security [State Law] State CIO Chairs CIO Council (comprised of 18 CIOs of Cabinet Departments) and Informacon Privacy and Security Council (IPSC) for all Security Ma]ers Each Agency assigns a DP Coordinator and adheres to enterprise policies Legislature, Judiciary and County CIOs invited to parccipate in CIO Council and IPSC IA Enterprise Policies/Procedures are in Forma7ve Phase IT polices and processes being developed in Working Groups Alignment with NIST Framework and NGA Call to Ac7on Begun Assessing alignment with NIST Cybersecurity Framework/NGA Call to Accon Opportunity: Improve Integracon of Resources and with Cybersecurity Program 7
8 Roles, Responsibility and Authority of Key Cybersecurity Stakeholders (No7onal) Category Stakeholders Key State Leaders Federal Government State Government Defense, Intelligence Community, Law Enforcement/ Juscce, Civilian Agencies Execu7ve, Judiciary, Legislacve Local Government Four Major Counces I/F Tribal Government Office of Hawaiian Affairs (OHA) I/F Industry All Academia University I/F Public Ciczens, Residents, Visitors CATC CIO TAG AG I/F E E E Cybersecurity Noconal Goal: A Neighborhood Watch Program - A Unity of Purpose and Aloha with Urgency A (Cyber)A]ack on one is a (Cyber)A]ack on us all Think Global/Act Local 8
9 #2 Risk Assessments and Allocate Resources Accordingly Current State (Execu7ve Branch Only) Overall State Transforma7on Plan Completed Baseline Assessment (As- Is) Business and IT/IRM Transformacon Plan (To- Be; T&S Plan) 2012 State IA assessed against 17 categories with Benchmarking against state peer and due diligence standard [60 Projects Iden-fied] Pilot Projects Five Pilot Projects Completed (e.g., Security Operacons Center) Leveraging US Department of Homeland Security Programs Cyber hygiene Assessment; Cyber Resilience Assessment Services MS- ISAC Alignment with NIST Framework and NGA Call to Ac7on Begun Assessing alignment with NIST Cybersecurity Framework/NGA Call to Accon with Threat Assessments Discussing How to Leverage HI Assets Naconal Guard Cyber Warriors University Cyber Range Contract Resources [e.g., On- Island expercse; Read- only Vendor SOCs] Opportunity: Improve Use/Allocacon of Resources, Programs across Departments 9
10 State of Hawaii Cybersecurity Plan (Phased Approach) The State of Hawaii (Governor s Chief Advisor and CIO) has inicated an Assessment of the Execucve Branch Cyber security readiness and develop a roadmap to allocate resources accordingly in order to align with the Call to Ac*on for Governors for Cybersecurity. The Planned complecon for this phase is Four (4) months. The assessment objeccves include: Alignment of the State Cyber security approach with the Naconal Cybersecurity Framework Idencficacon of known and prioriczed Security and Privacy Threats Preliminary assessment of Hawaii's Preparedness against Threats Development of a Roadmap to address security gaps idencfied in the assessment Establish the Framework Conduct Gap Analysis Prepare Roadmap Iden7fy Future Audit Requirements Map all current security projects against the NIST Cyber Security Framework Idencfy gaps in the security projects vs. the NIST Cyber Security Framework Prioricze the gaps per the threat landscape Lay out a plan for new required security projects to close the gaps in the states compliance to the NIST Cyber Security Framework Lay out a plan for subsequent/future audits for other already- deployed controls and for scll- to- be- deployed controls 10
11 #3 Implement Continuous Vulnerability Assessments and Threat Mitigation Practices Current State (Execu7ve Branch Only) Founda7onal Security Opera7ons Center (SOC) Established ü Thousands of Security events daily are analyzed and correlated for alercng and/or accon spanning thousands of desktops and servers ü Incident response team monitors and responds to threats and a]acks on our network and agency applicacons 8X5 ü Data Loss Prevencon (DLP) protects against data leakage along with a Suite of Tools Leveraging Federal Government Exper7se ü Adopcon of some free Managed Security Services from CIS/MS- ISAC ü Informing LE/IC of incidents, anomalies or threats Sharing Informa7on with State Government or through Vendor Exper7se ü Adaptacon of threat counter- measures and configuracons learnt from other States Opportuni7es: Improve use of Fragmented Resources across Departments Improve Training/Educacon/Knowledge Base Improve Applicacon- Level scanning Improve Digital Forensics capability Improve Lifecycle IRM/SDLC Processes 11
12 #4 Ensuring Compliance with Current Security Methodologies & Business Disciplines Current State (Execu7ve Branch Only) Security methodologies Enterprise Security Architecture (High- Level) with Suite of Tools (e.g., DLP) for all users in the Enterprise. Enterprise Open Gov, Mobile, Portal and Public- Facing Websites Outsourced Enterprise Data Center Study Complete RFP to be released Enterprise Networking Stabilized (99.9%) with 10 G/1G Backbone Enterprise Compucng Established with 1000X Increase (Private Cloud) Business disciplines ERP RFP Award Forthcoming (Security Built- in Requirements as- a- service) Tax RFP Released Security Built- in Requirements as- a- service) Health IT (Architecture established; Medicaid and Connector FISMA-, Privacy Act- and FTI- Compliant) BPR/Legacy Apps are relacve secure (due to major age of technology) Opportuni7es: Improve Monitoring of Staff for compliance Improve Security Awareness Training Improve IT Policies, Processes and Acquisicon/Supply Chain Security Improve Trusted Idencty in Cyberspace 12
13 5. #5 Creating a Culture of Risk Awareness Current State (Execu7ve Branch Only) Raising Security Awareness CIO Role as Operaconal Security Authority in Execucve Branch (State Law); TAG Role as Operaconal CyberSecurity Authority for Hawaii Criccal Infrastructure (Federal) Demonstracon/Briefings for Execucve Branch Leadership and Legislature in the SOC Regular Security Bullecns to all DP Coordinators through SOC Annual Parccipacon in Cyber Security Awareness Month (Governors Proclamacon) Informacon Exchange and Partnerships with External Encces ü US Government (MS- ISAC, US- CERT, FBI, DHS, State Fusion Centers; IC/DOD) ü State Government (Legislature, Judiciary) ü Local Government (Counces) ü Tribal Government (Nacve Hawaiian OHA) ü Industry (Read- only Monitoring with Vendors) Cabinet Meecngs, Nocficacons from Department Heads to End Users (e.g., BYOD) CIO Council, IPSC, IT Steering Commi]ees (Run by CIO) Opportuni7es: Improve Awareness Training for Employees, End Users and Technical Staff (e.g. Developers) Improve Amount of Access to Sensicve Federal Informacon for Cleared Employees Improve Parccipacon in Federal/State/Local/Tribal Cyber Exercises Improve Transparency and Accountability in a Security Se ng (e.g., Risk Dashboards) 13
14 Mission: Connec7ng Hawaii to the World with People and Technology USA Mainland A L O H A Emerging Asia- Pacific Region Goal: CyberSecurity Hub/Center Of Excellence M A H A L O 14
Cybersecurity in the States 2012: Priorities, Issues and Trends
Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State
More informationNGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;
NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will
More informationOFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON
OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON PERIODIC INFORMATION SECURITY AND PENETRATION AUDITS OF THE EXECUTIVE BRANCH INFORMATION TECHNOLOGY SYSTEMS APRIL 1, 2016 SUBMITTED TO THE TWENTY-EIGHTH
More informationThe Imperative for High Assurance Credentials: State Identity Credential and Access Management (SICAM) Guidance and Roadmap
The Imperative for High Assurance Credentials: State Identity Credential and Access Management (SICAM) Guidance and Roadmap AAMVA Region I Conference E-ID, DLDV, and Privacy Conducting Business Securely
More informationNICE and Framework Overview
NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to
More informationSTATE OF HAWAII CHIEF INFORMATION OFFICER AND THE OFFICE OF INFORMATION MANAGEMENT AND TECHNOLOGY UPDATE ON THE INFORMATION TECHNOLOGY STRATEGIC PLAN
STATE OF HAWAII CHIEF INFORMATION OFFICER AND OFFICE OF INFORMATION MANAGEMENT AND TECHNOLOGY REPORT ON UPDATE ON THE INFORMATION TECHNOLOGY STRATEGIC PLAN DECEMBER 2011 SUBMITTED TO THE TWENTY-SIXTH STATE
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationState of the States: Priorities, Trends and Issues NCSL Fall Forum December 6, 2013
State of the States: Priorities, Trends and Issues NCSL Fall Forum December 6, 2013 Mitch Herckis Director of Government Affairs National Association of State Chief Information Officers Today s State IT
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationWater Security in New Jersey: Partnership and Services
GOV. CHRIS CHRISTIE LT. GOV. KIM GUADAGNO DIR. CHRIS RODRIGUEZ NJOHSP OFFICE OF HOMELAND SECURITY AND PREPAREDNESS Preparedness Act Water Security in New Jersey: Partnership and Services Created by the
More informationPreventing and Defending Against Cyber Attacks November 2010
Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationCybersecurity@RTD Program Overview and 2015 Outlook
Cybersecurity@RTD Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD Information Technology Department of Finance & Administration
More informationState of the States: IT Trends, Priorities and Issues
State of the States: IT Trends, Priorities and Issues OSC Financial Conference 2012 Doug Robinson, Executive Director National Association of State Chief Information Officers Fiscal recovery: budgets are
More informationNational Initiative for Cyber Security Education
2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women
More informationInformation and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework
Information and Communications Technology Supply Chain Risk Management (ICT SCRM) AND NIST Cybersecurity Framework Don t screw with my chain, dude! Jon Boyens Computer Security Division IT Laboratory November
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationCertified Information Security Manager (CISM)
Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security
More informationHow to use the National Cybersecurity Workforce Framework. Your Implementation Guide
How to use the National Cybersecurity Workforce Framework Your Implementation Guide A NATIONAL PROBLEM The Nation needs greater cybersecurity awareness. The US workforce lacks cybersecurity experts. Many
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More informationSTATE OF MARYLAND 2017 INFORMATION TECHNOLOGY MASTER PLAN (ITMP) Department of Information Technology David Garcia; State CIO
STATE OF MARYLAND 2017 INFORMATION TECHNOLOGY MASTER PLAN (ITMP) Department of Information Technology David Garcia; State CIO Introduction Since taking office in January 2015, Governor Larry Hogan has
More informationISSUE BRIEF. Cloud Security for Federal Agencies. Achieving greater efficiency and better security through federally certified cloud services
ISSUE BRIEF Cloud Security for Federal Agencies Achieving greater efficiency and better security through federally certified cloud services This paper is intended to help federal agency executives to better
More informationHomeland Security Perspectives: Cyber Security Partnerships and Measurement Activities
16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, Mid Atlantic Region National Cyber Security Division (NCSD) Office
More informationInformation Security Program CHARTER
State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information
More informationEl Camino College Homeland Security Spring 2016 Courses
El Camino College Homeland Security Spring 2016 Courses With over 250,000 federal positions in Homeland Security and associated divisions, students may find good career opportunities in this field. Explore
More informationRisk-Ops at Scale: Framework Operationalization to Address Business Risk
SESSION ID: GRC-T08 Risk-Ops at Scale: Framework Operationalization to Address Business Risk Eddie Block Chief Information Security Officer State of Texas @jurishacker Nancy Rainosek Statewide GRC Program
More informationReport on CAP Cybersecurity November 5, 2015
Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets
More informationTrends. AAMVA 2012 International Conference August 21, 2012
State eid Priorities, Issues and Trends AAMVA 2012 International Conference August 21, 2012 Chad Grant, Senior Policy Analyst National Association of State Chief Information Officers About NASCIO National
More informationIAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope
IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope March 6, 2014 Victoria King UPS (404) 828-6550 vking@ups.com Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com
More informationIntegrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)
Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and
More informationReliable, Repeatable, Measurable, Affordable
Reliable, Repeatable, Measurable, Affordable Defense-in-Depth Across Your Cyber Security Life-Cycle Faced with today s intensifying threat environment, where do you turn for cyber security answers you
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationCyber Supply Chain Risk Management Portal
Cyber Supply Chain Risk Management Portal Dr. Sandor Boyson, Director, Supply Chain Management Center& Holly Mann, Chief InformaBon Officer R.H. Smith School Of Business The Cyber Supply Chain Challenge
More informationWisconsin National Governor s Association: Call To Action
Wisconsin National Governor s Association: Call To Action David Cagigal Chief Information Officer State of Wisconsin 101 E. Wilson St, 8th Floor Madison, WI 53703 608.261.8406 May 14, 2014 Cybersecurity
More informationWSECU Cyber Security Journey. David Luchtel VP IT Infrastructure & Opera:ons
WSECU Cyber Security Journey David Luchtel VP IT Infrastructure & Opera:ons Objec:ve of Presenta:on Share WSECU s journey Overview of WSECU s Security Program approach Overview of WSECU s self- assessment
More informationMARYLAND. Cyber Security White Paper. Defining the Role of State Government to Secure Maryland s Cyber Infrastructure.
MARYLAND Cyber Security White Paper Defining the Role of State Government to Secure Maryland s Cyber Infrastructure November 1, 2006 Robert L. Ehrlich, Jr., Governor Michael S. Steele, Lt. Governor Message
More informationIT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski
IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing
More informationPreventing and Defending Against Cyber Attacks October 2011
Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their
More informationCyber Education triangle clarifying the fog of cyber security through targeted training
Cyber Education triangle clarifying the fog of cyber security through targeted training Curriculum & Resources Linked / leveraged (on-line, companies, colleges, etc) MS / BS Cyber CISSP / GISP / CISO /
More informationCyber ROI. A practical approach to quantifying the financial benefits of cybersecurity
Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9
More informationWritten Testimony. Mark Kneidinger. Director, Federal Network Resilience. Office of Cybersecurity and Communications
Written Testimony of Mark Kneidinger Director, Federal Network Resilience Office of Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationCyber Security: from threat to opportunity
IT ADVISORY Cyber Security: from threat to opportunity www.kpmg.com/nl/cybersecurity From threat to opportunity / Cyber security / 1 FOREWORD OPPORTUNITY-DRIVEN CYBER SECURITY Cyber security (also known
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationNational Cybersecurity & Communications Integration Center (NCCIC)
National Cybersecurity & Communications Integration Center (NCCIC) FOR OFFICIAL USE ONLY NCCIC Overview NCCIC Overview The National Cybersecurity and Communications Integration Center (NCCIC), a division
More informationDepartment of Homeland Security Federal Government Offerings, Products, and Services
Department of Homeland Security Federal Government Offerings, Products, and Services The Department of Homeland Security (DHS) partners with the public and private sectors to improve the cybersecurity
More informationState Governments at Risk: The Data Breach Reality
State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO
More informationWhat is Management Responsible For?
What is Management Responsible For? Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf & Company, P.C Regional
More informationVendor Risk Management Financial Organizations
Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationSuzanne B. Schwartz, MD, MBA Director Emergency Preparedness/Operations & Medical Countermeasures (EMCM Program) CDRH/FDA
8 th Annual Safeguarding Health Information: Building Assurance through HIPAA Security HHS Office of Civil Rights and National Institute of Standards & Technology Wednesday September 2, 2015 Suzanne B.
More informationWritten Statement of Richard Dewey Executive Vice President New York Independent System Operator
Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman
More informationDefending against modern cyber threats
Defending against modern cyber threats Protecting Critical Assets October 2011 Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Agenda 1. The seriousness of today s situation
More informationNIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo
2014 Morrison & Foerster LLP All Rights Reserved mofo.com NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin,
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationNASCIO 2014 State IT Recognition Awards
NASCIO 2014 State IT Recognition Awards Project: California Cybersecurity Task Force Category: Cybersecurity Initiatives Project Initiation Date: September, 2012 Project Completion Date: May 2013 Carlos
More informationPreventing and Defending Against Cyber Attacks June 2011
Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified
More informationPurpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.
Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM
More informationSempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013
Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationSome Thoughts on the Future of Cyber-security
Some Thoughts on the Future of Cyber-security Mike Thomas Information Assurance Directorate National Security Agency NSI IMPACT April 2015 1 Introduction, or Why are we here? National security missions
More informationNew York State Department of Financial Services. Report on Cyber Security in the Insurance Sector
New York State Department of Financial Services Report on Cyber Security in the Insurance Sector February 2015 Report on Cyber Security in the Insurance Sector I. Introduction Cyber attacks against financial
More informationSTATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE
STATEMENT OF SYLVIA BURNS CHIEF INFORMATION OFFICER U.S. DEPARTMENT OF THE INTERIOR BEFORE THE HOUSE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM SUBCOMMITTEE ON INFORMATION TECHNOLOGY AND SUBCOMMITTE
More informationPanel Session: Lessons Learned in Smart Grid Cybersecurity
PNNL-SA-91587 Panel Session: Lessons Learned in Smart Grid Cybersecurity TCIPG Industry Workshop Jeff Dagle, PE Chief Electrical Engineer Advanced Power and Energy Systems Pacific Northwest National Laboratory
More informationSECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT
PAGE 6 of 51 SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article C.1 Statement of Work This contract is designed to permit the Institutes and Centers (ICs) of NIH, the Department of Health and
More informationThreat Intelligence: STIX and Stones Will Break Your Foes
Copyright 2014 Splunk Inc. Threat Intelligence: STIX and Stones Will Break Your Foes Fred Wilmot Director, Global Security PracCce Brad Lindow a.k.a. Superman Global Security Strategist, Splunk Disclaimer
More informationChallenges in Cybersecurity. Major General Bret Daugherty, The Adjutant General, Washington Army and Air National Guard
Challenges in Cybersecurity Major General Bret Daugherty, The Adjutant General, Washington Army and Air National Guard Agenda National Perspectives & Background WA State Cyber Planning Steady State/Significant
More informationHow To Protect Your State From Cybercrime
State of New Hampshire Cybersecurity Strategy and Actions Commissioner Goulet Director Plummer Commissioner Toumpas Assumptions The term statewide is meant to convey that scope is not limited to the executive
More informationTechnology Infrastructure Services
LOB #303: DISASTER RECOVERY Technology Infrastructure Services Purpose Disaster Recovery (DR) for IT is a capability to restore enterprise-wide technology infrastructure, applications and data that are
More informationSMART LEAN GOVERNMENT NASCIO. Direction, State Experiences and Federated Identity Management. April 29, 2014
SMART LEAN GOVERNMENT NASCIO Direction, State Experiences and Federated Identity Management April 29, 2014 Eric Sweden, Program Director, Enterprise Architecture & Governance Overview Enterprise.... Federation....
More informationThe Digital Identity Ecosystem of the States: Securing the Enterprise
The Digital Identity Ecosystem of the States: Securing the Enterprise Security Industry Alliance September 28, 2011 Doug Robinson, Executive Director National Association of State Chief Information Officers
More informationBefore the DEPARTMENT OF COMMERCE National Telecommunications and Information Administration Washington, DC 20230 ) ) ) ) )
Before the DEPARTMENT OF COMMERCE National Telecommunications and Information Administration Washington, DC 20230 In the Matter of Stakeholder Engagement on Cybersecurity in the Digital Ecosystem Docket
More informationTask Area 1: IT Services for Biomedical Research, Health Sciences, and Healthcare
CIO-SP 3 Task Areas Ten task areas constitute the technical scope of this contract: Task Area 1: IT Services for Biomedical Research, Health Sciences, and Healthcare The objective of this task area is
More informationEmerging Trends in Information. Impacting the States
Emerging Trends in Information Technology and Policies Impacting the States Doug Robinson, Executive Director National Association of State Chief Information Officers About NASCIO National association
More informationSTATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration
STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE
More informationHealth Industry Implementation of the NIST Cybersecurity Framework
Health Industry Implementation of the NIST Cybersecurity Framework A Collaborative Presentation by HHS, NIST, HITRUST, Deloitte and Seattle Children s Hospital 1 Your presenters HHS Steve Curren, Acting
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationINFRAGARD.ORG. Portland FBI. Unclassified 1
INFRAGARD.ORG Portland FBI 1 INFRAGARD Thousands of Members One Mission Securing Infrastructure The subject matter experts include: 2 INFRAGARD Provides a trusted environment for the exchange of Intelligence
More informationKey Cyber Risks at the ERP Level
Key Cyber Risks at the ERP Level Process & Industrial Products (P&IP) Sector December, 2014 Today s presenters Bhavin Barot, Sr. Manager Deloitte & Touche LLP Goran Ristovski, Manager Deloitte & Touche
More informationEXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources
EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationServices. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure
Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation
More informationSECTION A: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT
SECTION A: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article A.1 Introduction This contract is intended to provide IT solutions and services as defined in FAR 2.101(b) and further clarified in the Clinger-Cohen
More informationHomeland Open Security Technology HOST Program
Homeland Open Security Technology HOST Program Informational Briefing August 2011 Sponsored by: U.S. Department of Homeland Security Science and Technology Directorate Implemented by: Open Technology Research
More informationNASA OFFICE OF INSPECTOR GENERAL
NASA OFFICE OF INSPECTOR GENERAL OFFICE OF AUDITS SUITE 8U71, 300 E ST SW WASHINGTON, D.C. 20546-0001 April 14, 2016 TO: SUBJECT: Renee P. Wynn Chief Information Officer Final Memorandum, Review of NASA
More informationHHSN316201200042W 1 QSSI - Quality Software Services, Inc
ARTICLE C.1. STATEMENT OF WORK This contract is designed to permit the Institutes and Centers (ICs) of NIH, the Department of Health and Human Services (DHHS), and all other federal agencies to acquire
More informationApril 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information
More informationSECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article C.1 Introduction This contract is intended to provide IT solutions and services as
SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT Article C.1 Introduction This contract is intended to provide IT solutions and services as defined in FAR 2.101(b) and further clarified in the Clinger-Cohen
More informationBreaking Down the Silos: A 21st Century Approach to Information Governance. May 2015
Breaking Down the Silos: A 21st Century Approach to Information Governance May 2015 Introduction With the spotlight on data breaches and privacy, organizations are increasing their focus on information
More informationDecember 8, 2011. Security Authorization of Information Systems in Cloud Computing Environments
December 8, 2011 MEMORANDUM FOR CHIEF INFORMATION OFFICERS FROM: SUBJECT: Steven VanRoekel Federal Chief Information Officer Security Authorization of Information Systems in Cloud Computing Environments
More information2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy
2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,
More information