Program Overview and 2015 Outlook
|
|
- Alexander McBride
- 8 years ago
- Views:
Transcription
1 Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD Information Technology Department of Finance & Administration
2 Cybersecurity: What the Board of Directors Needs to Ask 1. Does the organization use a security framework? 2. What are the top five risks the organization has related to cybersecurity? 3. How are employees made aware of their role related to cybersecurity? 4. Are external and internal threats considered when planning cybersecurity program activities? 5. How is security governance managed within the organization? 6. In the event of a serious breach, has management developed a robust response protocol? Document copyright 2014 by The Institute of Internal Auditors Research Foundation (IIARF). 2
3 RTD s Cybersecurity Framework (1) Does the organization use a security framework? Answer: Yes. RTD s cybersecurity assessments and strategy are informed by multiple government and private industry standards and frameworks. Standards used for benchmarking RTD s cybersecurity posture in 2014: NIST Cybersecurity Framework (pub. 12 Feb 2014); correlates to: NIST SP COBIT ISO SANS Critical Security Controls for Effective Cyber Defense Standards that additionally inform the growth and development of RTD s cybersecurity strategy: APTA Standards Development Program Recommended Practices FTA Threat and Vulnerability Assessment Methodologies Department of Homeland Security (DHS) Recommendations and Methodologies, including those put forth by the Center for Internet Security (CIS) and sponsored by the DHS 3
4 Top Five Cybersecurity Risks (2) What are the top five risks the organization has related to cybersecurity? Answer: The top five things that keep me up at night are: 1) Securing RTD s credit card Point of Sale systems 2) Maintaining the integrity and availability of RTD s customer communications systems 3) Reviewing and applying appropriate access control to RTD s sensitive data, including personnel, payroll, and accounting systems 4) Managing third party and Bring Your Own Device (BYOD) access to RTD systems and networks 5) Controlling visibility and access to control and dispatch systems Capabilities we are developing as an organization to address these items include: Organizational Cybersecurity Risk Awareness and Strategy Robust Incident Response Protocol and Follow Through Asset, Configuration, and Change Management Skilled, Dedicated Security Staff System Security Hygiene Across the Enterprise 4
5 Employee Cybersecurity Awareness (3) How are employees made aware of their role related to cybersecurity? Answer: RTD s security policy, Management Directive IT-1: Secure Computing Standards, and an accompanying cybersecurity training program and wiki, Cybersecurity@RTD, were published in May 2014, piloted with employees throughout 2014, and became an annual requirement for all salaried employees in January In 2014, 226 employees took the Cybersecurity@RTD self-guided training from the RTD intranet site Training was introduced to all new employees joining RTD since June of 2014 Training and policy are revised and evaluated annually as the cybersecurity program matures 5
6 Cybersecurity Threat Analysis (4) Are external and internal threats considered when planning cybersecurity program activities? Answer: Yes. RTD s receives information about threats originating from inside and outside the organization from a variety of external sources. RTD follows FTA methodologies to identify our most critical assets and prioritize cybersecurity actions to have the most impact on the greatest areas of risk. Technical Controls Tools or Automation, Points of Presence Audits, Reviews & Compliance Testing Processes, Procedures, Checklists, Education Policies Government and private sector information sharing groups for transportation, cybersecurity, and critical infrastructure threat intelligence Focus on the unintentional insider with cybersecurity governance, awareness training, and enforcement Supplement policy with detective and preventative technical controls to reduce dependency on end users Introduce controls for third parties who provide services to or control RTD data 6
7 Security Governance (5) How is security governance managed within the organization? Answer: Cybersecurity responsibility is delegated to the Information Technology department. Major risks are reviewed with the Senior Manager of IT and IT Management as they are identified; critical risks and incidents are reviewed with the IT Governance Committee (AGMs) and Senior Leadership Team (AGMs and GM). IIA Three Lines of Defense Concept for Security Governance* Security policies, standards, and technical configurations that align with the business are in development Majority focus on the first line of defense (reactive) Internal / external audit functions will be IT securitycontrol focused in 2015 From Cybersecurity: What the Board of Directors Needs to Ask. IIA / ISACA
8 Incident Response (6) In the event of a serious breach, has management developed a robust response protocol? Answer: Yes. In early 2014, RTD developed a preliminary critical incident handling framework for IT that addresses data breach or loss, security incidents, and major outages. Using industry best practices and lessons learned in 2014, RTD formally defined and published a robust incident management process in December Three-phased response process: Declare an incident Execute the response plan Incident review Identifies roles and responsibilities and communication flows from identification to closure Designed to integrate with Business Continuity and Recovery procedures (Disaster Recovery) when used as part of the response plan 8
9 Future Focus 2015 and Beyond Require cybersecurity training for salaried computer users Train IT and other organizations in cybersecurity incident response Complete the first round of access control reviews Complete the first annual review and update of the Secure Computing Standards Perform a third-party Electronic Fare Collection Security Assessment (ticketing systems and SMT) Continue to develop asset profiles and configuration standards, including where third parties are concerned Update and enforce an enterprise-wide patch management program Establish basic network monitoring services Additional DHS / US-CERT assessments of enterprise and SCADA controls Related Hot Topics in IT Cloud Computing Disaster Recovery PCI Compliance Data Security Smart Media Control Systems 9
10 Key Takeaways RTD s cybersecurity program is growing on par with other transit agencies. RTD s program is informed by national standards and federal initiatives. RTD has performed analysis to identify the key areas where we must focus our cybersecurity efforts. RTD has engaged projects to further enhance our cybersecurity defenses and encourage a risk-aware culture. We are positioned to receive information about cybersecurity threats and respond appropriately to incidents. 10
11 Questions & Answers 11
Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015
Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationFINRA Publishes its 2015 Report on Cybersecurity Practices
Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationAalborg Universitet. Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus. Publication date: 2014
Aalborg Universitet Cyber Assurance - what should the IT auditor focus on? Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication
More informationAdopting a Cybersecurity Framework for Governance and Risk Management
The American Hospital Association s Center for Healthcare Governance 2015 Fall Symposium Adopting a Cybersecurity Framework for Governance and Risk Management Jim Giordano Vice Chairman & Chair of Finance
More informationFeature. SCADA Cybersecurity Framework
Feature Samir Malaviya, CISA, CGEIT, CSSA, works with the Global Consulting Practice-GRC practice of Tata Consultancy Services and has more than 17 years of experience in telecommunications, IT, and operation
More informationNIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015
NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview The University of Pittsburgh NIST Cybersecurity Framework Pitt NIST Cybersecurity Framework Program Wrap Up Questions
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationCybersecurity Audit Why are we still Vulnerable? November 30, 2015
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
More informationCYBERSECURITY SLAs: MANANGING REQUIREMENTS AT ARM S LENGTH
CYBERSECURITY SLAs: MANANGING REQUIREMENTS AT ARM S LENGTH Matthew J. Butkovic, CISSP Carnegie Mellon University, The Software Engineering Institute, CERT Samuel A. Merrell, CISSP Carnegie Mellon University,
More informationITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS
ITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationfs viewpoint www.pwc.com/fsi
fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationCertified Information Security Manager (CISM)
Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationVendor Risk Management Financial Organizations
Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current
More informationApril 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,
More informationThe CAG An Earthquake in Security Compliance and How Security Is Measured ALAN PALLER DIRECTOR OF RESEARCH SANS INSTITUTE APALLER@SANS.
The CAG An Earthquake in Security Compliance and How Security Is Measured ALAN PALLER DIRECTOR OF RESEARCH SANS INSTITUTE APALLER@SANS.ORG An Earthquake In Security Compliance The unpleasant wake up call
More informationHans Henrik Berthing, CPA, CISA, CGEIT, CRISC, CIA
Hans Henrik Berthing, CPA, CISA, CGEIT, CRISC, CIA HANS HENRIK BERTHING Married with Louise and dad for Dagmar and Johannes CPA, CRISC, CGEIT, CISA and CIA ISO 9000 Lead Auditor Partner and owner for Verifica
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationEcom Infotech. Page 1 of 6
Ecom Infotech Page 1 of 6 Page 2 of 6 IBM Q Radar SIEM Intelligence 1. Security Intelligence and Compliance Analytics Organizations are exposed to a greater volume and variety of threats and compliance
More informationSempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013
Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of
More informationPREPARED DIRECT TESTIMONY OF SCOTT KING ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY
BEFORE THE PUBLIC UTILITIES COMMISSION OF THE STATE OF CALIFORNIA Application of SOUTHERN CALIFORNIA GAS COMPANY (U 0 G) for Review of its Safety Model Assessment Proceeding Pursuant to Decision 1-1-0.
More informationIG ISCM MATURITY MODEL FOR FY 2015 FISMA FOR OFFICIAL USE ONLY
IG MATURITY MODEL FOR FY 2015 FISMA 1 Ad-hoc 1.1 program is not formalized and activities are performed in a reactive manner resulting in an adhoc program that does not meet 2 requirements for a defined
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool
ICBA Summary of FFIEC Cybersecurity Assessment Tool July 2015 Contact: Jeremy Dalpiaz Assistant Vice President Cyber Security and Data Security Policy Jeremy.Dalpiaz@icba.org www.icba.org ICBA Summary
More informationThe Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant
THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationSecure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?
More informationAssessing the Effectiveness of a Cybersecurity Program
Assessing the Effectiveness of a Cybersecurity Program Lynn D. Shiang Delta Risk LLC, A Chertoff Group Company Objectives Understand control frameworks, assessment structures and scoping of detailed reviews
More informationTime Is Not On Our Side!
An audit sets the baseline. Restricting The next steps Authenticating help prevent, Tracking detect, and User Access? respond. It is rare for a few days to pass without news of a security breach affecting
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationInformation Technology Risk Management
Find What Matters Information Technology Risk Management Control What Counts The Cyber-Security Discussion Series for Federal Government security experts... by Carson Associates your bridge to better IT
More information2014 Audit of the CFPB s Information Security Program
O FFICE OF I NSPECTOR GENERAL Audit Report 2014-IT-C-020 2014 Audit of the CFPB s Information Security Program November 14, 2014 B OARD OF G OVERNORS OF THE F EDERAL R ESERVE S YSTEM C ONSUMER FINANCIAL
More informationAchieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations
Achieving Control: The Four Critical Success Factors of Change Management Technology Concepts & Business Considerations T e c h n i c a l W H I T E P A P E R Table of Contents Executive Summary...........................................................
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationCybersecurity: The Legal, Legislative and Regulatory Outlook
Cybersecurity: The Legal, Legislative and Regulatory Outlook Jamie Barnett Rear Admiral USN (Retired) Co-Chair, Telecommunications Partner in Cybersecurity Practice Cybersecurity Impact and Costs Direct
More informationDefending the Database Techniques and best practices
ISACA Houston: Grounding Security & Compliance Where The Data Lives Mark R. Trinidad Product Manager mtrinidad@appsecinc.com March 19, 2009 Agenda Understanding the Risk Changing threat landscape The target
More informationTrends in Information Technology (IT) Auditing
Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan
More informationPCI DSS AND THE TOP 20 CRITICAL SECURITY CONTROLS COMPARING SECURITY FRAMEWORKS SERIES
CONFIDENCE: SECURED WHITE PAPER PCI DSS AND THE TOP 20 CRITICAL SECURITY CONTROLS COMPARING SECURITY FRAMEWORKS SERIES ADVANCED THREAT PROTECTION, SECURITY AND COMPLIANCE BENCHMARKS, STANDARDS, FRAMEWORKS
More informationStatement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education
Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education Before the U.S. House Oversight and Government Reform Committee Hearing on Agency Compliance with the Federal Information
More informationA MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS
A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS CYBER ATTACKS INFILTRATE CRITICAL INFRASTRUCTURE SECTORS Government and enterprise critical infrastructure sectors such as energy, communications
More informationHow To Transform It Risk Management
The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationIT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski
IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing
More informationCRR Supplemental Resource Guide. Volume 5. Incident Management. Version 1.1
CRR Supplemental Resource Guide Volume 5 Incident Management Version 1.1 Copyright 2016 Carnegie Mellon University This material is based upon work funded and supported by Department of Homeland Security
More informationBest Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper
Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationCyber security in healthcare
Cyber security in healthcare Julian Meyrick, Vice President IBM Security Services Europe julian_meyrick@uk.ibm.com Healthcare is one of the top 5 industries that continue to offer attackers the most significant
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationMike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program
Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat
More informationNetIQ FISMA Compliance & Risk Management Solutions
N E T I Q C O M P L I A N C E S E R I E S NetIQ FISMA Compliance & Risk Management Solutions The Federal Information Security Management Act (FISMA) requires federal agencies to create and implement a
More informationCapabilities for Cybersecurity Resilience
Capabilities for Cybersecurity Resilience In the Homeland Security Enterprise May 2012 DHS Cybersecurity Strategy A cyberspace that: Is Secure and Resilient Enables Innovation Protects Public Advances
More informationInformation Security and Risk Management
Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014
ONE DEVICE TO RULE THEM ALL! 1993 2013 1 AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 2 1 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program
More informationEliminating Cybersecurity Blind Spots
Eliminating Cybersecurity Blind Spots Challenges for Business April 15, 2015 Table of Contents Introduction... 3 Risk Management... 3 The Risk Blind Spot... 4 Continuous Asset Visibility... 5 Passive Network
More informationCyber Governance Preparing for the Inevitable Perimeter Breach
SAP Brief SAP Extensions SAP Regulation Management by Greenlight, Cyber Governance Edition Objectives Cyber Governance Preparing for the Inevitable Perimeter Breach Augment your preventive cybersecurity
More informationDesigning & Building a Cybersecurity Program. Based on the NIST Cybersecurity Framework (CSF)
Designing & Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson Lesson 1 June, 2015 1 About the Class This course covers the essential elements for planning, building
More informationEffective Information Sharing and Analysis Process
Bringing Data to Life Presented by Michael Echols REGIONAL INTELLIGENCE SEMINAR AND NATIONAL SECURITY FORUM DHS Responsibilities Emergency Communications Capabilities Secure dot-gov Assist in Protecting
More informationHigh Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe
2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationVA Office of Inspector General
VA Office of Inspector General OFFICE OF AUDITS & EVALUATIONS Department of Veterans Affairs Federal Information Security Management Act Audit for Fiscal Year 2013 May 29, 2014 13-01391-72 ACRONYMS AND
More informationThe Importance of Cybersecurity Monitoring for Utilities
The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive
More informationCybersecurity Awareness. Part 2
Part 2 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationITSM Governance In the world of cloud computing
ITSM Governance In the world of cloud computing Housekeeping Welcome to the Webinar Use the control panel to ask questions Can you see & hear us? enter your name & city to confirm Type Your Questions Here
More informationHow to Lead the People in a Program Based Environment
SESSION ID: GRC-W01 Balancing Compliance and Operational Security Demands Steve Winterfeld Bank Information Security Officer CISSP, PCIP What is more important? Compliance with laws / regulations Following
More informationMICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL
MICHIGAN OFFICE OF THE AUDITOR GENERAL AUDIT REPORT THOMAS H. MCTAVISH, C.P.A. AUDITOR GENERAL The auditor general shall conduct post audits of financial transactions and accounts of the state and of all
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationRisk Considerations for Internal Audit
Risk Considerations for Internal Audit Cecile Galvez, Deloitte & Touche LLP Enterprise Risk Services Director Traci Mizoguchi, Deloitte & Touche LLP Enterprise Risk Services Senior Manager February 2013
More informationWhat the heck does internal audit know about IT? Daniel Adams Director of Internal Audit
What the heck does internal audit know about IT? Daniel Adams Director of Internal Audit not that much (at least in comparison to many of you) What about information systems? internal auditing information
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationNERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice
NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationHow To Protect Water Utilities From Cyber Attack
Cybersecurity in the Water Sector Copyright 2015 American Water Works Association Overview Reality of the Threat Environment Water Sector Cyber Risk Management Key Resources Connectivity = Exposure Process
More informationEnergy Industry Cybersecurity Report. July 2015
Energy Industry Cybersecurity Report July 2015 Energy Industry Cybersecurity Report INTRODUCTION Due to information sharing concerns, energy industry cybersecurity information is not readily available.
More informationIT ASSET MANAGEMENT Securing Assets for the Financial Services Sector
IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments
More informationRE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity
October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure
More informationReal-Time Security for Active Directory
Real-Time Security for Active Directory Contents The Need to Monitor and Control Change... 3 Reducing Risk and Standardizing Controls... 3 Integrating Change Monitoring... 4 Policy Compliance... 4 The
More informationDeveloping National Frameworks & Engaging the Private Sector
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationEd McMurray, CISA, CISSP, CTGA CoNetrix
Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats
More informationCyber Risk Management Guidance for FHFA Regulated Entities
Cyber Risk Management Guidance for FHFA Regulated Entities Anne E. Paulin, Examination Manager Federal Housing Finance Agency ISACA NCAC Conference November 18, 2014 Arlington VA About FHFA On July 30,
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationAn Overview of Large US Military Cybersecurity Organizations
An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United
More informationAuditing emerging cyber threats and IT controls
Auditing emerging cyber threats and IT controls Robert Baldi Director of IT Audit, ACI Worldwide Warren Fish Manager of IT Audit, ACI Worldwide Competency The trouble with competence is that it is always
More informationCybersecurity Framework: Current Status and Next Steps
Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationPROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 3 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V1 Company Name: The Boeing Company November 19, 2013 1 Interim Techlogy Performance Report 3
More informationIncrease insight. Reduce risk. Feel confident.
Increase insight. Reduce risk. Feel confident. Define critical goals with enhanced visibility then enable security and compliance across your complex IT infrastructure. VIRTUALIZATION + CLOUD NETWORKING
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationCloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015
Cloud Security Benchmark: Top 10 Cloud Service Providers Appendix A E January 5, 2015 2015 CloudeAssurance Page 1 Table of Contents Copyright and Disclaimer... 3 Appendix A: Introduction... 4 Appendix
More informationThe Computerworld Honors Program
The Computerworld Honors Program Honoring those who use Information Technology to benefit society Status: Laureate Final Copy of Case Study Year: 2013 Organization Name: Cybersecurity and Infrastructure
More informationPersonal Security Practices of the CAO
Personal Security Practices of the CAO 1. Do you forward your government email to your personal email account? 2. When is the last time you changed your Enterprise password? Within the last 60 days Within
More informationSymantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,
Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security, streamline compliance reporting, and reduce the overall
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationIT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma
IT Governance, Risk and Compliance (GRC) : A Strategic Priority Joerg Asma Agenda Introductions An Overview of IT Governance Risk & Compliance (IT-GRC) The Value Proposition Implementing an IT-GRC Program
More information