Government of Canada Cyber Security Event Management Plan (formerly GC IT Incident Management Plan)
|
|
- Nickolas Warner
- 7 years ago
- Views:
Transcription
1 Government of Canada Cyber Security Event Management Plan (formerly GC IT Incident Management Plan) Presentation to PSCIOC March 5 th, 2015
2 Overview Drivers Current Landscape Proposed Changes Expected Outcomes Next Steps 2
3 Recent GC Headlines 3
4 Drivers Recent incidents have shown that the GC continues to be a target for cyber attacks Exploited vulnerability, compromising 900 SINs at Revenue Canada (April 2014) Sophisticated, targeted cyber intrusion at National Research Council (June 2014) Two incidents on different ends of the spectrum provided good insight into GC incident management processes Lessons Learned exercises from both incidents revealed some recurring themes related to the GC IT Incident Management Plan 4
5 Current Landscape: Incident Management Roles and Responsibilities All departments/agencies Departmental security (people, information, assets and services) Treasury Board Secretariat Security policy direction & oversight All depts. TBS Canadian Security Intelligence Service Investigations of threats to national security CSIS CSE Communications Security Establishment IT Security advice, guidance & intelligence Monitoring and detection on internal systems Royal Canadian Mounted Police Criminal investigations, cyber crime, forensics RCMP SSC Shared Services Canada (for 43 departments & agencies) Service provider & infrastructure owner IT Security for servers, networks and Public Safety (Canadian Cyber Incident Response Centre) National incident response coordination for non-federal government systems Public Safety (CCIRC) DND SSC (GC-CIRT) GC Computer Incident Response Team (for all of the GC) Central coordination authority for incident response (housed at SSC) Department of National Defence Investigations and intelligence related to national defence 5
6 Current Landscape: GC IT Incident Management Plan (IMP) Provides an operational framework for the horizontal management of IT security incidents on GC networks Originally published in 2009, updated in 2012 Due for renewal Lessons Learned exercises following Heartbleed and NRC incidents revealed some issues with the IMP: Focuses on incidents only after a compromise occurs Lacks clearly defined invocation/escalation triggers Complex governance structure Missing link to Public Safety s Federal Emergency Response Plan (FERP) 1 Contains minimal reporting requirements 1 Additional FERP detail found in Annex A 6
7 A New Approach: GC Cyber Security Event Management Plan Drafting of the new GC Cyber Security Event Management Plan (GC CS EMP) is currently underway Addresses lessons learned and improves the GC s ability to respond in consistent and coordinated manner GC IT IMP (old) Focused on confirmed incidents only Lack of clearly defined invocation and escalation triggers Complex governance structure No link to FERP Minimal reporting requirements GC CS EMP (new) Considers all cyber events (which include potential threats & vulnerabilities, as well as confirmed incidents) Clearly defined triggers for invocation and escalation, based on priority levels Streamlined governance structure, with dynamic invocation of appropriate committees based on event priority Clearly defined priority level that implies immediate invocation of FERP Detailed reporting and communication requirements (including timelines) for all stakeholders 7
8 GC CS EMP: Other Changes UNCLASSIFIED / NON CLASSIFIÉ Other changes to the GC CS EMP include: A detailed RACI (Responsible, Authority, Consulted, Informed) matrix to clarify roles and responsibilities Updated processes and clearly defined inputs/outputs for each phase of the event management lifecycle Clearly defined departmental expectations in all phases More granular departmental requirements have been removed (to be included in a separate departmental incident management best practices guide) New event priority levels that dictate level of response required (see next slide) Explicitly defined communications channels Ensures that situational awareness is maintained throughout the event management lifecycle Includes clear linkages between the GC and Public Safety to enable effective sharing of technical information and coordination of public communication 8
9 GC CS EMP: Proposed Priority Levels* *Draft, based on the multi-state information sharing & analysis center methodology ( 9
10 Expected Outcomes The GC CS EMP is expected to: Improve coordination and incident management planning within the GC Mitigate threats and vulnerabilities before a compromise can occur Enhance situational awareness across the GC Inform decision-making at all levels Enhance public confidence in GC 10
11 Impact to Provinces/Territories UNCLASSIFIED / NON CLASSIFIÉ The GC CS EMP is used to address cyber security events in the GC only No explicit role for P/Ts in this plan P/Ts are assumed to have their own incident management framework that ultimately links into the FERP GC CS EMP does have indirect benefits to P/Ts: More effective coordination of GC-wide events will minimize impact on federal programs and services that P/Ts rely on A normalized view of the federal cyber landscape will be shared with CCIRC through more efficient information sharing channels More value added federal event information that P/Ts can to respond to similar events 11
12 Next Steps March 2015 Finalize draft of GC CS EMP Q1 2015/16 Table top exercises at varying levels Departments Lead Security Agencies (first responders) Senior Management (DG/ADM) Finalization of GC CS EMP (including formal approval) Q2 2015/16 Publish GC CS EMP 12
13 ANNEX A: Federal Emergency Response Plan Federal Emergency Response Plan (FERP) background: Harmonizes federal emergency response efforts with those of provinces and territories, NGOs, and the private sector Allows for horizontal and vertical harmonization of effort throughout the federal government Provides an integrated, strategic GC response FERP coordination is utilized when: A province or territory requests federal support to deal with an emergency An emergency of such magnitude occurs that it impacts multiple jurisdictions and/or government departments An event directly involves federal assets, services, employees, statutory authority/responsibilities, or impacts confidence in government Aspects of the national interest are affected 13
FEDERAL EMERGENCY RESPONSE PLAN
FEDERAL EMERGENCY RESPONSE PLAN JANUARY 2011 This plan has been developed by the Government of Canada in consultation with appropriate partners/stakeholders. In accordance with the Policy on Government
More informationAction Plan 2010-2015 for Canada s Cyber Security Strategy
Action Plan -2015 for Canada s Cyber Security Strategy Her Majesty the Queen in Right of Canada, 2013 Cat: PS9-1/2013E-PDF ISBN: 978-1-100-21895-3 ii Introduction Information technology is highly integrated
More informationDigital government toolkit
Digital Government Strategies: Good Practices Canada: Enterprise IT Governance, Planning, Reporting and Oversight The OECD Council adopted on 15 July 2014 the Recommendation on Digital Government Strategies.
More informationAudit of Business Continuity Audit of Business Planning Continuity Planning
Reviewed by CRS in accordance with the Access to Information Act (AIA). Information UNCLASSIFIED Audit of Business Continuity Audit of Business Planning Continuity Planning October 2013 7050-61 (CRS) SECRET
More informationNATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA
NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA JOÃO MANUEL ASSIS BARBAS Coronel de Artilharia. Assessor de Estudos do IDN INTRODUCTION Globalization and information and communication technologies
More informationCourse 4202: Fraud Awareness and Cyber Security Workshop (3 days)
Course introduction It is vital to ensure that your business is protected against the threats of fraud and cyber crime and that operational risk processes are in place. This three-day course provides an
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationSpecific recommendations
Background OpenSSL is an open source project which provides a Secure Socket Layer (SSL) V2/V3 and Transport Layer Security (TLS) V1 implementation along with a general purpose cryptographic library. It
More informationInformation Technology Control Framework in the Federal Government Considerations for an Audit Strategy
Information Technology Control Framework in the Federal Government Considerations for an Audit Strategy Presentation to The Institute of Internal Auditors Breakfast Session February 6, 2014 Outline of
More informationEnterprise Planning and Governance Government of Canada
Enterprise Planning and Governance Government of Canada 27 th International Colloquium on Financial Management for National Governments September 2015 Patricia Sauvé-McCuan Assistant Comptroller General,
More informationOverview TECHIS60241. Carry out risk assessment and management activities
Overview Information in all its forms is a vital component of the digital environment in which we live and work. The protection of information in its physical form is well understood but the protection
More informationAnatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow
Anatomy of a Breach: A case study in how to protect your organization Presented By Greg Sparrow Agenda Background & Threat landscape Breach: A Case Study Incident Response Best Practices Lessons Learned
More informationTechnology and Cyber Resilience Benchmarking Report 2012. December 2013
Technology and Cyber Resilience Benchmarking Report 2012 December 2013 1 Foreword by Andrew Gracie Executive Director, Special Resolution Unit, Bank of England On behalf of the UK Financial Authorities
More informationCYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION. Architecture Framework Advisory Committee November 4, 2014
CYBER AND IT SECURITY: CLOUD SECURITY FINAL SESSION Architecture Framework Advisory Committee November 4, 2014 1 Agenda TIME TOPICS PRESENTERS 9:00 9:15 Opening Remarks and Introductions Shirley Ivan,
More informationChief Review Services REVIEW OF DND/CF INFORMATION SECURITY. October 2002 7050-7 (CRS) Canada
REVIEW OF DND/CF INFORMATION SECURITY October 2002 7050-7 (CRS) Canada TABLE OF CONTENTS OVERVIEW... 1 INTRODUCTION... 1 Comparative Assessment of the DND/CF Information Security Program... 1 RECOMMENDATIONS...
More informationFederal Emergency Preparedness and Response System
Annex L Federal Emergency Preparedness and Response System Date of Latest Version: October 2006 Summary of Significant Changes: Reflects the establishment of the new department Public Safety and Emergency
More informationGovernment of Canada Transformation of Pay Administration Initiative. Presentation to Financial Management Institute
Government of Canada Transformation of Pay Administration Initiative Presentation to Financial Management Institute Presented By: Brigitte Fortin, Associate Assistant Deputy Minister Accounting, Banking
More information$1 Items included in these Supplementary Estimates
The following table presents authorities requested by organizations in $1 items. The underlined text indicates the authority being sought. Agriculture and Agri-Food Agriculture and Agri-Food Department
More informationNSERC SSHRC AUDIT OF IT SECURITY Corporate Internal Audit Division
AUDIT OF IT SECURITY Corporate Internal Audit Division Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada September 20, 2012 Corporate
More informationPRIVY COUNCIL OFFICE. Audit of Information Technology (IT) Security. Final Report
An asterisk appears where sensitive information has been removed in accordance with the Access to Information Act and Privacy Act. PRIVY COUNCIL OFFICE Audit of Information Technology (IT) Security Audit
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationDesigning & Implementing. Programs. MBA Bank Expo 2012 April 11, 2012
Designing & Implementing Enterprise Security Programs MBA Bank Expo 2012 April 11, 2012 Session Purpose G R O U P Premise: Security is institutionalized, but the enterprise is evolving. the enterprise
More information2010 Data Breach Investigations Report
2010 Data Breach Investigations Report Matthijs van de Wel Managing Principal Forensics EMEA 2010 Verizon. All Rights Reserved. PTE14626 07/10 PROPRIETARY STATEMENT This document and any attached materials
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationPRIVACY IMPACT ASSESSMENT FROM A REGULATOR S S POINT OF VIEW
29e CONFÉRE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERE #62036 1 PRIVACY IMPACT ASSESSMENT FROM
More informationCSIS/DOJ Active Cyber Defense Experts Roundtable March 10, 2015
CSIS/DOJ Active Cyber Defense Experts Roundtable March 10, 2015 On March 10, 2015 the Center for Strategic and International Studies, in conjunction with the Cybersecurity Unit of the U.S. Department of
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More informationPWGSC YOUR SERVICE OUR SERVICES, STANDARDS AND RESULTS 2015 2016
PWGSC YOUR SERVICE OUR SERVICES, STANDARDS AND RESULTS 2015 2016 BUYING AND SELLING A. KEY SERVICES We provide departments and agencies with the expertise needed to acquire complex commercial goods and
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationGovernment of Canada Update. Municipal CIO Summit April 10-12, 2014 Banff, AB
Government of Canada Update Municipal CIO Summit April 10-12, 2014 Banff, AB Outline Government of Canada Update Road Map & Policy Architecture Cyber Authentication Statistics Usage Statistics to date
More informationNIST National Institute of Standards and Technology
NIST National Institute of Standards and Technology Lets look at SP800-30 Risk Management Guide for Information Technology Systems (September 2012) What follows are the NIST SP800-30 slides, which are
More informationGuidance on the Governance and Management of Evaluations of Horizontal Initiatives
Guidance on the Governance and Management of Evaluations of Horizontal Initiatives Centre of Excellence for Evaluation Expenditure Management Sector Treasury Board of Canada Secretariat Her Majesty the
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationRoyal Canadian Mounted Police Cybercrime Strategy
Royal Canadian Mounted Police Cybercrime Strategy 2015 HER MAJESTY THE QUEEN IN RIGHT OF CANADA as represented by the Royal Canadian Mounted Police. Cat. no.: PS64-128/2015E-PDF ISBN: 978-0-660-03030-2
More informationUNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)
Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC) Cyber in the News 1 Tactics, Techniques and Procedures These observed tactics, techniques
More informationAuditor General of Canada to the House of Commons
2002 Report of the Auditor General of Canada to the House of Commons APRIL Chapter 3 Information Technology Security The April 2002 Report of the Auditor General of Canada comprises eight chapters, a Foreword
More informationCyber Incident Response
State Capitol P.O. Box 2062 Albany, NY 12220-0062 www.its.ny.gov New York State Information Technology Standard IT Standard: Cyber Incident Response No: NYS-S13-005 Updated: 03/20/2015 Issued By: NYS ITS
More informationCyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks
Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks July 2014 Cyber Threat Intelligence and Incident Coordination Center: Protecting
More informationInformation Security Incident Management Guidelines
Information Security Incident Management Guidelines INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu Version #1.0, June 21, 2006 Copyright 2006 by The Regents of The University of
More informationCyber-Security. FAS Annual Conference September 12, 2014
Cyber-Security FAS Annual Conference September 12, 2014 Maysar Al-Samadi Vice President, Professional Standards IIROC Cyber-Security IIROC Rule 17.16 BCP The regulatory landscape Canadian Government policy
More informationFSDF SPATIAL INFORMATION MANAGEMENT POLICIES SECURITY
FSDF SPATIAL INFORMATION MANAGEMENT POLICIES SECURITY Objective: Securing the Foundation Spatial Data Framework. This document is presented by ANZLIC the Spatial Information Council, representing the Australian
More informationSSC Operations IT Transformation in Motion
SSC Operations IT Transformation in Motion Financial Management Institute (FMI PD Week 2013) November 28, 2013 Kevin Radford Senior Assistant Deputy Minister Operations Branch Outline SSC OPERATIONS IT
More informationENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency
ENISA s Study on the Evolving Threat Landscape European Network and Information Security Agency Agenda Introduction to ENISA Preliminary remarks The ENISA report Major findings Conclusions 2 ENISA The
More informationAudit of Information Technology Security: Certification and Accreditation
Draft August 2007 Reviewed by CRS in accordance with the Access to Information Act (AIA). Information withheld in accordance with the AIA under section 15(1)(c) International affairs and defence of the
More informationAudit of the Policy on Internal Control Implementation
Audit of the Policy on Internal Control Implementation Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada February 18, 2013 1 TABLE OF
More informationAudit of Project Management Governance. Audit Report
Audit of Project Management Governance Audit Report March 2015 TABLE OF CONTENTS Executive Summary... 3 What we examined... 3 Why it is important... 3 What we found... 3 Background... 5 Objective... 6
More informationCyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems
Cyber Incident Annex Coordinating Agencies ITS-Information Technology Systems Support Agencies Mississippi Department of Homeland Security Mississippi Emergency Management Agency Mississippi Department
More informationEnergy Industry Cybersecurity Report. July 2015
Energy Industry Cybersecurity Report July 2015 Energy Industry Cybersecurity Report INTRODUCTION Due to information sharing concerns, energy industry cybersecurity information is not readily available.
More informationIT Security Risk Management: A Lifecycle Approach
Information Technology Security Guidance IT Security Risk Management: A Lifecycle Approach ITSG-33 November 2012 Foreword The of is an unclassified publication issued under the authority of the Chief,
More informationIT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies
IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document
More informationCyber threat intelligence and the lessons from law enforcement. kpmg.com.au
Cyber threat intelligence and the lessons from law enforcement kpmg.com.au Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many organisations
More informationHow To Write A Listing Policy For A Species At Risk Act
Fisheries and Oceans Canada Species at Risk Act Listing Policy and Directive for Do Not List Advice DFO SARA Listing Policy Preamble The Fisheries and Oceans Canada (DFO) Species at Risk Act (SARA) Listing
More informationE-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION
1. Introduction E-SECURITY REVIEW 2008 DISCUSSION PAPER FOR PUBLIC CONSULTATION Australia s national security and economic and social well-being rely upon the use and availability of a range of Information
More informationCyber Security Information Sharing: A Case Study of Olympic Proportions
Cyber Security Information Sharing: A Case Study of Olympic Proportions Lynne Genik, Scientist, DRDC CSS Luc Beaudoin, Chief of Cyber Operations, CCIRC Presentation for CRHNet Symposium October 24, 2012
More information2 Gabi Siboni, 1 Senior Research Fellow and Director,
Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,
More informationThreat Management: Incident Handling. Incident Response Plan
In order to meet the requirements of VCCS Security Standards 13.1 Reporting Information Security Events, and 13.2 Management of Information Security Incidents, SVCC drafted an (IRP). Incident handling
More informationNational Cybersecurity Assessment and Technical Services
National Cybersecurity Assessment and Technical Services Updated: September 9, 2015 NCATS Program Overview Offer Full-Scope Red Team/Penetration Testing Capabilities through two primary programs: Risk
More informationLessons from Defending Cyberspace
Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationKeynote: FBI Wednesday, February 4 noon 1:10 p.m.
Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Speaker: Leo Taddeo Special Agent in Change, Cyber/Special Operations Division Federal Bureau of Investigation Biography: Leo Taddeo Leo Taddeo is the
More informationTHE drop cap white spread is the chartacter style to use for the drop cap. Use this masater
Headline White, Etc. Etc. Etc. Cybersecurity: Subhead Main White Byline White Program Managers Have Questions. Got Answers? THE drop cap white spread is the chartacter style to use for the drop cap. Use
More informationCyber Incident Management Planning Guide. For IIROC Dealer Members
Cyber Incident Management Planning Guide For IIROC Dealer Members Table of Contents 1 Executive Summary... 3 1.1 Background... 5 1.1.1 Objectives... 5 1.1.2 Context... 5 2 An Overview of Cybersecurity
More informationASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012. Co-Chair s Summary Report
ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012 Co-Chair s Summary Report 1. Pursuant to the 18 th ASEAN Regional Forum (ARF) Ministerial meeting in Bali,
More informationNational Approach to Information Assurance 2014-2017
Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version
More informationRisk Management Guide for Critical Infrastructure Sectors
Risk Management Guide for Critical Infrastructure Sectors Page 1 of 37 Version 1.0 Foreword Managing risk is a shared responsibility among all critical infrastructure stakeholders, including governments,
More informationRisk Profiling Toolkit DEVELOPING A CORPORATE RISK PROFILE FOR YOUR ORGANIZATION
Risk Profiling Toolkit DEVELOPING A CORPORATE RISK PROFILE FOR YOUR ORGANIZATION I Background Under the TBS Risk Management Policy, departments and agencies must identify the potential perils, factors
More informationPassenger Protect Program Transport Canada
AUDIT REPORT OF THE PRIVACY COMMISSIONER OF CANADA Passenger Protect Program Transport Canada Section 37 of the Privacy Act 2009 AUDIT OF PASSENGER PROTECT PROGRAM, TRANSPORT CANADA The audit work reported
More informationInteroperability Business Case: An Introduction to Ongoing Local Funding
Interoperability Business Case: An Introduction to Ongoing Local Funding Introduction When flood waters rise, a bridge collapses, or a fire rages out of control, saving lives and property requires a coordinated
More informationCyber Threat Intelligence Move to an intelligencedriven cybersecurity model
Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model Stéphane Hurtaud Partner Governance Risk & Compliance Deloitte Laurent De La Vaissière Director Governance Risk & Compliance
More informationDRAFT Report on Office of the Superintendent of Financial Report on Institutions Office of the Superintendent of Financial
DRAFT Report on Office of the Superintendent of Financial Report on Institutions Office of the Superintendent of Financial Institutions Regulation Sector Approvals & Precedents Group Office of the Chief
More informationCyber Incident Annex. Cooperating Agencies: Coordinating Agencies:
Cyber Incident Annex Coordinating Agencies: Department of Defense Department of Homeland Security/Information Analysis and Infrastructure Protection/National Cyber Security Division Department of Justice
More informationSTATE OF NEW HAMPSHIRE STRATEGIC PLAN TO ADDRESS CYBER CRIME
STATE OF NEW HAMPSHIRE STRATEGIC PLAN TO ADDRESS CYBER CRIME MAY 2004 Page 1 of 7 State of New Hampshire Strategic Plan to Address Cyber Crime May 2004 Introduction Cyber crime, or more broadly, electronic
More informationImpact of Cybersecurity Innovations in Key Sectors (Technical Insights)
Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Customized cybersecurity measures help overcome Industry specific challenges September 2014 Table of Contents Section Slide Number
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationData Masking Best Practices
Data Masking Best Practices 1 Information Security Risk The risk that sensitive information becomes public 2 Information Security Risk Government systems store a huge amount of sensitive information Vital
More informationINTELLIGENCE. For obvious reasons, we do not have an extensive list of alumni who are working in the field of intelligence.
INTELLIGENCE Description of the Field Work in the intelligence field may involve intelligence collection and analysis, sharing intelligence, security screening and sharing information with the public.
More informationPASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013
2013 PASTA Abstract Process for Attack S imulation & Threat Assessment Abstract VerSprite, LLC Copyright 2013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
More informationCYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison
CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison Gary Solway* Bennett Jones LLP The August release of the purported names and other details of over 35 million customers
More informationWater Security in New Jersey: Partnership and Services
GOV. CHRIS CHRISTIE LT. GOV. KIM GUADAGNO DIR. CHRIS RODRIGUEZ NJOHSP OFFICE OF HOMELAND SECURITY AND PREPAREDNESS Preparedness Act Water Security in New Jersey: Partnership and Services Created by the
More informationHow we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)
How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond
More informationNATO Cyber Security Capabilities & Industry Opportunities Building on Solid Foundations. Ian J West Chief, Cyber Security
1 NATO Cyber Security Capabilities & Industry Opportunities Building on Solid Foundations Ian J West Chief, Cyber Security Ian.west@ncia.nato.int 2 NATO UNCLASSIFIED Cyber Security Service Line Ian West
More informationENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY
E FACILITATION COMMITTEE 39th session Agenda item 7 FAL 39/7 10 July 2014 Original: ENGLISH ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE Measures toward enhancing maritime cybersecurity Submitted
More informationAssuring Telecom (Infrastructure and Services) An Operations Perspective
Industry Canada Assuring Telecom (Infrastructure and Services) An Operations Perspective IC Security Roles and Activities Assure Telecom Infrastructure and Services Enhance Telecom Security Expertise and
More informationIndustry Engagement Event. CLOUD COMPUTING SOLUTIONS CONSULTATION EN578 151297/A November 13 th, 2014 Delta Hotel, Ottawa.
Industry Engagement Event CLOUD COMPUTING SOLUTIONS CONSULTATION EN578 151297/A November 13 th, 2014 Delta Hotel, Ottawa. Safe Harbour Statement This presentation contains information regarding potential
More informationPUBLIC SAFETY. Industry Solutions Harness the Power of GIS for Public Safety
PUBLIC SAFETY Industry Solutions Harness the Power of GIS for Public Safety Esri has thousands of customers worldwide who are using the transforming power of GIS technology to respond to disasters and
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationNo. 33 February 19, 2013. The President
Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001
More informationESKISP6054.01 Conduct security testing, under supervision
Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to
More informationInformation Security Management System (ISMS) Policy
Information Security Management System (ISMS) Policy April 2015 Version 1.0 Version History Version Date Detail Author 0.1 18/02/2015 First draft Andy Turton 0.2 20/02/2015 Updated following feedback from
More informationKeynote Speech. Beth Dugan Deputy Comptroller for Operational Risk. The Clearing House s First Operational Risk Colloquium
Keynote Speech by Beth Dugan Deputy Comptroller for Operational Risk at The Clearing House s First Operational Risk Colloquium February 11, 2015 Washington, D.C. Thank you. It s an honor to be invited
More informationCanada s Cyber Security Strategy. For a stronger and more prosperous Canada
Canada s Cyber Security Strategy For a stronger and more prosperous Canada Her Majesty the Queen in Right of Canada, 2010 Cat. No.: PS4-102/2010E-PDF ISBN: 978-1-100-16934-7 Printed in Canada Message from
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationESKISP6064.03 Conducts vulnerability assessment under supervision
Conducts vulnerability assessment under supervision Overview This standard covers the competencies required to conduct vulnerability assessments under supervision. This includes following processes for
More informationUpdate On Smart Grid Cyber Security
Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationCanada s Cyber Security Strategy. For a stronger and more prosperous Canada
Canada s Cyber Security Strategy For a stronger and more prosperous Canada Her Majesty the Queen in Right of Canada, 2010 Cat. No.: PS4-102/2010E-PDF ISBN: 978-1-100-16934-7 Printed in Canada Message from
More informationPBSi Business Continuity Planning
Business Continuity Planning Definition Business Continuity planning is a planning process designed to reduce the risk that disruptive failures or events could seriously harm your business. It is designed
More informationINVESTMENT PLANNING AND PRIORITY SETTING: Management Approaches to Resource Allocation
INVESTMENT PLANNING AND PRIORITY SETTING: Management Approaches to Resource Allocation Treasury Board Secretariat: Mel Thompson : Catherine Ella, P Eng, PMP Speakers Mel Thompson is the Principal Analyst
More informationPhase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls
Phase II of Compliance to the Policy on Internal Control: Audit of Entity-Level Controls Office of the Chief Audit and Evaluation Executive Audit and Assurance Services Directorate November 2013 Cette
More information