SolarWinds Federal Cybersecurity Survey Summary Report

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "SolarWinds Federal Cybersecurity Survey Summary Report"

Transcription

1 SolarWinds Federal Cybersecurity Survey Summary Report March 26, Market Connections, Inc.

2 BACKGROUND AND APPROACH 2 Background and Approach SolarWinds and Market Connections worked together to design and conduct a blind online cybersecurity survey among 200 federal government IT decision makers and influencers in January and February Throughout the report, notable significant differences are reported. Statistical analyses were conducted for continuous monitoring status, agency type and job function. There were no significant differences detected by job function. Due to rounding, graphs may not add up to 100%.

3 RESPONDENT CLASSIFICATIONS 3 Organizations Represented If a respondent did not work for any of the specific organization types noted below, the survey was terminated. Organizations Represented Federal, Civilian or Independent Government Agency Department of Defense or Military Service Federal Judicial Branch Intelligence Agency Federal Legislature 3% 2% 40% 56% Sample Organizations Represented (In Alphabetical Order) Air Force Army Department of Agriculture (USDA) Department of Commerce (DOC) Department of Defense (DOD) Department of Energy (DOE) Department of Homeland Security (DHS) Department of Labor (DOL) Department of State (DOS) Department of the Interior (DOI) Department of Transportation (DOT) Department of Treasury (TREAS) Department of Veteran Affairs (VA) Federal Aviation Administration (FAA) Judicial/Courts Marine Corps National Aeronautics and Space Administration (NASA) Navy Social Security Administration (SSA) US Postal Service (USPS) 0% 10% 20% 30% 40% 50% 60% Which of the following best describes your current employer? What agency do you work for?

4 RESPONDENT CLASSIFICATIONS 4 Decision Making Involvement All respondents are knowledgeable or involved in decisions and recommendations regarding IT operations and management and IT security solutions and services. On a team that makes decisions regarding IT security and/or IT operations and management solutions 5 Manage or implement security and/or IT operations and management solutions 4 Evaluate or recommend firms offering IT security and/or IT operations and management solutions 40% Develop technical requirements for IT security and/or IT operations and management solutions 33% Make the final decision regarding IT security and/or IT operations and management solutions or contractors Other involvement in IT security and/or IT operations and management solutions Note: Multiple responses allowed 8% 0% 10% 20% 30% 40% 50% 60% How are you involved in your organization s decisions or recommendations regarding IT operations and management and IT security solutions and services? (select all that apply)

5 RESPONDENT CLASSIFICATIONS 5 Job Function and Tenure A variety of job functions and tenures are represented in the sample, with most being IT/IS staff and working at their agency for over 20 years. Job Function Tenure IT/IS staff 33% 20+ Years 30% IT director/manager 26% Years Security/IA staff 15% Years Security/IA director or manager 5% 5-9 Years 2 CIO/CTO 5% Includes: 3-4 Years IT Procurement CSO/CISO 2% Program Manager 1-2 Years 2% Other <1 Year 0% 10% 20% 30% 40% 0% 10% 20% 30% 40% Which of the following best describes your current job title/function? How long have you been working at your current agency?

6 CONTINUOUS MONITORING IMPLEMENTATION 6 Continuous Monitoring Plan Two-thirds report having implemented at least one continuous monitoring solution. The majority of those who have not started planning report it is due to budget constraints. Supporting Requirements Reasons for Not Planning We have implemented at least one continuous monitoring solution 63% Budget constraints 86% We are planning to implement continuous monitoring 20% Lack of manpower 43% Competing priorities and other initiatives 29% We have not started planning 4% Non-users 37% Lack of top-level direction and leadership 0% Don t know 13% Other 0% 20% 40% 60% 80% 100% N=7 0% 20% 40% 60% 80% 100% How well equipped is your agency to support federal government (ex. OMB mandate, DISA STIG, etc.) continuous monitoring requirements? What are the reasons that you have not started planning to implement continuous monitoring? (select all that apply)

7 CONTINUOUS MONITORING IMPLEMENTATION 7 Return on Investment Nearly half of respondents have measured the return on investment of continuous monitoring and report it is paying off nicely. Of those planning to implement continuous monitoring, the majority plan to measure its return on investment once implemented. Have Measured Return on Investment Plan to Measure ROI Once Implemented Yes, it s paying off nicely 49% Yes Yes, and we re disappointed in the results 9% 3 59% No No, but we feel we re getting our money s worth 38% 10% Unsure at this time No, but we feel we aren t getting a payoff from the technology 4% 0% 10% 20% 30% 40% 50% 60% N=125 N=39 Have you measured the return on your investment in using continuous monitoring? Once implemented, do you plan to measure the return on your investment in using continuous monitoring?

8 CONTINUOUS MONITORING IMPLEMENTATION 8 Continuous Monitoring Benefits The majority perceive more timely awareness of real-time vulnerabilities as the top benefit to comprehensive continuous monitoring. Automated Score Card report on compliance by functional area Increased technical collaboration with various functional areas More timely awareness of real-time vulnerabilities Note: Multiple responses allowed Keeping up with the newest vulnerabilities Keeping up with the latest compliance requirements Increased visibility into current IT configurations More timely visibility into results of compliance efforts Automated compliance reports Reduced labor costs Reduction in Data Calls Other Not sure What do you perceive as the top three benefits to comprehensive continuous monitoring? (select three) 2% 5% % 26% 33% % Keeping up with the newest vulnerabilities 69% Defense 0% 20% 40% 60% 80% = statistically significant difference Civilian 56% 40%

9 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 9 Cybersecurity Readiness The majority describe their agency s overall cybersecurity readiness as good or excellent. A significantly greater proportion of defense agency respondents as well as respondents that use continuous monitoring rate their readiness as excellent. Excellent we have the appropriate tools, processes and policies in place 44% Good some tools, processes or polices are in place and/or some may need updating Poor we are lacking the necessary tools, process Not sure 2% 5% Continuous Monitoring User Non- User Excellent 54% 28% Good 44% 60% Poor 2% 9% 50% Defense Civilian Excellent 54% 37% 0% 10% 20% 30% 40% 50% 60% = statistically significant difference How would you describe your agency s overall cybersecurity readiness?

10 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 10 IT Security Obstacles Respondents most often consider budget constraints as the single most significant high-level obstacle to maintain or improve IT security. Budget constraints 40% Competing priorities and other initiatives Complexity of internal environment 19% Lack of manpower 8% Lack of top-level direction and leadership Lack of training for personnel Lack of clear standards Lack of technical solutions available at my agency Other 6% 5% 4% 2% 4% 0% 10% 20% 30% 40% 50% What is the single most significant high-level obstacle to maintain or improve IT security at your agency?

11 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 11 Tool Implementation Frustrations The majority report lack of budget is the biggest frustration an IT manager faces in implementing cyber security tools. Difficult to update due to evolving compliance requirements Lack of executive buy-in on importance of compliance Note: Multiple responses allowed Lack of budget Organizational issues or turf battles Expensive to maintain Expensive to upgrade High cost of training Difficult to implement and/or operate Hidden operations costs Difficult to update for emerging threats Insufficient or inflexible reporting Agency does not enforce compliance Other What are the biggest frustrations an IT manager in your agency faces in implementing cyber security tools? (select all that apply) 2% 9% 12% 18% 20% 23% 26% 26% 29% 29% 32% 42% Lack of executive buy-in on importance of compliance Continuous Monitoring User 63% Non- User 29% 0% 10% 20% 30% 40% 50% 60% 70% = statistically significant difference

12 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 12 Cybersecurity Threats External hacking and malware are the overall top cybersecurity threats plaguing agencies. External hacking 50% Malware 46% Social engineering 37% SPAM 36% Insider data leakage/theft 29% Denial of service 25% Mobile device theft 20% Physical security attacks APT Other No cyber threats plague my agency Unsure if cyber threats plague my agency 6% 3% 6% 9% 18% External hacking Continuous Monitoring User Non- User 57% 37% Insider data leakage/theft Mobile device theft Physical security attacks Defense Civilian % 25% 25% 13% Note: Multiple responses allowed What types of cybersecurity threats are plaguing your agency? (select all that apply) 0% 10% 20% 30% 40% 50% 60% = statistically significant difference

13 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 13 Security Threat Sources The general hacking community and careless/untrained insiders are the largest sources of security threats at agencies. General hacking community 47% Careless/untrained insiders 42% Foreign governments 34% Hacktivists 26% Terrorists 2 Malicious insiders For-profit crime Industrial spies Other None of the above plague my agency Unsure if these threats plague my agency 3% 4% 6% 9% 1 Defense Civilian General hacking community 35% 55% Careless/untrained insiders 53% 35% Foreign governments 48% 24% Terrorists 3 13% Malicious insiders 26% 10% Note: Multiple responses allowed What are the largest sources of security threats to your agency? (select all that apply) 0% 10% 20% 30% 40% 50% = statistically significant difference

14 CYBERSECURITY OBSTACLES, THREATS, & EVENTS Security Investment Priorities Firewall configuration and security continuous monitoring are the top essential priorities for investing resources in the next 12 months. Not sure 1 Not a priority 2 Low priority 3 Medium priority 4 & 5 High or essential priority 14 AVG Intrusion detection and prevention 2% 3% 78% 4.19 Firewall configuration and security continuous monitoring 4% 3% 19% 74% 4.19 Improving general network defenses e.g., firewalls, secure gateways 3% 3% 2 73% 4.10 Server security and compliance continuous monitoring 4% 3% 22% Identity and access management 2% 6% Network configuration security compliance continuous monitoring 0% 4% 5% 22% 70% 4.10 Database security 5% 4% 24% 68% 4.02 Improving system defenses e.g. anti-virus, HIPS 3% 6% 24% 68% 4.04 Vulnerability management 4% 4% 25% 67% % 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% For each of the following security practices and/or technologies, please indicate your organization s priority level for investing resources in the next 12 months.

15 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 15 Security Investment Priorities (Continued) Not sure 1 Not a priority 2 Low priority 3 Medium priority 4 & 5 High or essential priority Security information and event management 4% 7% 25% 65% AVG Implementing technologies and processes to monitor information system activity Secure document sharing 4% 7% 5% 3% 1 25% 23% 64% 60% Technologies and processes to monitor and block use of removable media (USB, etc.) Secure remote systems administration Patch management Implementing technologies and processes to monitor user activity Improving mobile device security (mobile policy enforcement, etc.) 5% 3% 3% 3% 4% 6% 4% 3% 5% 5% 12% 12% 10% 23% 25% 33% 27% 25% 58% 58% 58% 58% 52% Log management 7% 2% 10% 34% 49% % 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% For each of the following security practices and/or technologies, please indicate your organization s priority level for investing resources in the next 12 months.

16 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 16 Security Investment Priorities (Continued) Continuous monitoring users indicate that most practices and technologies are of essential priority investments significantly more than non-users. 5 - Essential Continuous Monitoring User Non-User Firewall configuration and security continuous monitoring 53% 33% Intrusion detection and prevention 52% 3 Improving system defenses e.g. anti-virus, HIPS 46% 32% Network configuration security compliance continuous monitoring 46% 3 Database security 44% Vulnerability management 4 25% Technologies and processes to monitor and block use of removable media (USB, etc.) 37% 23% Secure remote systems administration 36% 20% Security information and event management 34% 20% Patch management 33% 19% = statistically significant difference For each of the following security practices and/or technologies, please indicate your organization s priority level for investing resources in the next 12 months.

17 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 17 Security Event Detection Respondents report most often that inappropriate internet access by insiders can be detected within minutes. Within minutes Within hours Within one day More than one day No ability to detect Don t know/unsure Inappropriate internet access by insiders 40% 19% 16% 13% 4% 10% Rogue device on network 37% 27% 13% 10% 2% 12% Misuse/abuse of credentials 32% 23% 13% 3% External data breach 3 23% 15% Compromised account 27% 25% 18% 12% 3% New malware variant 25% 29% 20% 12% Firewall rules out of compliance 25% 22% 24% 13% 16% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% How long does it typically take your organization to detect and/or analyze to the following types of security events or compliance issues?

18 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 18 Security Event Detection (Continued) Inappropriate sharing of documents is reported least as being able to be detected within minutes. Within minutes Within hours Within one day More than one day No ability to detect Don t know/unsure Spear-phishing 23% 30% 16% 12% 3% Network device configurations out of compliance 20% 28% 2 2% 13% Windows system configurations out of compliance 18% 30% 20% 20% 4% 10% Non-Windows system configurations out of compliance 25% 16% 19% 5% 19% Data leakage 24% 20% 15% 5% 20% Inappropriate sharing of documents 22% 1 22% 18% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% How long does it typically take your organization to detect and/or analyze to the following types of security events or compliance issues?

19 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 19 Security Event Detection (Continued) Continuous monitoring users indicate detecting and analyzing most security events or compliance issues within minutes significantly more than non-users. Within Minutes Continuous Monitoring User Non-User Inappropriate internet access by insiders 46% 29% Rogue device on network 46% 23% Misuse/abuse of credentials 37% 23% Compromised account 34% 15% Firewall rules out of compliance 30% 16% Windows system configurations out of compliance 23% 8% Data leakage 22% 8% How long does it typically take your organization to detect and/or analyze to the following types of security events or compliance issues? = statistically significant difference

20 RESEARCH TO INFORM YOUR BUSINESS DECISIONS 20 Contact Information Laurie Morrow, Director of Research Services Market Connections, Inc Avion Parkway, Suite 125 Chantilly, VA , ext. 101 Lisa M. Sherwin Wulf, Federal Marketing Leader SolarWinds

Managing the Unpredictable Human Element of Cybersecurity

Managing the Unpredictable Human Element of Cybersecurity CONTINUOUS MONITORING Managing the Unpredictable Human Element of Cybersecurity A WHITE PAPER PRESENTED BY: May 2014 PREPARED BY MARKET CONNECTIONS, INC. 14555 AVION PARKWAY, SUITE 125 CHANTILLY, VA 20151

More information

Managing the Ongoing Challenge of Insider Threats

Managing the Ongoing Challenge of Insider Threats CYBERSECURITY IN THE FEDERAL GOVERNMENT Managing the Ongoing Challenge of Insider Threats A WHITE PAPER PRESENTED BY: May 2015 PREPARED BY MARKET CONNECTIONS, INC. 11350 RANDOM HILLS ROAD, SUITE 800 FAIRFAX,

More information

Federal Network Security Survey Report

Federal Network Security Survey Report Federal Network Security Survey Report April 20, 2015 2015 Market Connec1ons, Inc. EXECUTIVE SUMMARY 2 About the Study As networks become increasingly complex and more data moves across the network vulnerability

More information

FEDERAL CLOUD COMPUTING SUMMIT

FEDERAL CLOUD COMPUTING SUMMIT FEDERAL CLOUD COMPUTING SUMMIT Federal Cloud Computing Summit January 14-15, 2015 Washington Marriott at Metro Center The Federal Cloud Computing Summit will be held on January 14-15, 2015, at the Washington

More information

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CYBER SECURITY INFORMATION SHARING & COLLABORATION Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Working with the FBI

Working with the FBI Working with the FBI WMACCA Data Privacy & Security Conference September 17, 2014 Individuals Organized Crime Syndicates Hacktivist Groups Nation States Nation-States Individuals Industry Law Enforcement

More information

PointofView. You Need to be Known to be Liked: Applying Lessons from Corporate Reputation Management to the Public Sector

PointofView. You Need to be Known to be Liked: Applying Lessons from Corporate Reputation Management to the Public Sector PointofView You Need to be Known to be Liked: Applying Lessons from Corporate Reputation Management to the Public Sector Public Perceptions of the Reputation of the Federal Government and Other Public

More information

Improvements Needed With Host-Based Intrusion Detection Systems

Improvements Needed With Host-Based Intrusion Detection Systems Report No. DODIG-2012-050 February 3, 2012 Improvements Needed With Host-Based Intrusion Detection Systems Warning This report is a product of the Inspector General of the Department of Defense. Its contents

More information

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Speaker: Leo Taddeo Special Agent in Change, Cyber/Special Operations Division Federal Bureau of Investigation Biography: Leo Taddeo Leo Taddeo is the

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY CYBER HYGIENE AND ORGANIZATIONAL PLANNING ARE AT LEAST AS INTEGRAL TO SECURING INFORMATION NETWORKS AS FIREWALLS AND ANTIVIRUS SOFTWARE Cybersecurity

More information

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community A Sampling of Cyber Security Solutions Designed for the

More information

Average annual cost of security incidents

Average annual cost of security incidents Breaches reported Annual number of data breaches Average annual cost of security incidents Among companies with revenues over $1 billion Regulatory mandates 900 800 700 600 500 400 300 200 100 0 2011 2012

More information

ForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002

ForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002 ForeScout CounterACT and Compliance An independent assessment on how network access control maps to leading compliance mandates and helps automate GRC operations June 2012 Overview Information security

More information

CDW-G Federal Cybersecurity Report: Danger on the Front Lines. November 2009. 2009 CDW Government, Inc.

CDW-G Federal Cybersecurity Report: Danger on the Front Lines. November 2009. 2009 CDW Government, Inc. CDW-G Federal Cybersecurity Report: Danger on the Front Lines November 2009 2009 CDW Government, Inc. 1 Table of Contents Introduction 3 Key Findings 4 The Threats 5 Frequent Threats 6 Persistence and

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S.

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon

More information

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Guidelines for Website Security and Security Counter Measures for e-e Governance Project and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,

More information

Achieving Holistic Cybersecurity: 2016 Progress Report. A Candid Survey of Federal Leaders

Achieving Holistic Cybersecurity: 2016 Progress Report. A Candid Survey of Federal Leaders Achieving Holistic Cybersecurity: 2016 Progress Report A Candid Survey of Federal Leaders Underwritten by April 2016 Table of Contents Overview / 3 Executive Summary / 5 Research Findings Confidence in

More information

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask Everything You Wanted to Know about DISA STIGs but were Afraid to Ask An EiQ Networks White Paper 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue,

More information

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information

More information

Cyber Security Solutions:

Cyber Security Solutions: ThisIsCable for Business Report Series Cyber Security Solutions: A Sampling of Cyber Security Solutions Designed for the Small Business Community Comparison Report Produced by BizTechReports.com Editorial

More information

GOVERNMENT SECURITY PRACTITIONER SURVEY:

GOVERNMENT SECURITY PRACTITIONER SURVEY: Introduction In today s IT environment, U.S. federal organizations face a wide range of electronic adversaries, including hackers that develop ever more complex and diverse attacks designed for the specific

More information

Better secure IT equipment and systems

Better secure IT equipment and systems Chapter 5 Central Services Data Centre Security 1.0 MAIN POINTS The Ministry of Central Services, through its Information Technology Division (ITD), provides information technology (IT) services to government

More information

Lessons from the DHS Cyber Test Bed Project

Lessons from the DHS Cyber Test Bed Project Lessons from the DHS Cyber Test Bed Project Theresa Payton President/CEO Fortalice, LLC Presented by: Kemal O. Piskin Senior Cyber Security Engineer Applied Research Associates, Inc. What We ll Discuss

More information

The Importance of Cyber Threat Intelligence to a Strong Security Posture

The Importance of Cyber Threat Intelligence to a Strong Security Posture The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report

More information

Cyber Security: Are You Prepared?

Cyber Security: Are You Prepared? Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete

More information

FEDERAL INFORMATION SECURITY

FEDERAL INFORMATION SECURITY United States Government Accountability Office Report to Congressional Committees September 2015 FEDERAL INFORMATION SECURITY Agencies Need to Correct Weaknesses and Fully Implement Security Programs GAO-15-714

More information

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements

More information

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)

More information

Briefing Outline. Overview of the CUI Program. CUI and IT Implementation

Briefing Outline. Overview of the CUI Program. CUI and IT Implementation Briefing Outline Overview of the CUI Program Establishment of the Program Elements of the CUI Executive Order Categories and Registry Handling CUI Current Efforts Implementation Plan CUI and IT Implementation

More information

Practical Steps To Securing Process Control Networks

Practical Steps To Securing Process Control Networks Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.

More information

Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures

Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment

More information

1. First, how familiar are you with Master of Public Administration (MPA) and Master of Public Policy (MPP) degrees?

1. First, how familiar are you with Master of Public Administration (MPA) and Master of Public Policy (MPP) degrees? . First, how familiar are you with Master of Public Administration (MPA) and Master of Public Policy (MPP) degrees? Not familiar at all 6.2% 64 2 3.4% 3 3 26.6% 0 4 9.2% 76 Extremely familiar 23.8% 94

More information

Security for NG9-1-1 SYSTEMS

Security for NG9-1-1 SYSTEMS The Next Generation of Security for NG9-1-1 SYSTEMS The Challenge of Securing Public Safety Agencies A white paper from L.R. Kimball JANUARY 2010 866.375.6812 www.lrkimball.com/cybersecurity L.R. Kimball

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Deepwater Horizon: The Politics of Disaster

Deepwater Horizon: The Politics of Disaster Deepwater Horizon: The Professor Juliette Kayyem April 2012 US-South Asia Leader Engagement Program Professor Juliette Kayyem Lesson 1 There was the BP Oil Spill and... There was the BP Oil Spill Event

More information

Managing Vulnerabilities For PCI Compliance

Managing Vulnerabilities For PCI Compliance Managing Vulnerabilities For PCI Compliance Christopher S. Harper Vice President of Technical Services, Secure Enterprise Computing, Inc. June 2012 NOTE CONCERNING INTELLECTUAL PROPERTY AND SOLUTIONS OF

More information

Information Assurance Branch (IAB) Cybersecurity Best Practice for Executive Level Managers

Information Assurance Branch (IAB) Cybersecurity Best Practice for Executive Level Managers U.S. Department of State Diplomatic Security Office of Training & Performance Standards Security Engineering & Computer Security Training Division (SECD) Information Assurance Branch (IAB) Cybersecurity

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Protect the data that drives our customers business. Data Security. Imperva s mission is simple: The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent

More information

Critical Security Controls

Critical Security Controls Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security

More information

Information Technology Risk Management

Information Technology Risk Management Find What Matters Information Technology Risk Management Control What Counts The Cyber-Security Discussion Series for Federal Government security experts... by Carson Associates your bridge to better IT

More information

Web 2.0 and Data Protection. Paul Tsang Security Consultant McAfee

Web 2.0 and Data Protection. Paul Tsang Security Consultant McAfee Web 2.0 and Data Protection Paul Tsang Security Consultant McAfee Criminal Motivators For Profit Targeted Attacks Cyber Warfare (Credit Cards, PII, Criminal Infrastructure) (Nation-State Secrets, Trade

More information

Security and Privacy

Security and Privacy Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices

More information

Global IT Security Risks

Global IT Security Risks Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most

More information

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software

More information

Appendix -- Homeland Security Mission Funding by Agency and Budget Account (budget authority in millions of dollars)

Appendix -- Homeland Security Mission Funding by Agency and Budget Account (budget authority in millions of dollars) Department of Agriculture 508.8-528.6-603.6 Agricultural Research Service/ Buildings and Facilities/005-18-1401 - - 45.0-113.7 Protecting Critical Infrastructure and Key Assets - - 45.0-113.7 Agricultural

More information

SECURITY CONSIDERATIONS FOR LAW FIRMS

SECURITY CONSIDERATIONS FOR LAW FIRMS SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,

More information

I N T E L L I G E N C E A S S E S S M E N T

I N T E L L I G E N C E A S S E S S M E N T I N T E L L I G E N C E A S S E S S M E N T (U//FOUO) Malicious Cyber Actors Target US Universities and Colleges 16 January 2015 Office of Intelligence and Analysis IA-0090-15 (U) Warning: This document

More information

Building a Business Case:

Building a Business Case: Building a Business Case: Cloud-Based Security for Small and Medium-Size Businesses table of contents + Key Business Drivers... 3... 4... 6 A TechTarget White Paper brought to you by Investing in IT security

More information

Network Security. Intertech Associates, Inc.

Network Security. Intertech Associates, Inc. Network Security Intertech Associates, Inc. Agenda IT Security - Past to Future Security Vulnerabilities Protecting the Enterprise What do we need in each site? Requirements for a Security Architecture

More information

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

THREAT VISIBILITY & VULNERABILITY ASSESSMENT THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings

More information

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats

More information

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS CYBER ATTACKS INFILTRATE CRITICAL INFRASTRUCTURE SECTORS Government and enterprise critical infrastructure sectors such as energy, communications

More information

The Department of Homeland Security The Department of Justice

The Department of Homeland Security The Department of Justice The Department of Homeland Security The Department of Justice to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information

More information

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced

More information

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions SURVEY REPORT: cyber security Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions Confidence in a connected world. Executive summary An online survey revealed that while U.S.

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information

Defending Against Cyber Attacks with SessionLevel Network Security

Defending Against Cyber Attacks with SessionLevel Network Security Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive

More information

4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015

4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015 CYBER LIABILITY AND AVIATION Presented by Hal Hunt May 3, 2015 AGENDA Introduction Leaning Objectives Threat Examples Underwriting Protection/Cyber Policy Summary 2 LEARNING OBJECTIVES Understand Key Terms

More information

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC. Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

CYBER SECURITY THREAT REPORT Q1

CYBER SECURITY THREAT REPORT Q1 CYBER SECURITY THREAT REPORT Q1 Moving Forward Published by UMC IT Security April 2015 0 U.S. computer networks and databases are under daily cyber-attack by nation states, international crime organizations,

More information

IT Security Community

IT Security Community IT Security Community Who are we? The CompTIA IT Security is a group focused on the changing security issues of today. Who should join? Anyone looking to stay current with the ever- changing security landscape.

More information

Actions and Recommendations (A/R) Summary

Actions and Recommendations (A/R) Summary Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry

More information

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers. Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information

Secretary of the Senate Office of Public Records 232 Hart Building Washington, DC 20510 http://www.senate.gov/lobby

Secretary of the Senate Office of Public Records 232 Hart Building Washington, DC 20510 http://www.senate.gov/lobby Page 1 of 12 Clerk of the House of Representatives Legislative Resource Center B-106 Cannon Building Washington, DC 20515 http://lobbyingdisclosure.house.gov Secretary of the Senate Office of Public Records

More information

Top five strategies for combating modern threats Is anti-virus dead?

Top five strategies for combating modern threats Is anti-virus dead? Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.

More information

Cyber Security: Defending Your Enterprise

Cyber Security: Defending Your Enterprise Cyber Security: Defending Your Enterprise www.gdit.com/cyber RELIABLE, REPEATABLE MEASURABLE, AFFORDABLE The Threat Spectrum Outsider Threats Terrorists, theft, spies, hackers, foreign governments, denial

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

An Overview of Large US Military Cybersecurity Organizations

An Overview of Large US Military Cybersecurity Organizations An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United

More information

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014 Endpoint & Server Protection Brent Biernat First Vice President Network Services May 13, 2014 The Evolution of Cyber Crime 1878 Bell Telephone Teenage Switchboard Operator Disconnected calls, eavesdropped,

More information

April 17, 2012 2012 CDW

April 17, 2012 2012 CDW April 17, 2012 2012 CDW INTRODUCTION AND METHODOLOGY One in four organizations has experienced a data loss in the last two years. Many report breaches jeopardizing their email, network or other sensitive

More information

2012 Endpoint Security Best Practices Survey

2012 Endpoint Security Best Practices Survey WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners

More information

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult

More information

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices

TASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security

More information

Data Breaches in the Government Sector. A Rapid7 Research Report

Data Breaches in the Government Sector. A Rapid7 Research Report Data Breaches in the Government Sector A Rapid7 Research Report Summary of Report Across all industries, data breaches and the protection of business-critical data remain a top concern. While the government

More information

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION Information security is a critical issue for institutions of higher education (IHE). IHE face issues of risk, liability, business continuity,

More information

Who s Doing the Hacking?

Who s Doing the Hacking? Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from

More information

Efficacy of Emerging Network Security Technologies

Efficacy of Emerging Network Security Technologies Efficacy of Emerging Network Security Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part

More information

Cybersecurity: What CFO s Need to Know

Cybersecurity: What CFO s Need to Know Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction

More information

State of Network Security 2014

State of Network Security 2014 State of Network Security 2014 An AlgoSec Survey Copyright 2014. AlgoSec, Inc. All rights reserved. Executive Summary A survey of 142 information security and network operations professionals and application

More information

Information Assurance, Network Ops, and Cyber Security: Filling the Gaps with SecureVue

Information Assurance, Network Ops, and Cyber Security: Filling the Gaps with SecureVue Information Assurance, Network Ops, and Cyber Security: Filling the Gaps with SecureVue EiQ Networks Information Assurance, Network Ops, and Cyber Security: Filling the Gaps with SecureVue Deploying Standard

More information

Promoting a cyber security culture and demand compliance with minimum security standards;

Promoting a cyber security culture and demand compliance with minimum security standards; Input by Dr. S.C. Cwele Minister of State Security, Republic of South Africa Cyber Security Meeting, Johannesburg 27 March 2014 I would like to thank the Wits School of Governance for inviting us to contribute

More information

Federal Cyber Security Outlook for 2010

Federal Cyber Security Outlook for 2010 Federal Cyber Security Outlook for 2010 National IT Security Challenges Mounting How well prepared are IT professionals within U.S. government agencies to respond to foreign cyber threats? Will government

More information

A Channel Company White Paper. Online Security. Beyond Malware and Antivirus. Brought to You By:

A Channel Company White Paper. Online Security. Beyond Malware and Antivirus. Brought to You By: A Channel Company White Paper Online Security Beyond Malware and Antivirus Brought to You By: Abstract Security has always encompassed physical and logical components. But in the face of Bring Your Own

More information

Defensible Strategy To. Cyber Incident Response

Defensible Strategy To. Cyber Incident Response Cyber Incident Response Defensible Strategy To Cyber Incident Response Cyber Incident Response Plans Every company should develop a written plan (cyber incident response plan) that identifies cyber attack

More information

Experience the commitment. white paper. Information Security Continuous Monitoring. Charting the Right Course. cgi.com

Experience the commitment. white paper. Information Security Continuous Monitoring. Charting the Right Course. cgi.com Experience the commitment white paper Information Security Continuous Monitoring Charting the Right Course cgi.com Hacking, malware, distributed denial of service attacks, insider threats and other criminal

More information

Malware isn t The only Threat on Your Endpoints

Malware isn t The only Threat on Your Endpoints Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks

More information

State of Security Survey GLOBAL FINDINGS

State of Security Survey GLOBAL FINDINGS 2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding

More information

AND RESPONSE. Continuity Insights Conference Chicago June 18-19, 2013. Unclassified

AND RESPONSE. Continuity Insights Conference Chicago June 18-19, 2013. Unclassified CYBER THREATS AND RESPONSE Continuity Insights Conference Chicago June 18-19, 2013 Unclassified OBJECTIVES Why it is important Threats, players, and response FBI s Next Generation Cyber Government and

More information

A Return On Investment from Computer Security Technology

A Return On Investment from Computer Security Technology A Return On Investment from Computer Security Technology 16th Annual Computer Security Applications Conference December 11-15, 2000 Gregory B. White, Ph.D. VP Professional Services SecureLogix Corporation

More information

Carney, Inc. helps Federal agencies accelerate workforce performance

Carney, Inc. helps Federal agencies accelerate workforce performance Carney, Inc. helps Federal agencies accelerate workforce performance In the face of rapidly developing national priorities, an inundation of information, and constrained resources, the need to enable the

More information

Energy Industry Cybersecurity Report. July 2015

Energy Industry Cybersecurity Report. July 2015 Energy Industry Cybersecurity Report July 2015 Energy Industry Cybersecurity Report INTRODUCTION Due to information sharing concerns, energy industry cybersecurity information is not readily available.

More information

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it Complete and high performance protection where you need it Overview delivers high-performance protection against physical and virtual server downtime with policy based prevention, using multiple protection

More information