CYBER THREAT BRIEF ANDREW DOLAN DIRECTOR OF STAKEHOLDER ENGAGEMENT
|
|
- Buck Campbell
- 7 years ago
- Views:
Transcription
1 CYBER THREAT BRIEF ANDREW DOLAN DIRECTOR OF STAKEHOLDER ENGAGEMENT
2 The key cybersecurity resource for cyber threat prevention, protection, response and recovery for all U.S. State, Local, Tribal and Territorial governments.
3 WHO WE SERVE MS-ISAC Members include: ü All 56 US States and Territories ü All 78 federally recognized fusion centers ü More than 1,000 local governments, public education entities, and tribal nations State, Local, Tribal, and Territorial Cities, counties, towns, airports, public education, police departments, ports, transit associations, and more
4 WHY GOVERNMENT? Criminals look for data... And governments have a lot of it!
5 Vulnerabilities Content Management Systems Plug In s Server Web Programming Language Phishing ü Well Written ü Appear Credible ü Enticing or Shocking Subject ü Apparent Trusted Source
6 TIME-TO-PATCH % of Patched WordPress Instances following a WordPress Remote Code Execution Vulnerability (patch released 8/4/15) 59.2% 61.4% 62.7% 64.7% 65.6% 54.6% Week 1 Week 2 Week 3 Week 4 Week 5 Week 6
7 WHO ARE BEHIND THE THREATS? Hacktivists Cyber Criminals Nation States
8 HACKTIVISTS Doxing DDoS Attacks Social, Political & Ideological Agenda Opportunistic System Compromise Targeted Web Defacements
9 Serial DDoS Attacker 10 Successful DDoS attacks in March 2015 From March to July 2015 Vikingdom claimed 74 DDoS attacks against state and local government websites in 34 states. Social Media Bragger Twitter, YouTube Attacker of: Municipalities, gaming services, hospitals Claim to Motivation: Police abusing innocent victims
10 CYBER CRIMINALS Zeus Financial Motivation Upatre/ Dyre Shifu Power & Control Varying Expertise Dridex Ransomware
11 Emptied ATMs ACROSS THE WORLD Prepaid debit credit database copied onto plastic cards with magnetic strips 36,000 transactions in 10 hours Coordinated with Cash Crews Preconfigured to eliminate withdrawal limits Discovered through flashy purchases and social media
12 CRYPTOWALL CRYPTOLOCKER TESLACRYPT ü Phishing s üattached zip file or straight executable ü Or Zeus infection ü Encrypts all personal files on local hard drive and file shares ü Demands $200-$600 for the decryption key ü Payment must be made within 72hrs-100hrs otherwise the decryption key is destroyed
13 NATION STATE ACTORS/APT Political Leverage Competitive Insight Intellectual Capital Cyber Warfare
14 UKRAINE S CRITICAL INFRASTRUCTURE Boryspil International Airport Kiev, Ukraine Power Grid Shut Down 80,000 customers lost power for 6 hours BlackEnergy Malware IP Attributed to Russia
15 EVERYONE MAKES MISTAKES. The trick is to learn from them!
16 24 X 7 SECURITY OPERATIONS CENTER Central location to report any cybersecurity incident 24/7 Support for: ü Network Monitoring Services ü Research and Analysis 24/7 Analysis & Monitoring of: ü Threats ü Vulnerabilities ü Attacks 24/7 Reporting: ü Cyber Alerts & Advisories ü Web Defacements ü Account Compromises ü Hacktivist Notifications Phone: info@msisac.org
17 COMPUTER EMERGENCY RESPONSE TEAM (CERT) ü Incident Response (includes on-site assistance) ü Network & Web Application Vulnerability Assessments ü Malware Analysis ü Computer & Network Forensics ü Log Analysis ü Statistical Data Analysis ü Penetration Testing To report an incident or request assistance: Phone: Any SLTT
18 MONITORING OF IP RANGE & DOMAIN SPACE IP Monitoring ü IPs connecting to monitored malicious C&C ü Compromised IPs ü Indicators of compromise from the MS-ISAC network monitoring (Albert) ü Notifications from Spamhaus Domain Monitoring ü Notifications on compromised user credentials ü Vulnerability Management Program (VMP) Send domains, IP ranges, and contact info to: Any SLTT
19 WHAT CAN YOU DO? ü Patch! ü Training ü Backups ü Harden Systems ü Update Policies ü Compliance ü Scan Systems ü Encrypt Mobile Devices
20 NEW GOVERNMENTAL PRECEDENTS BEING SET
21 QUESTIONS? Andrew Dolan Director of Stakeholder Engagement
Threats to Local Governments and What You Can Do to Mitigate the Risks
Association of Minnesota Counties Threats to Local Governments and What You Can Do to Mitigate the Risks Andrew Dolan Director of Government Affairs Multi-State Information Sharing and Analysis Center()
More informationHong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望
Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination
More informationDepartment of Homeland Security
Department of Homeland Security Cybersecurity Awareness for Colleges and Universities EDUCAUSE Live! July 24, 2014 Overview Dramatic increase in cyber intrusions, data breaches, and attacks at institutions
More informationUNCLASSIFIED. Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC)
Briefing to Critical Infrastructure Sector Organizations on the Canadian Cyber Incident Response Centre (CCIRC) Cyber in the News 1 Tactics, Techniques and Procedures These observed tactics, techniques
More informationRLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses
RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright
More informationI N T E L L I G E N C E A S S E S S M E N T
I N T E L L I G E N C E A S S E S S M E N T (U//FOUO) Malicious Cyber Actors Target US Universities and Colleges 16 January 2015 Office of Intelligence and Analysis IA-0090-15 (U) Warning: This document
More informationGet the most out of Public Sector Cyber Security Associations & Collaboration
Get the most out of Public Sector Cyber Security Associations & Collaboration Gary Coverdale Chief Information Security Officer County of Napa, CA Stacey A. Wright Intel Manager MS-ISAC Get the most out
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information
More informationAs global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended
As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended Global Cybercrime has an estimated cost of US$ 110 Billion per year Every second, 18 adults become a
More informationWebinar: Creating a Culture of Cybersecurity at Work
Webinar: Creating a Culture of Cybersecurity at Work Thursday, Oct. 8, 2105 stopthinkconnect.org Agenda Welcome/NCSA Landscape Start With Security: Federal Trade Commission NIST Framework: Better Business
More informationIntegrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)
Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and
More informationCybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015
Cybersecurity: A Growing Concern for All Businesses RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 RLI Design Professionals is a Registered Provider with The American
More informationWho s Doing the Hacking?
Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from
More informationReport on CAP Cybersecurity November 5, 2015
Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationTMCEC CYBER SECURITY TRAINING
1 TMCEC CYBER SECURITY TRAINING Agenda What is cyber-security? Why is cyber-security important? The essential role you play. Overview cyber security threats. Best practices in dealing with those threats.
More informationCyber Security Threats Shehzad Mirza Director of the MS ISAC SOC
Cyber Security Threats Shehzad Mirza Director of the MS ISAC SOC Will Pelgrin CIS President and CEO MS ISAC Chair 2.6 Billion Internet Users 13% 1% 6% 3% Asia 44% 10% Europe 22.7% 44% North America 13.0%
More informationSummary of the State of Security
Summary of the State of Security Tram Jewett, CISA CliftonLarsonAllen LLP Virginia GFOA Annual Spring Conference, 2016 1 1 Summary of the State of Security Tram Jewett, MS., CISA, 11 years IT audit and
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationTrust the Innovator to Simplify Cloud Security
Trust the Innovator to Simplify Cloud Security Contents MailGuard Pty Ltd Page 1 of 7 2 Let s get real for a moment. Your antivirus software isn t stopping fastbreak phishing and other spam attacks like
More informationIntegrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education
Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and Healthy Students Hamed Negron-Perez,
More informationSECURITY 2.0 LUNCHEON
PROTECTING YOUR ORGANIZATION SECURITY 2.0 LUNCHEON AGAINST CYBER THREATS Tommy Montgomery, Principal Consultant Viral Dhimar, Consultant Adam Ferguson, VP October 22, 2014 #SWCEvents Security 2.0: Next
More informationGEARS Cyber-Security Services
Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationNational Cybersecurity & Communications Integration Center (NCCIC)
National Cybersecurity & Communications Integration Center (NCCIC) FOR OFFICIAL USE ONLY NCCIC Overview NCCIC Overview The National Cybersecurity and Communications Integration Center (NCCIC), a division
More information2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.
2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program. Entry Name HFA Submission Contact Phone Email Qualified Entries must be received by
More informationCyber Security 2014 SECURE BANKING SOLUTIONS, LLC
Cyber Security CHAD KNUTSON SECURE BANKING SOLUTIONS 2014 SECURE BANKING SOLUTIONS, LLC Presenter Chad Knutson Senior Information Security Consultant Masters in Information Assurance CISSP (Certified Information
More informationInformation Security Addressing Your Advanced Threats
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
More informationThe Multi-State Information Sharing and Analysis Center 31 Tech Valley Drive East Greenbush, NY 12061 info@msisac.org soc@msisac.
The Multi-State Information Sharing and Analysis Center (MS-ISAC) is a voluntary and collaborative effort designated by The Department of Homeland Security as the key resource for cyber threat prevention,
More informationTop Five Things You Need to Know About Cybersecurity. Larry Mattox, VC3 Session #7
Top Five Things You Need to Know About Cybersecurity Larry Mattox, VC3 Session #7 Cyber breaches are more sophisticated and can happen to any size organization. Victims of Cyber-espionage CNN, Washington
More informationTargeted Intrusion Remediation: Lessons From The Front Lines. Jim Aldridge
Targeted Intrusion Remediation: Lessons From The Front Lines Jim Aldridge All information is derived from MANDIANT observations in non-classified environments. Information has beensanitized where necessary
More informationA Case for Managed Security
A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction
More informationFACT SHEET: Ransomware and HIPAA
FACT SHEET: Ransomware and HIPAA A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationNYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011
NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011 Executive Summary BACKGROUND The NYS Local Government Vulnerability Scanning Project was funded by a U.S. Department of Homeland Security
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationCOULD YOUR BUSINESS SURVIVE A CRYPTOR? Learn how to guard against crypto-ransomware. www.kaspersky.com/business #SecureBiz
COULD YOUR BUSINESS SURVIVE A CRYPTOR? Learn how to guard against crypto-ransomware www.kaspersky.com/business #SecureBiz A practical guide to cryptor attacks The damage they do to businesses and how to
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationCIS 2014 Annual Report 1 2014 ANNUAL REPORT. William F. Pelgrin President & CEO. John M. Gilligan Chairman, Board of Directors
CIS 2014 Annual Report 1 2014 ANNUAL REPORT John M. Gilligan Chairman, Board of Directors William F. Pelgrin President & CEO 2 CIS 2014 Annual Report Commited to Protecting Critical Assets CIS 2014 Annual
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationInformation Security for the Rest of Us
Secure Your Way Forward. AuditWest.com Information Security for the Rest of Us Practical Advice for Small Businesses Brian Morkert President and Chief Consultant 1 Introduction President Audit West IT
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationIncident Response. Six Best Practices for Managing Cyber Breaches. Nick Pollard, Senior Director Professional Services EMEA / APAC, Guidance Software
Incident Response Six Best Practices for Managing Cyber Breaches Nick Pollard, Senior Director Professional Services EMEA / APAC, Guidance Software www.encase.com 2014 Guidance Software Inc., All Rights
More information5 Tools For Passing a
5 Tools For Passing a 4530 Plank Rd., Ste. 111, Fredericksburg, VA 22407 3 Health Insurance Portability and Accountability Act 4 Health Information Technology for Economic and Clinical Health Act 4 5 1
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationPerspectives on Cyber Security Strategies & Tactics
Perspectives on Cyber Security Strategies & Tactics Joshua Schmookler, Passaic County NJ MIS Department Security Administrator Micah Hassinger, Bergen County NJ Communications Director of Information Technology
More informationPresentation Objectives
Gerry Cochran, IT Specialist Jennifer Van Tassel, Associate Examiner Office of the State Comptroller Thomas P. DiNapoli State & Local Government Accountability Andrew A. SanFilippo Executive Deputy Comptroller
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationDepartment of Homeland Security
Department of Homeland Security National Cybersecurity Assessments & Technical Services (NCATS) Service Overview, Success and Challenges 3/18/2016 1 Agenda Discussion about NCATS Current Programs and Services
More informationWCA WEBINAR SERIES: The Case for Cyber Security Training
WCA WEBINAR SERIES: The Case for Cyber Security Training PLEASE NOTE: IN ORDER TO HEAR THE AUDIO FOR THIS WEBCAST YOU WILL NEED TO USE YOUR TELEPHONE TO DIAL INTO THE FOLLOWING CONFERENCE LINE: Conference
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationN-Dimension Solutions Cyber Security for Utilities
AGENDA ITEM NO.: 3.A. MEETING DATE; 08/18/2014 N-Dimension Solutions Cyber Security for Utilities Cyber Security Protection for Critical Infrastructure Assets The cyber threat is escalating - Confidential
More informationCYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015
CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015 TODAY S PRESENTER Viviana Campanaro, CISSP Director, Security and
More informationCybersecurity Governance Update on New FFIEC Requirements
Cybersecurity Governance Update on New FFIEC Requirements cliftonlarsonallen.com Our perspective CliftonLarsonAllen Started in 1953 with a goal of total client service Today, Professional Services Firm
More informationCyber - Security and Investigations. Ingrid Beierly August 18, 2008
Cyber - Security and Investigations Ingrid Beierly August 18, 2008 Agenda Visa Cyber - Security and Investigations Today s Targets Recent Attack Patterns Hacking Statistics (removed) Top Merchant Vulnerabilities
More informationPromoting a cyber security culture and demand compliance with minimum security standards;
Input by Dr. S.C. Cwele Minister of State Security, Republic of South Africa Cyber Security Meeting, Johannesburg 27 March 2014 I would like to thank the Wits School of Governance for inviting us to contribute
More informationGovernment Entity located in St. Louis Serving Government for over 40 Years
Government Entity located in St. Louis Serving Government for over 40 Years Primary Focus - Law Enforcement/Court Systems, Infrastructure Support, and Colocation Services 140 employees (100+ are IT) Dumb
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More information2014 NACo National Cyber Symposium April 10, 2014
2014 NACo National Cyber Symposium April 10, 2014 Chief Information Security and Privacy Officer King County Washington Governance Board President Holistic Information Security Practitioner Institute (HISPI)
More informationAgenda. Introduction to SCADA. Importance of SCADA security. Recommended steps
Agenda Introduction to SCADA Importance of SCADA security Recommended steps SCADA systems are usually highly complex and SCADA systems are used to control complex industries Yet.SCADA systems are actually
More informationMEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO
E MARITIME SAFETY COMMITTEE 95th session Agenda item 4 MSC 95/4/1 5 March 2015 Original: ENGLISH MEASURES TO ENHANCE MARITIME SECURITY Industry guidelines on cyber security on board ships Submitted by
More informationIndian Computer Emergency Response Team (CERT-In) Annual Report (2010)
Indian Computer Emergency Response Team (CERT-In) Annual Report (2010) Indian Computer Emergency Response Team (CERT-In) Department of Information Technology Ministry of Communications & Information Technology
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationCyber Security for Start-ups: An Affordable 10-Step Plan
SESSION ID: ECO-W03 Cyber Security for Start-ups: An Affordable 10-Step Plan David Cowan Partner Bessemer Venture Partners @davidcowan Acknowledgements Startups don't like friction to get their job done.
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationAuditing emerging cyber threats and IT controls
Auditing emerging cyber threats and IT controls Robert Baldi Director of IT Audit, ACI Worldwide Warren Fish Manager of IT Audit, ACI Worldwide Competency The trouble with competence is that it is always
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationInternet security: Shutting the doors to keep hackers off your network
Internet security: Shutting the doors to keep hackers off your network A Paralogic Networks Guide www.scholarisintl.com Introduction Like all revolutionary steps in technological development the Internet
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationKristin Judge Executive Director Trusted Purchasing Alliance Center for Internet Security
National Council of County Association Executives Kristin Judge Executive Director Trusted Purchasing Alliance Center for Internet Security William F. Pelgrin CIS President & CEO Chair Center for Internet
More informationPractice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited
Practice Good Enterprise Security Management Presented by Laurence CHAN, MTR Corporation Limited About Me Manager Information Security o o o o Policy formulation and governance Incident response Incident
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationTHE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS
THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationFostering Incident Response and Digital Forensics Research
Fostering Incident Response and Digital Forensics Research Bruce J. Nikkel bruce.nikkel@ubs.com September 8, 2014 Abstract This article highlights different incident response topics with a focus on digital
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES. second edition
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES second edition The information provided in this document is presented as a courtesy to be used for informational purposes only.
More informationHow we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz)
How we see malware introduced Phishing Targeted Phishing Water hole Download (software (+ free ), music, films, serialz) Domain.Local DC Client DomainAdmin Attack Operator Advise Protect Detect Respond
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security Evangelist @StephenCoty
EMERGING THREATS & STRATEGIES FOR DEFENSE Stephen Coty Chief Security Evangelist @StephenCoty Industry Analysis 2014 Data Breaches - Ponemon Ponemon 2014 Data Breach Report *Statistics from 2013 Verizon
More informationdata Tracking cyber kidnappers
APRICOT 2015, Fukuoka APCERT Security Track Dr Andrew Clark Senior Technical Advisor, CERT Australia Presenta2on overview About CERT Australia Ransomware campaign targegng Australia CharacterisGcs Response
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationThe trend of the Cyber Security and the efforts of NEC. December 9 th, 2015 NEC Corporation
The trend of the Cyber Security and the efforts of NEC December 9 th, 2015 NEC Corporation Agenda 1. NEC Corporate Profile 2. NEC s Activity for Safer-City 3. NEC Cyber Security Solution 3.1 Security Operation
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationCybersecurity Health Check At A Glance
This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationSTATE OF NEW YORK PUBLIC SERVICE COMMISSION
COMMISSIONERS PRESENT: Garry A. Brown, Chairman Patricia L. Acampora Gregg C. Sayre Diane X. Burman STATE OF NEW YORK PUBLIC SERVICE COMMISSION At a session of the Public Service Commission held in the
More informationSoftware that provides secure access to technology, everywhere.
Software that provides secure access to technology, everywhere. Joseph Patrick Schorr @JoeSchorr October, 2015 2015 BOMGAR CORPORATION ALL RIGHTS RESERVED WORLDWIDE 1 Agenda What are we dealing with? How
More informationSecurity Intelligence
IBM Security Security Intelligence Security for a New Era of Computing Erno Doorenspleet Consulting Security Executive 1 PARADIGM SHIFT in crime Sophistication is INCREASING Attacks are More Targeted Attackers
More informationSecurity Analytics for Smart Grid
Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard
More informationDefending Against Attacks by Modeling Threat Behaviors
Defending Against Attacks by Modeling Threat Behaviors John Benninghoff Transvasive Security Transparent and Pervasive Security 2013 Verizon DBIR Recommendations What can we do about it? Collect, analyze
More informationOvercoming PCI Compliance Challenges
Overcoming PCI Compliance Challenges Randy Rosenbaum - Security Services Exec. Alert Logic, CPISM Brian Anderson - Product Manager, Security Services, SunGard AS www.sungardas.com Goal: Understand the
More informationWhat legal aspects are needed to address specific ICT related issues?
What legal aspects are needed to address specific ICT related issues? Belhassen ZOUARI CEO, National Agency for Computer Security, Tunisia Head of the Tunisian Cert (tuncert), E-mail : b.zouari@ansi.tn
More informationDepartment of Management Services. Request for Information
Department of Management Services Request for Information Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 Submitted By: Carlos Henley
More information