IT Trends and the Cyber Security Agenda
|
|
- Clarissa Daniels
- 8 years ago
- Views:
Transcription
1 State of the States: IT Trends and the Cyber Security Agenda Executive Policy Forum on Cyber and Electronic Crime NGA Center for Best Practices September 9, 2008 Doug Robinson Executive Director NASCIO
2 About NASCIO NASCIO represents state chief information officers and information technology executives from the states, territories and D.C. NASCIO's mission is to foster government excellence through h quality business practices, information management, and technology policy.
3 Mission NASCIO's mission is to foster government excellence through quality business practices, information management, and technology policy. Goals NASCIO is the premier network and resource for state CIOs Advance state CIOs as key members of the leadership team NASCIO is a effective advocate for information technology policy at all levels of government
4 State IT Landscape Today Continued consolidation infrastructure, services and people Cyber security: Government At Risk! Critical infrastructure protection uneven investments Ramifications of data breach and citizen trust Insider threats and employee training State IT workforce: retirement wave, IT skills gap, challenge of recruiting Data management: quality and sharing Impact from federal laws, changing programs and unfunded mandates: REAL ID, Medicaid, Homeland Security
5 Multifaceted Role of the State CIO Manage, Deploy, and Develop State IT Resources Cross Boundary Collaboration Customer Service Frontline in Securing State IT Assets Legislation, Policy and Directives State CIO Enterprise Architecture Strategic Planning Provision of State IT Infrastructure State IT Governance Procurement
6 Challenges of State CIOs Bringing the focus to the enterprise Collaborating across and beyond government State IT workforce skills and demands Facilitating efficient, safe exchange of data Managing risks cyber security Building relationships in the face of change Managing and cultivating funding
7 State CIO Priorities: Consolidation: centralizing, consolidating services, operations, resources, infrastructure 2. Security: Tightening security safeguards, enterprise policies, 3. Disaster Recovery: Improving disaster recovery, business continuity planning and readiness 4. Electronic Records Management/Digital Preservation/Ediscovery: strategies, policies, services 5. Health Information Technology: Assessment, partnering 6. Shared Services: Sharing resources, services, infrastructure 7. Connectivity: Strengthening statewide connectivity, broadband 8. Governance: Improving IT governance 9. Interoperability: infrastructure and data 10. Human Capital/IT Workforce: attracting, developing and retaining IT personnel, retire wave planning NASCIO State CIO Survey Nov 2007
8 State CIO: IT and Solution Priorities 1. Virtualization computing and storage 2. Security enhancement tools 3. GIS and spatial analysis 4. Legacy modernization and upgrades 5. Identity Access and Management (IAM) 6. Networking, voice and data communications 7. Document/Content management 8. Wireless: Mobile, remote and fixed wireless 9. Service Oriented Architecture (SOA) and web services NASCIO State CIO Survey Nov 2007
9 States Adopting More Business Disciplines i in IT to Manage Risk Enterprise architecture: blueprint for better government Organizational Transformation / Change Management Enterprise Governance - Series Project and Portfolio Management Service Oriented Enterprise Service level management ITIL
10 Disaster Recovery & Business Continuity Government at Risk: critical infrastructure protection Aging state data centers Critical business recovery No state ready for pandemic IT resiliency and the continuity of government CIO challenge: making the business case for the investment
11 Facing the IT Workforce Challenge Over 27% of state IT workforce will be eligible to retire in 5 years Who will actually retire and when? How best to address the skills gap? Best practices for recruiting and retaining IT workforce
12 Cyber Security and the States Critical infrastructure protection Spam, hacking, spyware, malware, phishing and probes up! More aggressive threats organized criminal activity Insider threat is REAL! Growing role of state CISO Investments by state CIOs
13 The Insider Threat is REAL! IT security incidents: 61% caused by insiders Employee awareness and education is critical Asset management and data protection
14 Why Worry? Data breach at Progressive highlights insider threat (April 06, 2006) An employee at Progressive Casualty Insurance Co. wrongfully accessed information on foreclosure properties she was interested in buying. Progressive officials today confirmed that the company sent out letters in January to 13 people informing them that confidential information, including names, Social Security numbers, birth dates and property addresses had been wrongfully accessed by an employee who has since been fired.
15 Why you should worry Gap security breach exposes data on 800,000 (September 28, 2007) A laptop containing the personal information of job applicants was stolen from third-party vendor that manages job applicant data for Gap. Personal data for approximately 800,000 people who applied online or by phone for store positions at one of Gap Inc. s brands between July 2006 and June 2007 was contained on the stolen laptop.
16 Consequences are real Company Says Worker Stole, Sold Data (July 3, 2007) Fidelity National Information Services reported a worker at one of its subsidiaries i stole 2.3 million consumer records containing credit card, bank account and other personal information. The database administrator sold the information to an unidentified data broker, who sold some of it to direct marketing companies.
17 Loss of property Angry Employee Deletes All of Company's Data (January 24, 2008) When Marie Lupe Cooley, 41, of Jacksonville, Fla., saw a help-wanted ad in the newspaper for a position that looked suspiciously like her current job she assumed she was about to be fired. So, police say, she went to the architectural office where she works late Sunday night and erased 7 years' worth of drawings and blueprints, estimated to be worth $2.5 million
18 Loss of trust Sensitive data loss soars (July 11, 2007) The number of Ohio taxpayers whose personal information was on a stolen state t data device has more than tripled, climbing to 800,000, Gov. Ted Strickland announced. The names and Social Security numbers of 561,126 taxpayers were recently discovered as officials continue to review a copy of the data cartridge stolen from a state intern's car on June 10.
19 Loss of sensitive data Personal information of 30, patients available online for month (August 11, 2007) Patient records were available by web search during a four-week period after Sky Lakes Medical Center (Oregon) shut down its online bill-payment system, and a third-party, Verus, Inc., transferred the data from one server to another to perform maintenance. The hospital terminated its contract with Verus and shut down the system.
20 Corporate liability AG Announces Data Breach At New York Bank (May 21, 2008) Attorney General Richard Blumenthal today announced that a storage company for a New York bank lost an unencrypted backup tape containing Social Security numbers and bank account information belonging to as many as hundreds of thousands of Connecticut consumers and personal information of millions more nationwide.
21 Government sabotage San Francisco officials locked out of computer network (July 15, 2008) A disgruntled city computer engineer has virtually commandeered S.F's new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said. One official said he had been disciplined on the job in recent months for poor performance and that his supervisors had tried to fire him.
22 Don t be a news story [Insert your state government here ]
23 The IT Threat Landscape INTERNAL THREATS EXTERNAL THREATS Theft Fraud Negligent employees Sabotage Lack of compliance Business Partners Contractors Ex-employees Hackers Competitors Criminals Terrorists
24 Why Insider Threat is Worse Insiders have characteristics that outsiders don t: knowledge, access and trust Insider threats are the easiest to perpetrate, p most difficult to prevent, possibly hardest to detect Not just about technology! Effective solution must involve people, process and technology
25
26 CERT Insider Threat Analysis Studied 250 insider threat cases between percent were IT sabotage cases Most were premeditated attacks identifiable by red-flag behavior 30 percent of the attackers had been arrested previously Source: Carnegie Mellon Software Engineering Institute's Computer Emergency Response g g g p g y p Team, 2008.
27 Top Five Insider Threats PEOPLE 1. Malicious employees: sabotage, theft, fraud 2. Inattentive, complacent or untrained employees 3. Contractors, partners and outsourced services PROCESS 4. Inadequate IT security compliance, oversight, authority and training TECHNOLOGY 5. Pervasive computing technology is everywhere and data is on the move
28 Reduce Your Risk: Prevention #1 Security Awareness and Training! Periodic risk assessment Align process with ih policy Employee behavior stress? Disgruntled, demoted or fired employees Enforce compliance Trust, but Verify Social engineering No Tech Hacking
29 Practical Steps to Reduce Risk Strict password & account management Secure your data on the move laptops, PDAs, USB drives Create a data retention plan Enforce separation of duties Wall off data least access Monitor event logs early evidence Criminal background and credit checks
30 Cyber Security and State CIOs: A View Forward Complexity of data protection the need for classification policies The real cost of data breaches Stiff competition for state funding Growing world without wires Millennials as citizens and in the workforce
31 Doug Robinson Executive Director org
Cybersecurity in the States 2012: Priorities, Issues and Trends
Cybersecurity in the States 2012: Priorities, Issues and Trends Commission on Maryland Cyber Security and Innovation June 8, 2012 Pam Walker, Director of Government Affairs National Association of State
More informationThe Imperative for High Assurance Credentials: State Identity Credential and Access Management (SICAM) Guidance and Roadmap
The Imperative for High Assurance Credentials: State Identity Credential and Access Management (SICAM) Guidance and Roadmap AAMVA Region I Conference E-ID, DLDV, and Privacy Conducting Business Securely
More informationState of the States: IT Trends, Priorities and Issues
State of the States: IT Trends, Priorities and Issues OSC Financial Conference 2012 Doug Robinson, Executive Director National Association of State Chief Information Officers Fiscal recovery: budgets are
More informationUnder the Digital Dome: State IT Priorities, Trends and Perspectives
Under the Digital Dome: State IT Priorities, Trends and Perspectives Best Practices Exchange 2014 Conference Montgomery, Alabama November 19, 2014 Doug Robinson, Executive Director National Association
More informationState Governments at Risk: The Data Breach Reality
State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO
More informationSMART LEAN GOVERNMENT NASCIO. Direction, State Experiences and Federated Identity Management. April 29, 2014
SMART LEAN GOVERNMENT NASCIO Direction, State Experiences and Federated Identity Management April 29, 2014 Eric Sweden, Program Director, Enterprise Architecture & Governance Overview Enterprise.... Federation....
More informationThe Digital Identity Ecosystem of the States: Securing the Enterprise
The Digital Identity Ecosystem of the States: Securing the Enterprise Security Industry Alliance September 28, 2011 Doug Robinson, Executive Director National Association of State Chief Information Officers
More informationfor Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs
for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs EXECUTIVE SUMMARY Supervisory Control and Data Acquisition (SCADA) systems are used for remote
More informationEmerging Trends in Information. Impacting the States
Emerging Trends in Information Technology and Policies Impacting the States Doug Robinson, Executive Director National Association of State Chief Information Officers About NASCIO National association
More informationManaging Data as a Strategic Asset: Reality and Rewards
Managing Data as a Strategic Asset: Reality and Rewards GTA Technology Summit 2015 May 11, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About
More informationTrends. AAMVA 2012 International Conference August 21, 2012
State eid Priorities, Issues and Trends AAMVA 2012 International Conference August 21, 2012 Chad Grant, Senior Policy Analyst National Association of State Chief Information Officers About NASCIO National
More informationForces of Change: Perspectives and Trends on State Information Technology 2015 Annual NAJIS Conference October 6, 2015
Forces of Change: Perspectives and Trends on State Information Technology 2015 Annual NAJIS Conference October 6, 2015 Doug Robinson, Executive Director National Association of State Chief Information
More informationNGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;
NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will
More informationCommon Data Breach Threats Facing Financial Institutions
Last Updated: February 25, 2015 Common Data Breach Threats Facing Financial s Although exact figures are elusive, there is no question that the number of data security breaches both reported and unreported
More informationState of the States: Priorities, Trends and Issues NCSL Fall Forum December 6, 2013
State of the States: Priorities, Trends and Issues NCSL Fall Forum December 6, 2013 Mitch Herckis Director of Government Affairs National Association of State Chief Information Officers Today s State IT
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationRisk Mitigation Strategies: Lessons Learned from Actual Insider Attacks
Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks Dawn M. Cappelli Andrew P. Moore CERT Program Software Engineering Institute Carnegie Mellon University 04/09/08 Session Code:DEF-203
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationCyber Risk in Healthcare AOHC, 3 June 2015
Cyber Risk in Healthcare AOHC, 3 June 2015 Kopiha Nathan, Senior Healthcare Risk Management and Data Specialist James Penafiel, Underwriting Supervisor, Insurance Operations CFPC Conflict of Interest -
More informationMAXIMUM PROTECTION, MINIMUM DOWNTIME
MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationIdentity Theft - Problems and Prevention Steps
Identity Theft and the Tax Practice Edward K. Zollars, CPA www.cperesources.com www.currentfederaltaxdevelopments.com New Mexico Tax Conference Today s Session Identity Theft in General Size of the Problem
More information'Namgis Information Technology Policies
'Namgis Information Technology Policies Summary August 8th 2011 Government Security Policies CONFIDENTIAL Page 2 of 17 Contents... 5 Architecture Policy... 5 Backup Policy... 6 Data Policy... 7 Data Classification
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationExecutive Management of Information Security
WHITE PAPER Executive Management of Information Security _experience the commitment Entire contents 2004, 2010 by CGI Group Inc. All rights reserved. Reproduction of this publication in any form without
More informationEstablishing a State Cyber Crimes Unit White Paper
Establishing a State Cyber Crimes Unit White Paper Utah Department of Public Safety Commissioner Keith Squires Deputy Commissioner Jeff Carr Major Brian Redd Utah Statewide Information & Analysis Center
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationAftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationState IT Workforce: Recruiting and Retaining Tech Talent NCSL Legislative Summit Minneapolis, MN August 19, 2014
State IT Workforce: Recruiting and Retaining Tech Talent NCSL Legislative Summit Minneapolis, MN August 19, 2014 Doug Robinson, Executive Director National Association of State Chief Information Officers
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationRSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief
RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationEXIN Information Security Foundation based on ISO/IEC 27002. Sample Exam
EXIN Information Security Foundation based on ISO/IEC 27002 Sample Exam Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied or stored
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
More informationCyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
More informationInsider Risk: What You Don t Know can Lead to Serious Consequences
Insider Risk: What You Don t Know can Lead to Serious Consequences Dawn Cappelli Vice President, Information Risk Management CISO Office Rockwell Automation PUBLIC INFORMATION Actual Insider Sabotage Case
More informationPrivacy, the Cloud and Data Breaches
Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global
More information2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.
The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationState CIOs, Emerging Trends and the Forces of Change
State CIOs, Emerging Trends and the Forces of Change xchange SLED Conference May 25, 2016 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO
More informationLeveraging MITA to Implement Service Oriented Architecture and Enterprise Data Management. Category: Cross Boundary Collaboration
Leveraging MITA to Implement Service Oriented Architecture and Enterprise Data Management Category: Cross Boundary Collaboration Initiation date: August 2011 Completion date: October 2013 Nomination submitted
More informationCommonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives. Initiation date: January 2012
Commonwealth IT Threat Management: Keeping Out the Cyber Villains Category: Cyber Security Initiatives Initiation date: January 2012 Completion date: June 2012 Nomination submitted by: Samuel A. Nixon
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationPrivacy Rights Clearing House
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
More informationHIPAA and Health Information Privacy and Security
HIPAA and Health Information Privacy and Security Revised 7/2014 What Is HIPAA? H Health I Insurance P Portability & A Accountability A - Act HIPAA Privacy and Security Rules were passed to protect patient
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationOVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii
The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department
More information2012 NCSA / Symantec. National Small Business Study
2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationCybersecurity Report on Small Business: Study Shows Gap between Needs and Actions
SURVEY REPORT: cyber security Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions Confidence in a connected world. Executive summary An online survey revealed that while U.S.
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationUtica College. Information Security Plan
Utica College Information Security Plan Author: James Farr (Information Security Officer) Version: 1.0 November 1 2012 Contents Introduction... 3 Scope... 3 Information Security Organization... 4 Roles
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationOFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON
OFFICE OF ENTERPRISE TECHNOLOGY SERVICES QUARTERLY REPORT ON PERIODIC INFORMATION SECURITY AND PENETRATION AUDITS OF THE EXECUTIVE BRANCH INFORMATION TECHNOLOGY SYSTEMS APRIL 1, 2016 SUBMITTED TO THE TWENTY-EIGHTH
More informationPROTECT YOUR COMPUTER AND YOUR PRIVACY!
PROTECT YOUR COMPUTER AND YOUR PRIVACY! Fraud comes in many shapes simple: the loss of both money protecting your computer and Take action and get peace of and sizes, but the outcome is and time. That
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationACE Advantage PRIVACY & NETWORK SECURITY
ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with
More informationUnderstanding Professional Liability Insurance
Understanding Professional Liability Insurance Definition Professional liability is more commonly known as errors & omissions (E&O) and is a form of liability insurance that helps protect professional
More informationKaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com
Kaseya White Paper Endpoint Security Fighting Cyber Crime with Automated, Centralized Management www.kaseya.com To win the ongoing war against hackers and cyber criminals, IT professionals must do two
More informationUnderstanding Security Complexity in 21 st Century IT Environments:
Understanding Security Complexity in 21 st Century IT Environments: A study of IT practitioners in the US, UK, France, Japan & Germany Sponsored by Check Point Software Technologies Independently conducted
More informationFive keys to a more secure data environment
Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational
More informationEvaluation Report. Office of Inspector General
Evaluation Report OIG-08-035 INFORMATION TECHNOLOGY: Network Security at the Office of the Comptroller of the Currency Needs Improvement June 03, 2008 Office of Inspector General Department of the Treasury
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationThe Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor
The Matrix Reloaded: Cybersecurity and Data Protection for Employers Jodi D. Taylor Why Talk About This Now? Landscape is changing Enforcement by federal and state governments on the rise Legislation on
More informationData Management Session: Privacy, the Cloud and Data Breaches
Data Management Session: Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, IIS President, iappanz IACCM APAC Australia Sydney, 1 August 2012 Overview Changing privacy regulation
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationInsider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage. CERT Insider Threat Center
Insider Threat Control: Using a SIEM signature to detect potential precursors to IT Sabotage CERT Insider Threat Center April 2011 NOTICE: THIS TECHNICAL DATA IS PROVIDED PURSUANT TO GOVERNMENT CONTRACT
More information1. Ask what your financial institution knows or has personally experienced with regard to internal and external data breaches.
Part 1: Internal & External Data Breach Vulnerabilities Presented on: Thursday, February 12, 2 3 ET Co presented by: Ann Davidson VP of Risk Consulting at Allied Solutions Joe Majka CSO at Verifone 1 Breakdown
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationTechnology Resource Planning
Technology Resource Planning Part 1: Technology Assessment Summary The Department is dedicated to modernizing and expanding its current information technology function. An independent assessment of the
More informationA Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014
A Small Business Approach to Big Business Cyber Security Brent Bettis, CISSP 23 September, 2014 1 First, a Video http://www.youtube.com/watch?v=cj8wakqwlna 2 3 Agenda Threat Landscape Strategic Initiatives
More informationCyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013
Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory
More information2009 NASCIO Recognition Awards Nomination. A. Title: Sensitive Data Protection with Endpoint Encryption. Category: Information Security and Privacy
2009 NASCIO Recognition Awards Nomination A. Title: Sensitive Data Protection with Endpoint Encryption Category: Information Security and Privacy State: Ohio B. Executive Summary Protecting the confidentiality
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationApplying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.
Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan Agenda Current Threat Landscape The 80/20 Approach Achieving
More informationChairman Johnson, Ranking Member Carper, and Members of the committee:
UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
More informationFinancial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age
Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.
More informationWhat is Cyber Liability
What is Cyber Liability Ubiquitous Warfare Espionage Media Operational Data Security and Privacy Tech 1 Data Security and Privacy Data Breach Response Costs Privacy Regulatory Action Civil Litigation INSURABLE
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationU.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems
U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)
More informationComputer Security at Columbia College. Barak Zahavy April 2010
Computer Security at Columbia College Barak Zahavy April 2010 Outline 2 Computer Security: What and Why Identity Theft Costs Prevention Further considerations Approach Broad range of awareness Cover a
More informationCyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte
Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private
More informationManaging Cyber Risk through Insurance
Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes
More information2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy
2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,
More informationIDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience
IDENTITY & ACCESS Privileged Identity Management controlling access without compromising convenience Introduction According to a recent Ponemon Institute study, mistakes made by people Privilege abuse
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationCards at School. Why Banks View Campuses as High Risk Customers. Payments
Cards at School Why Banks View Campuses as High Risk Customers Dennis W. Reedy, CTP, Managing Director, Treasury Operations, Indiana University Walter Conway, Walter Conway Associates, LLC Accepting credit
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More information1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.
Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is
More information