Cyber Solutions Handbook

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cyber Solutions Handbook"

Transcription

1 Cyber Solutions Handbook Making Sense of Standards and Frameworks by Matthew Doan Ian Bramson Laura Eise

2 Cyber Solutions Handbook Making Sense of Standards and Frameworks The strength of an organization s cybersecurity program is now a market differentiator, and cybersecurity is a key business enabler. Today, chief information security officers (CISO) and their equivalents are facing increased responsibility amid a series of quickly evolving and often enterprise-wide challenges. Remediation-centric defense is not enough to combat current cyber threats, and CISOs must build an effective communication link between the server room and the board room in order to have an effective program. This paper is one of a series of handbooks that provide pragmatic insight and assistance on how to address the key issues facing cybersecurity leaders today. Businesses understand the importance of cybersecurity. Once relegated to the IT department as an afterthought, cybersecurity is now part of a company s core strategic planning and investment portfolio. ressure is high to ensure that all of the company s assets and operations are secure; boards and executives are looking to CISOs for answers. Yet change is constant and quick, and standards and frameworks have risen to the forefront as a strategy to tackle this new environment. These paradigms present opportunity for insight and growth, but only if they are used in the appropriate context and it can be difficult to sort through this alphabet soup. This handbook provides context for the numerous cybersecurity standards and frameworks that currently exist. We put forth concrete recommendations for evolving the legacy mindset of program compliance to one of program maturity and risk-based security. However, there is no formula for security; there is a difference between being compliant and being secure. Focusing on maturity rather than checking the box provides organizations both the flexibility and the comprehensive view necessary to manage their risks and achieve their goals. Developing a robust maturity model is a significant undertaking, but there are existing models that can be used to rapidly evolve programs. Applying these models correctly, while taking into consideration the appropriate industry standards and frameworks, will align your security program to your organizational strategy, while providing concrete and risk-based guidance on how you can advance your program to enable the business. Addressing an Alphabet Soup of Cybersecurity Standards and Frameworks In the rush to address an increasingly complex cyber environment and provide a standardized, structured approach to cybersecurity, we have, ironically, created innumerable options. From A (audits) to Z (Zachman Framework), it is easy to drown in the confusing alphabet soup of standards and frameworks. 1 As demonstrated by the examples below, these criteria span industries and vary in approach. There are well-known industry governance and control frameworks such as the Control Objectives for Information [and Related] Technology (COBIT) by ISACA, and international best practice standards such as the certifiable ISO/IEC Government entities, such as the National Institute for Standards and Technology (NIST), try to centralize and drive common practices, standards, lexicon, and requirements (e.g., the catalog of security controls in NIST Special ublication ). We have control and risk management guidance focused on the financial industry, such as Basel (I, II, III), Gramm-Leach-Bliley Act (GLBA), and the Federal Financial Institutions Examinations Council (FFIEC). We see specialized guidance in the healthcare industry, such as the Health Information Trust 1 A large number of cybersecurity standards and frameworks have emerged in recent years; the acronym jargon used to describe these has made it all the more difficult to understand and apply relevant guidance. 1

3 Alliance (HITRUST) framework and Health Insurance ortability and Accountability Act (HIAA) controls. There are even structures for specifying product security standards, such as Common Criteria. So how can we begin to sift through all this information? Which framework might help you? The short answer is, probably most of them. Some you ll have to comply with, while others are great reference material. However, picking and choosing the right elements among all this available guidance is difficult, and still even if you are the most gifted security architect of all time mostly leaves you with a checkthe-box approach. So what to do? Read on. The NIST Cybersecurity Framework: Key Takeaways On top of these existing standards and frameworks, a new initiative kicked off in early 2013 when the Obama Administration enacted Executive Order and residential olicy Directive (D-21), primarily focused on improving cybersecurity among private sector critical infrastructure organizations. Many companies regard these directives as the writing on the wall for eventual federal regulation around cybersecurity for private companies. A primary product that emerged was a voluntary Cybersecurity Framework for managing cyber risks, spearheaded by NIST. Released in mid-february 2014, the Framework is a compilation of standards, guidelines, and best practices for managing cybersecurity-related risk, while protecting information confidentiality, individual privacy, and civil liberties. Although adoption of the NIST Framework is voluntary, many analysts suggest that it may be perceived as a future de facto standard of care, which could be used to measure companies in regulatory enforcements, class actions, and other lawsuits following cyber attacks and privacy breaches. The NIST Framework provides two important and fundamental elements for establishing or improving a cybersecurity program: (1) content and (2) an approach for using that content. When first glancing at the underpinnings, the Framework may appear as little more than a compilation of existing industry standards and frameworks. While its substance essentially points to such established industry guidance, this reflects the inputs gathered by NIST from among hundreds of industry cybersecurity practitioners. Consensus is good. In regard to approach, NIST provides some very high-level yet useful guidance for how to use the content. It describes using the Framework to establish an understanding of where the program currently is, and by infusing an understanding of cyber risk, security professionals can then develop targets and an action plan for meeting those targets. This is certainly an evolutionary step forward toward aligning security to organizational risk, but it still uses existing standards and frameworks (i.e., compliance material) as the guide for improvement. Acknowledging the Difference between Compliance and Security Despite the good intentions of standards and frameworks, the fundamental truth is that there is no formula for security. Many companies are compliant with certain regulations because they are mandated by law. While avoiding legal exposures, fines, sanctions, and potential jail time is a good motivator, it does not make your company more secure. Standards and frameworks can help identify the landscape of potential areas you might want to address. They also might let you set a minimum level of performance. However, standards often force you to be either compliant or non-compliant. There is not always a middle ground or consideration for unique organizational risk. Too often you are either a one or a zero. If not used in the appropriate context, standards are a generic solution to a highly individualized problem set. Cybersecurity is intimately tied to your business strategy and operations, and it must be personalized to your organization. With the CISO role becoming a strategic business enabler, we can no longer afford to check a box. Your company s strategies, risks, goals, and operations should shape the cybersecurity program. This is even more critical with restricted budgets and resources, so you need to know where and how to scale your investments. The NIST Framework begins to shift the mindset of security leaders towards a risk-based approach. However, the NIST Framework is still a high-level construct designed to help think about the problem, and does not include robust or actionable guidance to mature a cybersecurity program. But the Framework s authors acknowledge this fact. They advise leveraging external guidance, including existing maturity models, to drive a security program forward. Valuing Maturity over Checkboxes Rather than focusing on a standard, look at your program with a maturity lens. Understand the various degrees of risk you face and then, within a wellestablished structure, decide where you need to invest and develop. It is up to you to prioritize the control areas that you must address first, your current maturity in those areas, and what you must do to increase your maturity. Focusing on your maturity provides you with an opportunity to identify where your program stands today, where it must be in the future, and how to get there. A maturity approach is not one size fits all. Rather, you need to conduct an honest assessment of your baseline maturity in the areas that are key to your success. You also must establish your target states. These targets will vary based on your business needs and various exposures to cyber risk. A large multinational corporation, for example, might determine that it needs an advanced capability to internally monitor the risk presented by its hundreds of suppliers, while a smaller company with just a few suppliers might be able to outsource this to an established, low-cost third party. The two target states for each of these control groups would be very different. By building your approach based on risk and maturity, instead of blindly complying with standards, you move the responsibility of security from an outside entity to your organization. The Characteristics of a Strong Maturity Model Developing a strong maturity model is a significant undertaking; most organizations do not have the resources to take this on. However, there are existing models out there to use, developed by sector bodies or private companies. So what does a good model look like? It covers both a broad range of topics and provides significant depth in each topic to ensure comprehensive and detailed guidance needed to enhance your cybersecurity program. Effective cybersecurity maturity models include: Functional and enabling controls Functional controls are more technical/operational in nature (e.g., application security, vulnerability assessment), while enabling controls pertain to governance, risk management, and other organizational functions that support (i.e., enable) the technical operations Logical organization of high-level and low-level views Logically organized objectives and measures that are used to pinpoint and evaluate specific aspects of your security program A maturity spectrum of granular and measureable details A clear scale of maturity, defined by characteristics and indicators to accurately assess your level of maturity eople, process, and technology dimensions Multifaceted views that let you evaluate each control area in its key component parts A foundation grounded in established best practices Developed from best practices across industry, government, and academia. Using a Maturity Model to Evolve a Cybersecurity rogram Appropriately applying a maturity model is as important as developing or choosing the right one. The following is an overview of one proven approach on how to put an effective maturity model into practice. As illustrated in Exhibit 1, this approach focuses on placing the model 2 3

4 Exhibit 1 Cybersecurity Maturity Model Implementation Approach Exhibit 3 Sample Cybersecurity Risks and Applicable Control Families 1 2 Apply a 3 Assess your 4 risk-based maturity Exhibit 2 Strategic Objective Examples and Related Cybersecurity Risks Objective Align cyber security with organizational strategy Globalization We will expand globally. Supply Chain We must ensure our supply chain operations are not interrupted. Research and Development We will innovate by providing our customers new digital offerings. prioritization Cybersecurity Risks Note: Example Only Not Comprehensive o Untrusted IT equipment used in foreign offices o Third party with unrestricted access to customer information o Unsecured mobile devices o oor personnel screening practices o Malware introduced from third-party suppliers o Non-transparent supplier security practices o Corrupted data in business process workflows o DDoS exposures in web-facing applications Make a plan o oorly protected source code for new digital product o Development environment is open to many individuals o oor situational awareness of internal access to sensitive R&D information Objective Sample Cybersecurity Risks Sample Applicable Control Families Globalization Supply Chain Research and Development 1. Unsecured mobile devices 2. Non-transparent supplier security practices 3. oor awareness of internal access to sensitive R&D information Exhibit 4 Representative Assessment of the Situational Awareness Control Family o Mobile Security o Strategy & olicy o Governance o Strategy & olicy o Supplier Security Management o ersonnel Screening o Situational Awareness o Situational Awareness Control Objectives Lead Bronze Silver Gold latinum Security Event Collection Security Event Analysis T T as the centerpiece of the organization setting the tone for both program structure and assessment. Step 1: Align Cybersecurity with Organizational Strategy Boil down your organization s strategic objectives and core value-generating operations into a set of short, declarative, and concrete statements. Understand which operations must continue to enable the sources of most value. In addition, consider the strategic actions your company is or will soon be taking in order to thrive in your future environment. These statements often can be written as We will or We must assertions. Examples include: We will expand globally, We must ensure our supply chain operations are not interrupted, or We will innovate by providing our customers new digital offerings. Once you have the strategic objectives, identify the cybersecurity risks that could impede them (see Exhibit 2). Step 2: Apply a Risk-based rioritization It is unlikely that you will have the resources or time to focus on all parts of your business. You will need to prioritize. Leading companies often use threat and risk workshops to help identify and prioritize cyber risks, while gaining key points of consensus along the way. During these workshops, you will need to explore your risk tolerance as it relates to the various parts of your business. You may consider discussing potential strategic surprise threats that could deliver large-scale Security Event Response eople rocess T Technology eople Baseline Maturity negative impact to the business. By conducting this exercise, you should gain a clear prioritization of the cyber risks that you need to address first. Step 3: Assess Your Maturity Once you identify your risk priorities, you can then begin to understand what control families would T likely mitigate that risk. As mentioned above, your maturity model should address both functional and enabling control families. Addressing a risk will often involve multiple control families, and the integration of these families is critical to a robust and cohesive cybersecurity program. Exhibit 3 lists a high-level 4 5

5 summary of which security control families could likely address a given risk. Now that you have an idea of (1) your biggest risks and (2) which cybersecurity control families most closely map to them, it is time to assess maturity. erhaps you would like to understand organizational preparedness for poor situational awareness (risk #3). In this scenario, three primary control families are most applicable to helping mitigate this risk, and we would need to assess maturity for them all. To illustrate, we ll assess maturity in the situational awareness control family (see Exhibit 4). To assess the maturity of the situational awareness control family, you need to break it down into discrete, manageable elements that you can assess, called control objectives. These control objectives are areas and actions you need to perform well in order to increase your capability for that control family. In this case, the elements that make up situational awareness are Security Event Collection, Analysis, and Response. Enhance your capabilities with these, and you will strengthen your situational awareness. Before you can assess where you need to be, you should first understand where you are today. Consider how effective your processes and technology are performing for each control objective. You also need to look at how well your people are performing within the entire control family. Note that since the same people cut across control objectives, they are usually assessed separately. You should have well-defined indicators of each level of maturity ( Lead through latinum levels). These are concrete actions and characteristics that help you gauge your current baseline maturity. If you are using a company with a maturity model, be sure that they have developed clear and well-vetted levels that map to industry best practices. Otherwise, you will be measuring your maturity by gut instinct alone. Across the three objectives within this control family, maturity varies widely across the dimensions of people, process, and technology. The organization s process and technology maturity to collect and analyze event data is very low, meaning it would be very difficult to track internal employee access to sensitive R&D information. On the other hand, the people who conduct situational awareness activities have requisite skills and abilities. To manage this risk, however, the organization will need to invest in maturing the processes and technologies for event collection and analysis. Step 4: Make a lan After understanding your program s baseline maturity, you will need to establish your target states. Make sure these targets are relevant to your organization, industry, and strategic objectives. Don t assume that every control family needs to be at the highest maturity level that will be a very expensive and unnecessary mistake. You will need to define the target states that make the most sense for the amount of risk that your business leaders will tolerate. Once you have target states set and your gaps identified, you can begin to think of the gap-closing options to meet those target states. atterns and priorities should begin to emerge. Keep in mind that the maturity ratings are much less important than the reasons behind them. This process should surface the specific challenges you need to address, regardless of the specific rating. From the gaps and priorities of your maturity assessment, you can build your plan. Identify the most critical needs, as well as what you can accomplish in the short and long term. Create a roadmap that shapes these needs into concrete initiatives. Each initiative should have a defined beginning, end, owners, timelines, resource requirements, and key dependencies. You should align your investment strategy behind these initiatives and map them back to the strategic initiatives that you identified at the beginning of this process. As you implement them, be sure to track your progress and report back to your executive leadership. You should be able to describe your efforts in the business context that your senior leaders will understand. Example in Action: Top Financial Institution Integrates Corporate and Cybersecurity Strategies to Maximize rotection against Cyber Threats Challenge: Recognizing the key role of cybersecurity in their operations and objectives, the board of directors of a global Fortune 100 financial institution mandated a comprehensive review of the security program and an investment strategy that would enable the company s strategic objectives. Although they were in compliance with federal regulations, they knew that there was a difference between being compliant, and having strong cybersecurity. The organization needed a partner with an effective maturity model that was robust, comprehensive, and developed from industry best practices. They did not have the time, experience, or budget to develop one themselves, and they also felt the need for an objective perspective, so they came to Booz Allen Hamilton. Solution: Booz Allen worked with stakeholders to identify key threats facing the organization in the next 5 years, assess the maturity of its cyber program (focusing on 24 functional and enabling control families), and analyze organizational readiness to develop its program. The organization also collaborated with Booz Allen to compare the key findings, Conclusion As businesses adapt to running at the speed of cyber, they rush to apply standards and frameworks to help them make sense of it all. But there is no standard for security. There are no boxes you can check, and no matter how compliant you are, it does not mean you are any more secure. The solution is more difficult than that. It takes a deeper understanding of where your company wants to go and how your security program will help your company get there. It takes an honest assessment of your current gaps, and recommendations from the maturity and organizational assessments to its draft investment plan. The client organization was able to use Booz Allen s proprietary maturity model to install a simplified, rational, and easy-to-communicate framework to engage stakeholders and enhance bank security. Through a series of threat workshops, the client was able to use this framework to identify and prioritize current and future threats, including emerging and "surprise" threats that it might encounter over the next 5 years. For the maturity assessment, the client organization utilized Booz Allen s CyberM 3 Reference Model, which helped identify key gap areas. Through collaboration with Booz Allen, the security organization was able to identify sensible recommendations for improving the security program. Together, the teams reviewed the client s existing investment strategy, and provided key recommendations that helped stakeholders successfully shape the organization s roadmap and program for the next 5 years. Result: By engaging Booz Allen experts and its maturity-based reference model, the board of directors was able to successfully merge the organization s security and corporate strategies to maximize protection against the increasing cybersecurity threat. maturity and a vision of where it needs to be. It takes smart decisions about where you invest your limited resources. Your Board of Directors and your CEO are looking to you for you for answers. That s because they know that cybersecurity is critical to their success. They know that cybersecurity is now a business enabler. 6 7

6 About the Authors Matthew Doan is a Senior Associate in Booz Allen's commercial cyber practice. In his role, he works with leaders across multiple industries in aligning cyber security programs to manage risk and meet the needs of the business. Mr. Doan specializes in programmatic assessment, enterprise risk management, strategysetting, and organizational design. Ian Bramson is a Lead Associate at Booz Allen, focusing on addressing challenges for commercial clients. Mr. Bramson blends business, technology, and strategy to develop enterprise cyber security solutions across multiple industries and the public sector. He specializes in strategic planning, organizational design, cyber diagnostics, governance, and change management. Laura Eise is a cybersecurity consultant in Booz Allen s commercial cyber practice. She works across multiple industries to assess and mature cybersecurity programs, and develop reference models for solving cyber challenges. Ms. Eise specializes in risk management, strategy development, training, and awareness. About Booz Allen Booz Allen Hamilton has been at the forefront of strategy and technology consulting for nearly a century. The firm provides business and technology solutions to major corporations in the financial services, heath, and energy markets, leveraging capabilities and expertise developed over decades of helping US government clients in the defense, intelligence, and civil markets solve their toughest problems. Booz Allen is headquartered in McLean, Virginia, employs approximately 23,000 people, and had revenue of $5.76 billion for the 12 months ended March 31, In 2014, Booz Allen celebrates its 100th anniversary year. To learn more, visit www. boozallen.com. (NYSE: BAH) Contact Information: Matthew Doan Senior Associate Ian Bramson Lead Associate Laura Eise Lead Associate To learn more about the firm and to download digital versions of this article and other Booz Allen Hamilton publications, visit 8 9

7 rincipal Offices Huntsville, Alabama Sierra Vista, Arizona Los Angeles, California San Diego, California San Francisco, California Colorado Springs, Colorado Denver, Colorado District of Columbia Orlando, Florida ensacola, Florida Sarasota, Florida Tampa, Florida Atlanta, Georgia Honolulu, Hawaii O Fallon, Illinois Indianapolis, Indiana Leavenworth, Kansas Aberdeen, Maryland Annapolis Junction, Maryland Hanover, Maryland Lexington ark, Maryland Linthicum, Maryland Rockville, Maryland Troy, Michigan Kansas City, Missouri Omaha, Nebraska Red Bank, New Jersey New York, New York Rome, New York Dayton, Ohio hiladelphia, ennsylvania Charleston, South Carolina Houston, Texas San Antonio, Texas Abu Dhabi, United Arab Emirates Alexandria, Virginia Arlington, Virginia Chantilly, Virginia Charlottesville, Virginia Falls Church, Virginia Herndon, Virginia McLean, Virginia Norfolk, Virginia Stafford, Virginia Seattle, Washington The most complete, recent list of offices and their addresses and telephone numbers can be found on Booz Allen Hamilton Inc

CYBER SOLUTIONS HANDBOOK

CYBER SOLUTIONS HANDBOOK Commercial Solutions CYBER SOLUTIONS HANDBOOK Making Sense of Standards and Framework Booz Allen Hamilton Commercial Solutions, combines industry knowledge and relevant experience with the right people

More information

Utilizing and Visualizing Geolocation Data for Powerful Analysis

Utilizing and Visualizing Geolocation Data for Powerful Analysis Utilizing and Visualizing Geolocation Data for Powerful Analysis by Walton Smith smith_walton@bah.com Timothy Ferro ferro_timothy@bah.com Table of Contents Introduction... 1 Delivering Geolocation Data

More information

Supply Chain Data Standards in Healthcare

Supply Chain Data Standards in Healthcare Supply Chain Data Standards in Healthcare by Michael Zirkle zirkle_michael@bah.com Ryan Gallagher gallagher_ryan_b@bah.com Seth Rogier rogier_seth@bah.com Table of Contents Making Healthcare Safer and

More information

The Social Financial Advisor: A Path Forward

The Social Financial Advisor: A Path Forward The Social Financial Advisor: A Path Forward Take the Right Route to Using Social Media by Chris Estes estes_chris@bah.com Todd Inskeep inskeep_todd@bah.com Getting Social Is It Time for Advisors to Face

More information

Analytical Program Management

Analytical Program Management Analytical Program Management Integrating Cost, Schedule, and Risk MISSION Analytical Program Management Integrating Cost, Schedule, and Risk Analytical Program Management 1 One of the greatest challenges

More information

by Christopher P. Bell bell_christopher_p@bah.com Elizabeth Conjar conjar_elizabeth@bah.com

by Christopher P. Bell bell_christopher_p@bah.com Elizabeth Conjar conjar_elizabeth@bah.com Organizational Network Analysis Improving Intelligence and Information Sharing Capability among Homeland Security and Emergency Management Stakeholders by Christopher P. Bell bell_christopher_p@bah.com

More information

Meeting the Challenges of the Modern CIO

Meeting the Challenges of the Modern CIO Meeting the Challenges of the Modern CIO by Darrin London, PMP london_darrin@bah.com Daniel E. Williams, PMP williams_daniel_2@bah.com Table of Contents Introduction...1 Challenges Faced by the Modern

More information

Ascent to the Cloud. Four Focus Areas for a Successful Enterprise Migration. by Michael Farber farber_michael@bah.com

Ascent to the Cloud. Four Focus Areas for a Successful Enterprise Migration. by Michael Farber farber_michael@bah.com Ascent to the Cloud Four Focus Areas for a Successful Enterprise Migration by Michael Farber farber_michael@bah.com Kevin Winter winter_kevin@bah.com Munjeet Singh singh_munjeet@bah.com Ascent to the

More information

Realizing the Promise of Health Information Exchange

Realizing the Promise of Health Information Exchange Realizing the Promise of Health Information Exchange by Timathie Leslie Leslie_Timathie@bah.com Realizing the Promise of Health Information Exchange Health information exchange (HIE) the electronic movement

More information

Engaging Mobility in the Oil and Gas Sector

Engaging Mobility in the Oil and Gas Sector Engaging Mobility in the Oil and Gas Sector Engaging Mobility in the Oil and Gas Sector To open a dialogue about the impact of rapid mobile adoption in the energy industry, Booz Allen Hamilton, Bitzer

More information

Managing Risk in Global ICT Supply Chains

Managing Risk in Global ICT Supply Chains Managing Risk in Global ICT Supply Chains Best Practices and Standards for Acquiring ICT Ready for what s next. Managing Risk in Global ICT Supply Chains Emerging best practices and standards can significantly

More information

The Cybersecurity Executive Order

The Cybersecurity Executive Order The Cybersecurity Executive Order Exploiting Emerging Cyber Technologies and Practices for Collaborative Success by Mike McConnell mcconnell_mike@bah.com Sedar Labarre labarre_sedar@bah.com David Sulek

More information

Realizing the Promise of Health Information Exchange

Realizing the Promise of Health Information Exchange Realizing the Promise of Health Information Exchange Realizing the Promise of Health Information Exchange Health information exchange (HIE) the electronic movement of health-related information among organizations

More information

Security Authorization

Security Authorization Security Authorization An Approach for Community Cloud Computing Environments by Perry Bryden bryden_perry@bah.com Daniel C. Kirkpatrick kirkpatrick_daniel@bah.com Farideh Moghadami moghadami_farideh@bah.com

More information

Integrating IT Service Management Practices into the Defense Acquisition Lifecycle

Integrating IT Service Management Practices into the Defense Acquisition Lifecycle Integrating IT Service Management Practices into the Defense Acquisition Lifecycle by Francis Arambulo arambulo_francis@bah.com Michael Thompson thompson_michael_p@bah.com Table of Contents Introduction...1

More information

Effectiveness and Efficiency

Effectiveness and Efficiency Effectiveness and Efficiency Lessons for Building and Managing a Culture of Performance by Dave Mader mader_dave@bah.com Jay Dodd dodd_ joseph@bah.com Tom Miller miller_tom@bah.com Douglas Schlemmer schlemmer_douglas@bah.com

More information

Developing a Business Case for Cloud

Developing a Business Case for Cloud Developing a Business Case for Cloud Analyzing Return on Investment for Cloud Alternatives May Yield Surprising Results by Paul Ingholt ingholt_paul@bah.com Cynthia O Brien o brien_cynthia@bah.com John

More information

Turning Big Data into Opportunity

Turning Big Data into Opportunity Turning Big Data into Opportunity The Data Lake by Mark Herman herman_mark@bah.com Michael Delurey delurey_mike@bah.com Table of Contents Introduction... 1 A New Mindset... 1 Ingesting Data into the Data

More information

Overcoming Deployment Challenges for Financial Crimes Platforms

Overcoming Deployment Challenges for Financial Crimes Platforms Overcoming Deployment Challenges for Financial Crimes Platforms by Brian Stoeckert stoeckert_brian@bah.com James Flowe flowe_james@bah.com Contents Introduction...1 Fragmented Approach to Fraud Prevention...1

More information

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9

More information

Information Security Governance

Information Security Governance Information Governance Government Considerations for the Cloud Computing Environment by Jamie Miller miller_jamie@bah.com Larry Candler candler_larry@bah.com Hannah Wald wald_hannah@bah.com Table of Contents

More information

Strategic Information Management Through Data Classification Reducing Corporate Risk and Cost by Gaining Control of Business Information Assets

Strategic Information Management Through Data Classification Reducing Corporate Risk and Cost by Gaining Control of Business Information Assets Strategic Information Management Through Data Classification Reducing Corporate Risk and Cost by Gaining Control of Business Information Assets by Glen Day day_glen@bah.com Strategic Information Management

More information

Overcoming Deployment Challenges for Financial Crimes Platforms

Overcoming Deployment Challenges for Financial Crimes Platforms Overcoming Deployment Challenges for Financial Crimes Platforms Convergent Risk Management for Financial Institutions Ready for what s next. Contents Introduction 1 Fragmented Approach to Fraud Prevention

More information

Miles to Go Before They're Green

Miles to Go Before They're Green Miles to Go Before They're Green Reducing Surface Transportation Greenhouse Gas Emissions Through a Regional Performance-Based Framework by Gary Rahl Rahl_Gary@bah.com David Erne Erne_David@bah.com Victoria

More information

Developing the Acquisition Workforce of Tomorrow. Data-Driven Talent Management

Developing the Acquisition Workforce of Tomorrow. Data-Driven Talent Management Developing the Acquisition Workforce of Tomorrow Data-Driven Talent Management The Changing Federal Acquisition Environment A Demand for Effectiveness and Efficiency in an Increasingly Complex World Federal

More information

Harness the Power ooz Allen Cyber. Booz Allen Cyber Solutions Network

Harness the Power ooz Allen Cyber. Booz Allen Cyber Solutions Network Harness the Power ooz Allen Cyber Booz Allen Cyber Solutions Network Introduction The Client Challenge Backed by the power of the Internet, organizations are more intelligent, more efficient, and more

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

by Keith Catanzano catanzano_keith@bah.com

by Keith Catanzano catanzano_keith@bah.com Enhanced Training for a 21st-Century Military A convergence of new technologies and advanced learning techniques will help the military meet its growing training requirements, despite budget constraints

More information

Enabling Cloud Analytics with Data-Level Security

Enabling Cloud Analytics with Data-Level Security Enabling Cloud Analytics with Data-Level Security Tapping the Full Value of Big Data and the Cloud by Jason Escaravage escaravage_jason@bah.com Peter Guerra guerra_peter@bah.com Table of Contents Introduction...

More information

NIST Cybersecurity Framework Overview

NIST Cybersecurity Framework Overview NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order

More information

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity

Cybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

Marshaling Data for Enterprise Insights A 10-Year Vision for the US Department of Homeland Security

Marshaling Data for Enterprise Insights A 10-Year Vision for the US Department of Homeland Security Marshaling Data for Enterprise Insights A 10-Year Vision for the US Department of Homeland Security Marshaling Data for Enterprise Insights A 10-Year Vision for the US Department of Homeland Security As

More information

Integrated Risk Management. Balancing Risk and Budget

Integrated Risk Management. Balancing Risk and Budget Integrated Risk Management The Current Risk Landscape Organizations which depend upon information systems are challenged by serious threats that can exploit both known and unknown vulnerabilities in systems.

More information

Cybersecurity: Mission integration to protect your assets

Cybersecurity: Mission integration to protect your assets Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions

More information

Confronting Complexity in Managing a Cyber Crisis Lessons Learned for Responding at Network Speed

Confronting Complexity in Managing a Cyber Crisis Lessons Learned for Responding at Network Speed Confronting Complexity in Managing a Cyber Crisis Lessons Learned for Responding at Network Speed by Admiral Mike McConnell, USN, Retired Senior Executive Advisor, Former Vice Chairman Former Director

More information

Why you should adopt the NIST Cybersecurity Framework

Why you should adopt the NIST Cybersecurity Framework www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential

More information

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda

More information

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst TRACESECURITY WHITE PAPER GRC Simplified... Finally. A Guide to Successfully Implementing the NIST Cybersecurity Framework Jerry Beasley CISM and TraceSecurity Information Security Analyst TRACESECURITY

More information

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations

More information

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity

RE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure

More information

From Stovepipes to Secure Exchanges

From Stovepipes to Secure Exchanges From Stovepipes to Secure Exchanges An Integrated Approach to Protecting Shared Federal Data by Greg Brill brill_gregory@bah.com Khurram Chaudry chaudry_khurram@bah.com From Stovepipes to Secure Exchanges

More information

Job Market Intelligence:

Job Market Intelligence: March 2014 Job Market Intelligence: Report on the Growth of Cybersecurity Jobs Matching People & Jobs Reemployment & Education Pathways Resume Parsing & Management Real-Time Jobs Intelligence Average #

More information

Cybersecurity Framework: Current Status and Next Steps

Cybersecurity Framework: Current Status and Next Steps Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards

More information

Pulling Up Your SOX. Companies Can Gain from Compliance with U.S. Governance Act. Lisa Fabish fabish_lisa@bah.com. Stuart Groves groves_stuart@bah.

Pulling Up Your SOX. Companies Can Gain from Compliance with U.S. Governance Act. Lisa Fabish fabish_lisa@bah.com. Stuart Groves groves_stuart@bah. by Lisa Fabish fabish_lisa@bah.com Stuart Groves groves_stuart@bah.com Robert Oushoorn oushoorn_robert@bah.com Otto Waterlander waterlander_otto@bah.com Pulling Up Your SOX Companies Can Gain from Compliance

More information

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security

More information

Cyber Training. Developing the Next Generation of Cyber Analysts. Ready for what s next.

Cyber Training. Developing the Next Generation of Cyber Analysts. Ready for what s next. Cyber Training Developing the Next Generation of Cyber Analysts Ready for what s next. Table of Contents The Crisis Moment...1 The Cyber Skills Gap...1 Developing a World-Class Cyber Workforce...2 Emulating

More information

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order 13636 Improving Critical Infrastructure Cybersecurity

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order 13636 Improving Critical Infrastructure Cybersecurity Critical Infrastructure Cybersecurity Framework Overview and Status Executive Order 13636 Improving Critical Infrastructure Cybersecurity Executive Order: Improving Critical Infrastructure Cybersecurity

More information

IT Insights. Managing Third Party Technology Risk

IT Insights. Managing Third Party Technology Risk IT Insights Managing Third Party Technology Risk According to a recent study by the Institute of Internal Auditors, more than 65 percent of organizations rely heavily on third parties, yet most allocate

More information

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial

More information

Data Lake-based Approaches to Regulatory- Driven Technology Challenges

Data Lake-based Approaches to Regulatory- Driven Technology Challenges Data Lake-based Approaches to Regulatory- Driven Technology Challenges How a Data Lake Approach Improves Accuracy and Cost Effectiveness in the Extract, Transform, and Load Process for Business and Regulatory

More information

Mobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program

Mobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program Mobile Application Security Helping Organizations Develop a Secure and Effective Mobile Application Security Program by James Fox fox_james@bah.com Shahzad Zafar zafar_shahzad@bah.com Mobile applications

More information

PROTIVITI FLASH REPORT

PROTIVITI FLASH REPORT PROTIVITI FLASH REPORT Cybersecurity Framework: Where Do We Go From Here? February 25, 2014 Just over a year ago, President Barack Obama signed an Executive Order (EO) calling for increased cybersecurity

More information

The NIST Cybersecurity Framework

The NIST Cybersecurity Framework View the online version at http://us.practicallaw.com/5-599-6825 The NIST Cybersecurity Framework RICHARD RAYSMAN, HOLLAND & KNIGHT LLP AND JOHN ROGERS, BOOZ ALLEN HAMILTON A Practice Note discussing the

More information

BIG SHIFTS WHAT S NEXT IN AML

BIG SHIFTS WHAT S NEXT IN AML Commercial Solutions Financial Crimes Commercial Solutions BIG SHIFTS WHAT S NEXT IN AML The next big shift in the fight against financial crime and money laundering is advanced machine learning and sophisticated

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2014 ISACA Pittsburgh Information Security Awareness Day Victoria Yan

More information

America s New Cybersecurity Framework: Help or New Source of Exposure?

America s New Cybersecurity Framework: Help or New Source of Exposure? America s New Cybersecurity Framework: Help or New Source of Exposure? BY BEHNAM DAYANIM, RYAN NIER & ELIZABETH DORSI March 2014 Data theft is on the rise, and the federal government is concerned. In 2013

More information

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for

More information

NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo

NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo 2014 Morrison & Foerster LLP All Rights Reserved mofo.com NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin,

More information

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event

More information

Harnessing Big Data to Solve Complex Problems: The Cloud Analytics Reference Architecture

Harnessing Big Data to Solve Complex Problems: The Cloud Analytics Reference Architecture Harnessing Big Data to Solve Complex Problems: The Cloud Analytics Reference Architecture Table of Contents Introduction... 1 Cloud Analytics Reference Architecture... 1 Using All the Data... 3 Better

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Collaboration and communication between technical

More information

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.

More information

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

April 8, 2013. Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Salt River Project P.O. Box 52025 Mail Stop: CUN204 Phoenix, AZ 85072 2025 Phone: (602) 236 6011 Fax: (602) 629 7988 James.Costello@srpnet.com James J. Costello Director, Enterprise IT Security April 8,

More information

Management Spans and Layers. Streamlining the Out-of-Shape Organization

Management Spans and Layers. Streamlining the Out-of-Shape Organization Management Spans and Layers Streamlining the Out-of-Shape Organization Originally published as: Management Spans and Layers: Streamlining the Out-of-Shape Organization, by Ian Buchanan, Jong Hyun Chang,

More information

Information About Filing a Case in the United States Tax Court. Attached are the forms to use in filing your case in the United States Tax Court.

Information About Filing a Case in the United States Tax Court. Attached are the forms to use in filing your case in the United States Tax Court. Information About Filing a Case in the United States Tax Court Attached are the forms to use in filing your case in the United States Tax Court. It is very important that you take time to carefully read

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

SEC Cybersecurity Findings May Establish De Facto Standard

SEC Cybersecurity Findings May Establish De Facto Standard Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com SEC Cybersecurity Findings May Establish De Facto

More information

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION

UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Technical Conference on Critical Infrastructure Protection Issues Identified in Order No. 791 Prepared Statement of Melanie Seader, Senior

More information

IRS DECLARES NOV. 14 AS SPECIAL TAXPAYER PROBLEM SOLVING DAY. WASHINGTON -- The Internal Revenue Service will reach out to help taxpayers

IRS DECLARES NOV. 14 AS SPECIAL TAXPAYER PROBLEM SOLVING DAY. WASHINGTON -- The Internal Revenue Service will reach out to help taxpayers IRS DECLARES NOV. 14 AS SPECIAL TAXPAYER PROBLEM SOLVING DAY WASHINGTON -- The Internal Revenue Service will reach out to help taxpayers across the country Nov. 14 in a special Saturday trouble-shooting

More information

Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity Framework for Improving Critical Infrastructure Cybersecurity Implementation of Executive Order 13636 NARUC Winter Committee Meeting Committee & Staff Committee on Critical Infrastructure February 15,

More information

Cyber Security and the Board of Directors

Cyber Security and the Board of Directors Helping clients build operational capability in cyber security. A DELTA RISK VIEWPOINT Cyber Security and the Board of Directors An essential responsibility in financial services About Delta Risk is a

More information

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014 Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework September 23, 2014 Executive Order: Improving Critical Infrastructure Cybersecurity It is the policy of the United States to

More information

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC. Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies

More information

Booz Allen Hamilton Systems Delivery Group

Booz Allen Hamilton Systems Delivery Group Booz Allen Hamilton Systems Delivery Group Booz Allen Hamilton Systems Delivery Group Systems Delivery at Booz Allen In today s environment, large software projects routinely run significantly over budget

More information

Think Outside Your ERP Mission-Focused Inventory Strategies

Think Outside Your ERP Mission-Focused Inventory Strategies Think Outside Your ERP Mission-Focused Inventory Strategies by Ray Haeme haeme_ray@bah.com Margo Cohen cohen_margo@bah.com Eric Michlowitz michlowitz_eric@bah.com Think Outside Your ERP Mission-Focused

More information

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899

Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Submitted via email: cyberframework@nist.gov April 8, 2013 Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Developing a Framework

More information

The Federal Government s Key Role in Healthcare Innovation

The Federal Government s Key Role in Healthcare Innovation The Federal Government s Key Role in Healthcare Innovation by Lucy Stribley Stribley_lucy@bah.com Lisa Egbuonu-Davis, MD Egbuonu-davis_lisa@bah.com Patrick Fritz Fritz_patrick@bah.com The Federal Government

More information

CyberM 3 Business Enablement: Cybersecurity That Empowers Your Business with Comprehensive Information Security

CyberM 3 Business Enablement: Cybersecurity That Empowers Your Business with Comprehensive Information Security CyberM 3 Business Enablement: Cybersecurity That Empowers Your Business with Comprehensive Information Security The Challenge Is Constant: Complex Operations Are Ripe for Cyber Attack Sophisticated, complex

More information

The Obama Administration and Community Health Centers

The Obama Administration and Community Health Centers The Obama Administration and Community Health Centers Community health centers are a critical source of health care for millions of Americans particularly those in underserved communities. Thanks primarily

More information

Cybersecurity: A View from the Boardroom

Cybersecurity: A View from the Boardroom An Executive Brief from Cisco Cybersecurity: A View from the Boardroom In the modern economy, every company runs on IT. That makes security the business of every person in the organization, from the chief

More information

Rapid Prototyping. The Agile Creation of Solutions for Modern Defense & Intelligence. by Lee Wilbur wilbur_lee@bah.com

Rapid Prototyping. The Agile Creation of Solutions for Modern Defense & Intelligence. by Lee Wilbur wilbur_lee@bah.com Rapid Prototyping The Agile Creation of Solutions for Modern Defense & Intelligence by Lee Wilbur wilbur_lee@bah.com Allan Steinhardt steinhardt_allan@bah.com Rapid Prototyping The Agile Creation of Solutions

More information

Manned Information Security

Manned Information Security Manned Information Security Adversary Pursuit and Active Network Defense root9b Technologies (RTNB) Presented By: John Harbaugh, COO CONFIDENTIALITY NOTICE This briefing, including any attachments, is

More information

Intel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security

Intel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security Intel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security David Brezinski, Professional Services, Enterprise Security Architect Agenda Overview

More information

Dodging Breaches from Dodgy Vendors: Tackling Vendor Risk Management in Healthcare

Dodging Breaches from Dodgy Vendors: Tackling Vendor Risk Management in Healthcare Dodging Breaches from Dodgy Vendors: Tackling Vendor Risk Management in Healthcare Strengthening Cybersecurity Defenders #ISC2Congress Healthcare and Security "Information Security is simply a personal

More information

CORE Security and GLBA

CORE Security and GLBA CORE Security and GLBA Addressing the Graham-Leach-Bliley Act with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com

More information

Low-Profit Limited Liability Company (L3C) Date: July 29, 2013. [Low-Profit Limited Liability Company (L3C)] [July 29, 2013]

Low-Profit Limited Liability Company (L3C) Date: July 29, 2013. [Low-Profit Limited Liability Company (L3C)] [July 29, 2013] Topic: Question by: : Low-Profit Limited Liability Company (L3C) Kevin Rayburn, Esq., MBA Tennessee Date: July 29, 2013 Manitoba Corporations Canada Alabama Alaska Arizona Arkansas California Colorado

More information

A Framework to Gauge Cyber Defenses

A Framework to Gauge Cyber Defenses White Paper A Framework to Gauge Cyber Defenses NIST s Cybersecurity Framework Helps Critical Infrastructure Owners to Cost-Effectively Defend National & Economic Security of the U.S. Executive Summary

More information

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information

More information

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of

More information

VENDOR MANAGEMENT. General Overview

VENDOR MANAGEMENT. General Overview VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor

More information

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc. JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President

More information

Booz Allen Cloud Solutions. Our Capability-Based Approach

Booz Allen Cloud Solutions. Our Capability-Based Approach Booz Allen Cloud Solutions Our Capability-Based Approach Booz Allen Cloud Solutions Our Capability-Based Approach Booz Allen Cloud Solutions Our Capability-Based Approach In today s budget-conscious environment,

More information

Predict. Prevent. Protect. Transform.

Predict. Prevent. Protect. Transform. Optum solution uses global positioning system technology for Optum (CES) is an open-architecture claims editing tool that Program Integrity Solutions Optum provides 30 years worth of government expertise

More information

NON-RESIDENT INDEPENDENT, PUBLIC, AND COMPANY ADJUSTER LICENSING CHECKLIST

NON-RESIDENT INDEPENDENT, PUBLIC, AND COMPANY ADJUSTER LICENSING CHECKLIST NON-RESIDENT INDEPENDENT, PUBLIC, AND COMPANY ADJUSTER LICENSING CHECKLIST ** Utilize this list to determine whether or not a non-resident applicant may waive the Oklahoma examination or become licensed

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

The Economics of Cloud Computing

The Economics of Cloud Computing The Economics of Cloud Computing Addressing the Benefits of Infrastructure in the Cloud by Ted Alford alford_theodore@bah.com Gwen Morton morton_gwen@bah.com The Economics of Cloud Computing Addressing

More information

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance

More information

Public School Teacher Experience Distribution. Public School Teacher Experience Distribution

Public School Teacher Experience Distribution. Public School Teacher Experience Distribution Public School Teacher Experience Distribution Lower Quartile Median Upper Quartile Mode Alabama Percent of Teachers FY Public School Teacher Experience Distribution Lower Quartile Median Upper Quartile

More information

Massive Data Analytics and the Cloud A Revolution in Intelligence Analysis

Massive Data Analytics and the Cloud A Revolution in Intelligence Analysis Massive Data Analytics and the Cloud A Revolution in Intelligence Analysis by Michael Farber farber_michael@bah.com Mike Cameron cameron_mike@bah.com Christopher Ellis ellis_christopher@bah.com Josh Sullivan,

More information