CDW-G Federal Cybersecurity Report: Danger on the Front Lines. November CDW Government, Inc.

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "CDW-G Federal Cybersecurity Report: Danger on the Front Lines. November 2009. 2009 CDW Government, Inc."

Transcription

1 CDW-G Federal Cybersecurity Report: Danger on the Front Lines November CDW Government, Inc. 1

2 Table of Contents Introduction 3 Key Findings 4 The Threats 5 Frequent Threats 6 Persistence and Severity 7 Daily Challenges 8 External Threats 10 Internal Threats 11 Challenges and Opportunities to Address the Threats 13 Cybersecurity Training 14 Training Gap 15 Cybersecurity Tools 16 Tools Gap 17 Budget Challenges 19 Recommendations 20 Advice from the Trenches 21 Address Top Priorities 23 Leverage Cybersecurity Success 24 Recommendations Summary 25 Methodology and Demographics 26 2

3 Introduction The Obama administration s Cyberspace Policy Review brought cybersecurity to the forefront of the presidential priority list. While policy makers determine what national policies, agencies and people are a best fit for tackling the problem, the fight for tighter IT security continues at the operational levels of government. To better understand cybersecurity threats and help identify the path to security, CDW-G conducted an online survey of 150 Federal civilian and 150 Department of Defense IT professionals on the front lines, who confront cybersecurity incidents day in and day out. If the network is compromised, everything and everyone attached to it is at some level of risk. IT manager, defense agency The 2009 CDW-G Federal Cybersecurity Report identifies cybersecurity threats agencies face each day, reveals measures Federal IT professionals are taking to combat them and finds opportunities for improvement. 3

4 Key Findings More than half of all Federal agencies experience a cybersecurity incident at least weekly Across Federal agencies, the number and severity of cybersecurity incidents has stayed the same or increased in the last year. As a result, agency cybersecurity requirements are growing Agencies biggest cybersecurity threats come from outside sources; employee non-compliance with security procedures leaves agencies vulnerable to external threats Federal IT professionals on the front lines say malware and access control issues are the top challenges they face each day; these problems are increasing more than others The best offense is a good defense: The No. 1 item defense and civilian agencies say they need to improve cybersecurity: More end-user education Federal agencies participating in the Trusted Internet Connections program say the program helped improve their cybersecurity 4

5 The Threats 5

6 Frequent Threats Cybersecurity threats frequently challenge the Federal IT infrastructure 54% of IT professionals on the front lines report they experience a cybersecurity incident* at least weekly How often does your agency/network experience a cybersecurity incident? 5% Yearly 17% Unsure 31% Daily 6% Quarterly 4% Bimonthly 13% Monthly 23% Weekly *Incidents include external attack, virus, lost PDA, inappropriate employee activity, etc. 6

7 Persistence and Severity Few agencies report a reduction in the number or severity of threats over the past year How has the number of cybersecurity incidents* at your agency changed in the last year? How has the severity of cybersecurity incidents* at your agency changed in the last year? 40% 36% 36% 60% 54% 35% 50% 30% 25% 40% 20% 30% 27% 15% 10% 5% 7% 3% 10% 8% 20% 10% 6% 2% 7% 4% 0% Unsure Decreased significantly Decreased slightly Stayed the same Increased slightly Increased significantly 0% Unsure Much less severe Less severe About the same More severe Much more severe *Incidents include external attack, virus, lost PDA, inappropriate employee activity, etc. 7

8 Daily Challenges Malware, inappropriate employee activity and remote user access are the top challenges Federal IT professionals face each day What are the top three cybersecurity issues you deal with every day? #1 Malware (viruses, worms, spyware, adware, Trojan horses, etc.) 33% #2 Inappropriate employee activity/network use 25% #3 Remote user access* 25% Data encryption 23% End-user education 22% Forgotten/lost passwords 22% Network intrusion 21% Patch management 20% Firewall issues 19% Mandate compliance 19% Unauthorized devices on the network 19% Removable media 17% Reviewing logs for inappropriate activity 14% *Managing access for approved remote users 8

9 Daily Challenges Remote/mobile computing and malware challenges are increasing more than others How have your cybersecurity challenges changed vs. one year ago?* Remote/mobile computing 60% Malware virus/worms/spyware 49% Malware bots/key loggers/data miners 40% Security breach/human (hacker) network intrusion 35% Inappropriate employee activity 33% Denial of service attacks 25% Data loss 23% Lost hardware 17% *Percent of respondents who said these cybersecurity challenges increased or significantly increased. 9

10 External Threats Federal IT professionals say their agency/network s biggest threat comes from external sources #1 External sources 47% #2 Agency employees 23% #3 Contractors 10% What is your most significant external threat? Defense agencies: State-sponsored cybersecurity-warfare programs Civilian agencies: Independent international hackers and software problems (tie) 10

11 Internal Threats Inappropriate Web surfing, lax user authentication and carelessness with devices are ways that internal users open the gate to cybersecurity threats Which of the following internal threats has your organization experienced in the last 12 months?* 66% Inappropriate Web surfing/downloads 50% Lost devices (laptops, PDAs, phones) 40% Lost/stolen/shared passwords 39% Unauthorized transfer of sensitive information 17% Lack of robust user authentication 10% Employee hackers Across both defense and civilian agencies, inappropriate Web surfing/downloads is the biggest internal threat, followed by lost devices *Respondents were asked to select all that apply 11

12 Internal Threats Too many end-users are still making basic, avoidable security mistakes» 44% of Federal IT professionals have seen an employee post a password in a public place (for example, on a sticky note in their office) in the last 12 months What other things have you seen employees do that inadvertently threaten cybersecurity? Open SPAM with malware or viruses Leave computer screen unattended without locking Intentionally circumvent security procedures to more easily accomplish work Insert external hardware to computer Web surfing sites that could pose a threat 12

13 Challenges and Opportunities to Address the Threats 13

14 Cybersecurity Training To address avoidable mistakes and bolster defenses, agencies recognize the need to involve end users in cybersecurity efforts Agencies are investing in end-user training: 82% say they provide ongoing training classes on security policies and procedures 79% say they train new employees on computer security policies and procedures 14

15 Training Gap Despite training commitment, in many cases, agencies are still experiencing unacceptable (and avoidable) internal risks Of those who provide employee training: More than 70% say they still have seen inappropriate Web surfing/downloads in the past 12 months P4$sword More than 40% say they have seen unauthorized transfer of sensitive information Nearly half have seen employees post passwords in public places 15

16 Cybersecurity Tools Agencies are applying tools to address their agency/network s biggest cybersecurity threat, external sources 81% say they have an Internet firewall and 71% say they have intrusion protection/detection The sophistication of network intrusion is alarming at best and can be crippling to any business, let alone government functions. IT manager, civilian agency 16

17 Tools Gap That said, agency requirements are not keeping up with the No. 1 increasing cybersecurity challenge, remote/mobile computing 60% 60% of all Federal IT professionals say threats related to mobile computing have increased/significantly increased vs. one year ago yet 70% of all respondents report their agency does not have data loss prevention 66% of all respondents report their agency does not have wireless encryption 17

18 Tools Gap Many agencies lack tools to combat threats they know to be increasing* Of those who report that malware virus/worms/spyware threats are increasing: 36% do not have anti-spam software 32% do not have Web filtering software 25% do not have anti-spyware software Of those who report their remote/mobile computing threats are increasing: 63% do not use wireless encryption 50% do not use two-factor authentication 31% do not use a VPN 31% do not use encryption Of those who report inappropriate employee activity is increasing: 33% do not use Web filtering software 32% do not use network access control software A network intrusion could cause system failure, which could result in system shutdown, causing damage to the public infrastructure. IT manager, civilian agency *Threats that have increased or significantly increased vs. one year ago 18

19 Budget Challenges While cybersecurity requirements are growing significantly, just 52% of front-line Federal IT professionals report they have adequate budget to meet needs Agency cybersecurity requirements that have increased or significantly increased in the last year:* 75% Network monitoring/intrusion prevention 74% Encryption 70% User authentication 66% End-user education 65% Patch management 65% Network access control We are trying to piecemeal things together despite budget cutbacks and lack of finances to make purchases. IT professional, civilian agency *Percent of respondents who say the requirement has increased or increased significantly vs. one year ago 19

20 Recommendations 20

21 Advice from the Trenches Federal IT professionals seek increased control over their networks More filtering What are you doing to combat your biggest threats? Increasing security at the outer perimeter, establishing DMZ Intrusion detection systems Updating and replacing firewalls Web filtering/white lists Monitor and track sites visited Increase education Tighter control on user privileges 21

22 Advice from the Trenches Federal IT professionals advocate retraining after security breaches What three things do you do when you discover a breach? Report the incident notify boss or IT security supervisor Remove affected computer from network Discuss with employees in question; retrain all employees on security 22

23 Address Top Priorities The best defense is a good offense; agencies seek to first secure internal computing What is the No. 1 thing your agency needs to improve cybersecurity? #1 Response Civilian and Defense agencies More End-User Education Other responses: Defense #2 Better/more widely enforced acceptable use policy #3 Software without security holes tied with More dedicated cybersecurity staff Other responses: Civilian #2 Better cybersecurity tools #3 More dedicated cybersecurity staff People want to think of their computers as belonging to them, when in fact they belong to the DoD. Users must be educated on what is permitted. IT manager, defense agency 23

24 Leverage Cybersecurity Success The Trusted Internet Connections* (TIC) program has helped agencies reduce their number of Internet connections, improving security» The TIC program also requires that Federal agencies establish real-time Internet gateway monitoring and participate in the US-CERT Einstein initiative, which helps agencies react more quickly to cybersecurity incidents Has the Trusted Internet Connections program reduced the number of connections your agency has to the Internet? Of those who have reduced their agency s number of Internet connections: 47% Yes 82% say it has improved their agency s security posture * tions&structure=enterprise%20architecture&category=enterprise%20architecture 24

25 Recommendations Summary Reassess End-User Training: Establish a program and metrics to measure training success. Communicate security policies that include guidelines for acceptable use and policy acknowledgement. Establish consequences for non-compliance with agency cybersecurity policies Address the Mobile Threat: Implement a tiered security architecture on mobile assets such as twofactor authentication, VPN sessions, data-at-rest encryption, remote Web filtering and end-point security software to ensure the mobile device is compliant and within policy Implement Industry-standard Technologies: To reduce malware threats and enforce acceptable use policies, assess your agency enterprise and implement basic cybersecurity tools* across the agency enterprise Participate in the Trusted Internet Connections Program: Participants confirm improved security *E.g., anti-spam/anti-spyware software, Web filtering software, network access control software 25

26 Methodology and Demographics CDW-G hired O Keeffe & Company to execute an online survey in September 2009, collecting 300 responses from Federal IT professionals familiar with their agency s cybersecurity measures and challenges. The sample included: Branch Federal Civilian: 150 (50%) Department of Defense: 150 (50%) Margin of Error +/- 5.7% at 95% confidence Title IT Specialist 28% IT Manager 24% IT Analyst 16% IT Director/Supervisor 9% Other Mid-level IT Professional 8% IT Administrator 8% Network Administrator 5% CISO or Deputy CISO 2% 26

27 Thank you. For all media questions and inquiries, please contact: Kelly Caraher CDW Government, Inc Gail Repsher Emery O Keeffe & Company

CDW-G School Safety Index 2009

CDW-G School Safety Index 2009 CDW-G School Safety Index 2009 May 18, 2009 2009 CDW Government, Inc. 1 CDW-G School Safety Index 2009 Study Focus and Objectives Now in its third year, the CDW-G School Safety Index provides a nationwide,

More information

April 17, 2012 2012 CDW

April 17, 2012 2012 CDW April 17, 2012 2012 CDW INTRODUCTION AND METHODOLOGY One in four organizations has experienced a data loss in the last two years. Many report breaches jeopardizing their email, network or other sensitive

More information

McAfee Total Protection Reduce the Complexity of Managing Security

McAfee Total Protection Reduce the Complexity of Managing Security McAfee Total Protection Reduce the Complexity of Managing Security Computer security has changed dramatically since the first computer virus emerged 25 years ago. It s now far more complex and time-consuming.

More information

Managing the Unpredictable Human Element of Cybersecurity

Managing the Unpredictable Human Element of Cybersecurity CONTINUOUS MONITORING Managing the Unpredictable Human Element of Cybersecurity A WHITE PAPER PRESENTED BY: May 2014 PREPARED BY MARKET CONNECTIONS, INC. 14555 AVION PARKWAY, SUITE 125 CHANTILLY, VA 20151

More information

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0 BCS IT User Syllabus IT for Users Level 2 Version 1.0 June 2009 ITS2.1 System Performance ITS2.1.1 Unwanted messages ITS2.1.2 Malicious ITS2.1.1.1 ITS2.1.1.2 ITS2.1.2.1 ITS2.1.2.2 ITS2.1.2.3 ITS2.1.2.4

More information

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

More information

How are we keeping Hackers away from our UCD networks and computer systems?

How are we keeping Hackers away from our UCD networks and computer systems? How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12

More information

Building a Business Case:

Building a Business Case: Building a Business Case: Cloud-Based Security for Small and Medium-Size Businesses table of contents + Key Business Drivers... 3... 4... 6 A TechTarget White Paper brought to you by Investing in IT security

More information

Security survey in the United States

Security survey in the United States Security survey in the United States This document contains the results of a survey on network security in 455 small and medium sized businesses, conducted in the United States in October/November 2007.

More information

Network Security. Intertech Associates, Inc.

Network Security. Intertech Associates, Inc. Network Security Intertech Associates, Inc. Agenda IT Security - Past to Future Security Vulnerabilities Protecting the Enterprise What do we need in each site? Requirements for a Security Architecture

More information

SECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONS

SECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONS SECURITY FOR ENTERPRISE TELEWORK AND REMOTE ACCESS SOLUTIONS Karen Scarfone, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Many people

More information

Cybersecurity Health Check At A Glance

Cybersecurity Health Check At A Glance This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not

More information

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

2012 Endpoint Security Best Practices Survey

2012 Endpoint Security Best Practices Survey WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners

More information

Effective Methods to Detect Current Security Threats

Effective Methods to Detect Current Security Threats terreactive AG. Swiss Cyber Storm 2015. Effective Methods to Detect Current Security Threats Taking your IT security to the next level, you have to consider a paradigm shift. In the past companies mostly

More information

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements

More information

Security Management. Keeping the IT Security Administrator Busy

Security Management. Keeping the IT Security Administrator Busy Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Jort Kollerie SonicWALL

Jort Kollerie SonicWALL Jort Kollerie Cloud 85% of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years. 68% of spend in private cloud solutions. - Bain and Dell 3 Confidential

More information

Effective Methods to Detect Current Security Threats

Effective Methods to Detect Current Security Threats terreactive AG. Swiss Cyber Storm 2015. Effective Methods to Detect Current Security Threats Enrico Petrov Director Managed Security Services terreactive October 21 st, 2015 terreactive Background. About

More information

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security

More information

Experience the commitment. white paper. Information Security Continuous Monitoring. Charting the Right Course. cgi.com

Experience the commitment. white paper. Information Security Continuous Monitoring. Charting the Right Course. cgi.com Experience the commitment white paper Information Security Continuous Monitoring Charting the Right Course cgi.com Hacking, malware, distributed denial of service attacks, insider threats and other criminal

More information

Enterprise Computing Solutions

Enterprise Computing Solutions Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company

More information

4 Ways an Information Security Analyst Improves Business Productivity

4 Ways an Information Security Analyst Improves Business Productivity 4 Ways an Information Security Analyst Improves Business Productivity www.gr e xo.co m 4 Ways an Information Security Analyst Improves Business Productivity The increase of data breaches and hackers has

More information

Global IT Security Risks: 2012

Global IT Security Risks: 2012 Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

Network Security Survey of Small Businesses

Network Security Survey of Small Businesses Network Security Survey of Small Businesses July 2006 Copyright All Covered Inc. www.allcovered.com Executive Summary Most small businesses now make use of a network of PCs and servers to run their operations.

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

Executive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6

Executive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6 Securing the State Of Michigan Information Technology Resources Table of Contents Executive Overview...4 Importance to Citizens, Businesses and Government...5 Emergency Management and Preparedness...6

More information

Extending Compliance to the Mobile Workforce. www.maas360.com

Extending Compliance to the Mobile Workforce. www.maas360.com Extending Compliance to the Mobile Workforce www.maas360.com 1 Copyright 2014 Fiberlink Communications Corporation. All rights reserved. This document contains proprietary and confidential information

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

Cisco Security Optimization Service

Cisco Security Optimization Service Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless

More information

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP Today s Topics SCADA Overview SCADA System vs. IT Systems Risk Factors Threats Potential Vulnerabilities Specific Considerations

More information

Section 12 MUST BE COMPLETED BY: 4/22

Section 12 MUST BE COMPLETED BY: 4/22 Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

More information

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community A Sampling of Cyber Security Solutions Designed for the

More information

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Full Compliance With Trusted Internet Connection Requirements Is Progressing; However, Improvements Would Strengthen Security September 17, 2013 Reference

More information

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC. Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies

More information

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them?

Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com. Smartphones and BYOD: what are the risks and how do you manage them? Ibrahim Yusuf Presales Engineer at Sophos ibz@sophos.com Smartphones and BYOD: what are the risks and how do you manage them? Tablets on the rise 2 Diverse 3 The Changing Mobile World Powerful devices

More information

How to Secure Your Environment

How to Secure Your Environment End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge

More information

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014 Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

Zone Labs Integrity Smarter Enterprise Security

Zone Labs Integrity Smarter Enterprise Security Zone Labs Integrity Smarter Enterprise Security Every day: There are approximately 650 successful hacker attacks against enterprise and government locations. 1 Every year: Data security breaches at the

More information

Gabriel Coimbra Research & Consulting Director IDC Portugal. Porto, 29 de Maio 2008. www.idc.com

Gabriel Coimbra Research & Consulting Director IDC Portugal. Porto, 29 de Maio 2008. www.idc.com IT Security Market Overview Gabriel Coimbra Research & Consulting Director IDC Portugal Porto, 29 de Maio 2008 www.idc.com Agenda Market context IT Security context CSO Agenda IT Security market Conclusion

More information

November 4, 2015. Underwritten by:

November 4, 2015. Underwritten by: November 4, 2015 Underwritten by: Introduction More and more Internet-enabled devices are connecting to Federal networks. Are endpoint security strategies maturing as the definition of an endpoint expands?

More information

3. Are employees set as Administrator level on their workstations? a. Yes, if it is necessary for their work. b. Yes. c. No.

3. Are employees set as Administrator level on their workstations? a. Yes, if it is necessary for their work. b. Yes. c. No. As your trusted financial partner, Maps Credit Union is committed to helping you assess and manage risks associated with your business online banking. We recommend that you do a periodic risk assessment

More information

Introduction (Contd )

Introduction (Contd ) Introduction In 2008, mobile devices continue to rapidly replace desktop computers. Mobile devices create easier ways to communicate and work more efficiently while away from the corporate office. In addition,

More information

The Attacker s Target: The Small Business

The Attacker s Target: The Small Business Check Point Whitepaper The Attacker s Target: The Small Business Even Small Businesses Need Enterprise-class Security to protect their Network July 2013 Contents Introduction 3 Enterprise-grade Protection

More information

Cybersecurity: An Innovative Approach to Advanced Persistent Threats

Cybersecurity: An Innovative Approach to Advanced Persistent Threats Cybersecurity: An Innovative Approach to Advanced Persistent Threats SESSION ID: AST1-R01 Brent Conran Chief Security Officer McAfee This is who I am 2 This is what I do 3 Student B The Hack Pack I used

More information

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014 DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014 Revision History Update this table every time a new edition of the document is

More information

13 Ways Through A Firewall

13 Ways Through A Firewall Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright

More information

Information Technology Acceptable Use Policies

Information Technology Acceptable Use Policies White Paper: Information Technology Acceptable Use Policies A practical guide for protecting IT assets from the largest single IT Security threat inappropriate use of IT services, including desktops, email,

More information

DeltaV System Cyber-Security

DeltaV System Cyber-Security January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Research Results. April 2015. Powered by

Research Results. April 2015. Powered by Research Results April 2015 Powered by Introduction Where are organizations investing their IT security dollars, and just how confident are they in their ability to protect data form a variety of intrusions?

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit. Juniper Networks Next Generation Security for a Cybercrime World Lior Cohen Principal Solutions Architect Scott Lucas Director of Product Marketing, Branch Solutions Service Layer Technologies Business

More information

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating

More information

Advantages of Managed Security Services

Advantages of Managed Security Services Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network

More information

The Future of Network Security Sophos 2012 Network Security Survey

The Future of Network Security Sophos 2012 Network Security Survey The Future of Network Security Sophos 2012 Network Security Survey Sophos and Vanson Bourne surveyed 571 IT decision makers globally to gain a deeper understanding of how IT teams are responding to technology

More information

Federal Cyber Security Outlook for 2010

Federal Cyber Security Outlook for 2010 Federal Cyber Security Outlook for 2010 National IT Security Challenges Mounting How well prepared are IT professionals within U.S. government agencies to respond to foreign cyber threats? Will government

More information

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C. Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

Top Four Considerations for Securing Microsoft SharePoint

Top Four Considerations for Securing Microsoft SharePoint Top Four Considerations for Securing by Chris McCormack, Product Marketing Manager, Sophos is now the standard for internal and external collaboration and content management in much the same way Microsoft

More information

Our Mission. Provide traveling, remote and mobile laptop users with corporate-level security

Our Mission. Provide traveling, remote and mobile laptop users with corporate-level security Our Mission Provide traveling, remote and mobile laptop users with corporate-level security The Challenge When connecting to the Internet from within the corporate network, laptop users are protected by

More information

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know I n t r o d u c t i o n Until the late 1990s, network security threats were predominantly written by programmers seeking notoriety,

More information

Category: Title of Nomination. Project Manager: Job Title: Agency: Department: Address: City: State:

Category: Title of Nomination. Project Manager: Job Title: Agency: Department: Address: City: State: 1. Nomination Form Information: Category: Title of Nomination Project Manager: Job Title: Agency: Department: Address: City: State: Information Security and Privacy Security 2.0: Next Generation Security

More information

Network/Cyber Security

Network/Cyber Security Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security

More information

The Leading Provider of Endpoint Security Solutions

The Leading Provider of Endpoint Security Solutions The Leading Provider of Endpoint Security Solutions Innovative Policies to Defend Against Next-Generation Threats Conrad Herrmann CTO and Co-Founder Zone Labs, Inc. Network Security Is an Uphill Battle

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

NON-PROFIT ORGANIZATIONS NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT CONTRACTING

NON-PROFIT ORGANIZATIONS NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT CONTRACTING NON-PROFIT ORGANIZATIONS NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT CONTRACTING Lee E. Rice 1 and Syed (Shawon) M. Rahman, Ph.D. 2 1 School of Business and IT, Capella University, Minneapolis, MN,

More information

Data Center security trends

Data Center security trends Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:

More information

Critical Controls for Cyber Security. www.infogistic.com

Critical Controls for Cyber Security. www.infogistic.com Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability

More information

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2 Texas Wesleyan Firewall Policy Purpose... 1 Scope... 1 Specific Requirements... 1 PURPOSE Firewalls are an essential component of the Texas Wesleyan information systems security infrastructure. Firewalls

More information

Is Your Vendor CJIS-Certified?

Is Your Vendor CJIS-Certified? A Thought Leadership Profile Symantec SHUTTERSTOCK.COM Is Your Vendor CJIS-Certified? How to identify a vendor partner that can help your agency comply with new federal security standards for accessing

More information

In our world and in our time, security is a term that places a tremendous responsibility on the people who claim it. You need to be certain that your

In our world and in our time, security is a term that places a tremendous responsibility on the people who claim it. You need to be certain that your security In our world and in our time, security is a term that places a tremendous responsibility on the people who claim it. You need to be certain that your security partner demonstrates the right values

More information

IT Security. Securing Your Business Investments

IT Security. Securing Your Business Investments Securing Your Business Investments IT Security NCS GROUP OFFICES Australia Bahrain China Hong Kong SAR India Korea Malaysia Philippines Singapore Sri Lanka Securing Your Business Investments! Information

More information

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions

Security Solutions to Meet NERC-CIP Requirements. Kevin Staggs, Honeywell Process Solutions Kevin Staggs, Honeywell Process Solutions Table of Contents Introduction...3 Nerc Standards and Implications...3 How to Meet the New Requirements...4 Protecting Your System...4 Cyber Security...5 A Sample

More information

Seamless ICT Infrastructure Security.

Seamless ICT Infrastructure Security. Seamless ICT Infrastructure Security. Integrated solutions from a single source. Effective protection requires comprehensive measures. Global networking has practically removed all borders in the exchange

More information

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security Chapter 12 Network Security Security Policy Life Cycle A method for the development of a comprehensive network security policy is known as the security policy development life cycle (SPDLC). Network Security

More information

2015 VORMETRIC INSIDER THREAT REPORT

2015 VORMETRIC INSIDER THREAT REPORT Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security RETAIL EDITION #2015InsiderThreat RESEARCH BRIEF RETAIL CUSTOMERS AT RISK ABOUT THIS RESEARCH BRIEF

More information

DeltaV Cyber Security Solutions

DeltaV Cyber Security Solutions TM DeltaV Cyber Security Solutions A Guide to Securing Your Process A long history of cyber security In pioneering the use of commercial off-the-shelf technology in process control, the DeltaV digital

More information

The Business Value of Managed Security Services

The Business Value of Managed Security Services The Business Value of Managed Security Services SilverSky 440 Wheelers Farm Road Suite 202 Milford CT 06461 silversky.com 2013 SilverSky P.2 The Business Value of Managed Security Services Contents Abstract...

More information

BlackRidge Technology Transport Access Control: Overview

BlackRidge Technology Transport Access Control: Overview 2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service

More information

The App Age: How Enterprises Use Mobile Applications

The App Age: How Enterprises Use Mobile Applications The App Age: How Enterprises Use Mobile Applications Introduction The mobile app market is growing steadily as businesses seek ways to innovate, create business value and engage partners and customers

More information

Information Security: A Perspective for Higher Education

Information Security: A Perspective for Higher Education Information Security: A Perspective for Higher Education A By Introduction On a well-known hacker website, individuals charged students $2,100 to hack into university and college computers for the purpose

More information

FROM TACTIC TO STRATEGY:

FROM TACTIC TO STRATEGY: FROM TACTIC TO STRATEGY: The CDW 2011 Cloud Computing Tracking Poll 2011 CDW LLC TABLE OF CONTENTS Introduction 3 Key findings 4 Planning for the cloud 16 Methodology and demographics 19 Appendix 20 Industries

More information

2012 NCSA / Symantec. National Small Business Study

2012 NCSA / Symantec. National Small Business Study 2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National

More information

Cyber Security Solutions:

Cyber Security Solutions: ThisIsCable for Business Report Series Cyber Security Solutions: A Sampling of Cyber Security Solutions Designed for the Small Business Community Comparison Report Produced by BizTechReports.com Editorial

More information

The Encryption Enigma October 9, 2012

The Encryption Enigma October 9, 2012 The Encryption Enigma October 9, 2012 Underwritten by: Introduction Two years ago, WikiLeaks posted 400,000 pages on the Iraq War that the Pentagon called the largest leak of classified documents in its

More information

Cyber Situational Awareness for Enterprise Security

Cyber Situational Awareness for Enterprise Security Cyber Situational Awareness for Enterprise Security Tzvi Kasten AVP, Business Development Biju Varghese Director, Engineering Sudhir Garg Technical Architect The security world is changing as the nature

More information

Security Defense Strategy Basics

Security Defense Strategy Basics Security Defense Strategy Basics Joseph E. Cannon, PhD Professor of Computer and Information Sciences Harrisburg University of Science and Technology Only two things in the water after dark. Gators and

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

More information

Endpoint Security More secure. Less complex. Less costs... More control.

Endpoint Security More secure. Less complex. Less costs... More control. Endpoint Security More secure. Less complex. Less costs... More control. Symantec Endpoint Security Today s complex threat landscape constantly shifts and changes to accomplish its ultimate goal to reap

More information