Implementing a Framework
|
|
- Aileen Hampton
- 7 years ago
- Views:
Transcription
1 Implementing a Framework 44th Tennessee Higher Education Information Technology Symposium 2015 Greg Jackson Cyber Security Analyst Dynetics Inc. Information Systems Assessment Services (ISAS) V## Goes Here 1 1
2 Outline What is a Framework? Why is a Framework so Important? Introduce the Risk Management Process Introduce the CyberSecurity Framework (CSF) Implementation of the CyberSecurity Framework Identify Protect Detect Respond Recover 2
3 Something to Think About How do I know what to protect? How do I prioritize security decisions? How much security is enough? 3
4 Something to Think About How do I know what to protect? How do I prioritize security decisions? How much security is enough? Implement A Framework! 4
5 What is a Framework? A framework is not a set of security controls. A framework is a structure or process that uses security controls to provide minimum security. A framework provides organizations with a structure to apply to today s multiple approaches to cybersecurity There are a lot of valid approaches to cybersecurity but without a framework the approach lacks guidance, direction, and communication flow Enables organizations to apply the principles and best practices of risk management to improve the security and resilience of their enterprise 5
6 Frameworks require organizations to: Understand the Business Impact if an information type were compromised Business Impact Analysis What is a Framework? Understand the value of their data Categorization Understand the Cyber Threat Level Risk Assessment Identify threat sources Who is targeting me? Identify threat events What can they do? (Physical damage, Theft of Data, etc) Determine impact on the organization If a vulnerability was executed successfully, what would be the impact to the Confidentiality, Integrity, or Availability of my data? 6
7 Frameworks require organizations to: Document Policies and Procedures Policies communicate the business priority, risk tolerance, and available resources from the executive level to the rest of the organization Procedures ensure a continuity of operations Assign Roles and Responsibilities Eliminates ambiguity Implement security The act of implementing security features that align with the organizations categorization, business impact analysis, and risk assessment Validate the effectiveness of their security Cybersecurity Assessment Security Controls Assessment Penetration Testing Continuously monitor What is a Framework? Ensure the implemented security is still providing an acceptable level of risk 7
8 Why is a Framework so important? Provides a context for implementing risk management Reduces the possibility of over or under securing your data Ensures continuity of solutions at all 3 levels of the organization Executive Level Focus: Organizational Risk Actions: Risk Decision and Priorities Operations Level Focus: Infrastructure Risk Management Actions: Selects Profile, and Allocates Budget Implementation Level Focus: Securing Infrastructure Actions: Implements Profile A framework will not eliminate the possibility of a breach. However, implementing a framework will give you a highly effective defensive posture that meets the criterion of Due Diligence 8
9 Risk Management Process 9
10 Introduction Developed in collaboration with industry Voluntary Framework designed to provide a: Prioritized Flexible Repeatable Performance-based Cost-effective approach to manage CyberSecurity risks Intended for use by any organization that wants to enhance their management of CyberSecurity risks 10
11 Introduction Function Category Subcategory References Identify Risk Management Strategy - The organization s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions. Risk management processes are established, managed, and agreed to by organizational stakeholders Organizational risk tolerance is determined and clearly expressed The organization s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis COBIT 5 APO12.04, APO12.05, APO13.02, BAI02.03, BAI04.02 ISA : NIST SP Rev. 4 PM-9 COBIT 5 APO12.06 ISA : NIST SP Rev. 4 PM-9 NIST SP Rev. 4 PM-8, PM-9, PM-11, SA-14 IDENTIFY Asset Management Business Environment Governance Risk Assessment Risk Management Strategy PROTECT Access Control Awareness and Training Data Security Information Protection and Procedures Maintenance Protective Technology DETECT Anomalies and Events Security Continuous Monitoring Detection Process CSF Implement based on specific cybersecurity outcomes 11 RESPOND Response Planning Communications Analysis Mitigation Improvements RECOVER Recovery Planning Improvements Communications
12 Prioritize and Scope CyberSecurity Framework (CSF) Implementation Determine business objectives Identify organizational priorities Business Impact Assessment Orient Identify regulatory requirements Determine risk approach Risk Mitigation Strategy Create a Current Profile Which outcomes are currently being achieved Conduct a Risk Assessment Identify current vulnerabilities Determine likelihood and impact of a cybersecurity event Risk Assessment 12
13 Implementation Create a Target Profile What are the organizations desired cybersecurity outcomes Determine, Analyze, and Prioritize Gaps Compare current profile to target profile to identify gaps Develop an action plan that s driven by the outcome of Step 1 Identify resources necessary to achieve the Target Profile Implement Action Plan Implement security controls necessary to achieve the outcomes identified in the Target Profile Continuous monitoring 13
14 Function Category Subcategory References Identify Risk Management Strategy - The organization s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions. Risk management processes are established, managed, and agreed to by organizational stakeholders Organizational risk tolerance is determined and clearly expressed The organization s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis COBIT 5 APO12.04, APO12.05, APO13.02, BAI02.03, BAI04.02 ISA : NIST SP Rev. 4 PM-9 COBIT 5 APO12.06 ISA : NIST SP Rev. 4 PM-9 NIST SP Rev. 4 PM-8, PM-9, PM-11, SA-14 IDENTIFY Asset Management Business Environment Governance Risk Assessment Risk Management Strategy PROTECT Access Control Awareness and Training Data Security Information Protection and Procedures Maintenance Protective Technology DETECT Anomalies and Events Security Continuous Monitoring Detection Process CSF Implement based on specific cybersecurity outcomes 14 RESPOND Response Planning Communications Analysis Mitigation Improvements RECOVER Recovery Planning Improvements Communications
15 Identify What information or assets need protection? Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities. Foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management IDENTIFY Asset Management Business Environment Governance Risk Assessment Risk Management Strategy CSF Implement based on specific cybersecurity outcomes 15
16 Identify Asset Management The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization s risk strategy. Actively Manage Hardware and Software Inventories The first two critical security controls identified by the SANS Institute Business Environment The organization s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions Perform a Business Impact Analysis to: Identify network segmentation points Predict the consequences of disruption of a business function or process Enable the development of recovery strategies Provide the basis for investment in prevention and mitigation strategies 16
17 Identify Governance The policies, procedures, and processes to manage and monitor the organization s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk. Formally document Policies and Procedures Risk Assessment The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals. Perform a Formal Risk Assessment Risk Management The organization s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions. Develop a Formal Risk Management Strategy 17
18 What safeguards are available? CyberSecurity Framework (CSF) Protect Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services. Supports the ability to limit or contain the impact of a potential cybersecurity event. IDENTIFY Asset Management Business Environment Governance Risk Assessment Risk Management Strategy PROTECT Access Control Awareness and Training Data Security Information Protection and Procedures Maintenance Protective Technology CSF Implement based on specific cybersecurity outcomes 18
19 Protect Access Control Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions. Restrict Administrative Privileges Disable Local Administrator Accounts or Remove Local Admin Rights for users and implement Password Management (such as Microsoft Pwd Mgr or CyberArk) Limit and Secure Remote Access to your Network Implement Network Segmentation Eliminate Shared Passwords/Group Accounts Awareness and Training The organization s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements. Ensure all employees receive Security Awareness Training Annually Invite CyberSecurity Analysts to provide presentations to the organization 19
20 Protect Data Security Information and records (data) are managed consistent with the organization s risk strategy to protect the confidentiality, integrity, and availability of information. Implement Application Whitelisting (Microsoft s Software Restriction Policies) Patch Applications Patch Operating Systems At least 85% of all targeted cyber intrusions could have been prevented if these 3 security controls, along with Restricting Administrative Privileges had been implemented! Information Protection Processes and Procedures Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets. Formally assign roles and responsibilities to key Information Security Personnel 20
21 Protect Maintenance Maintenance and repairs of operational and information system components is performed consistent with policies and procedures. Actively Manage Maintenance Activities of 3 rd Party Vendors Implement Strict Configuration Management Don t Allow Vulnerable Services to Run Protective Technology Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements. Harden System Configurations on both Workstations and Servers Harden Application Configurations Implement OS Generic Exploit Mitigation Technologies such as: Enhanced Mitigation Experience Toolkit (EMET) Data Execution Prevention (DEP) Address Space Layout Randomization (ASLR) 21
22 Detect What techniques can detect incidents? Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event. Enables timely discovery of cybersecurity events IDENTIFY Asset Management Business Environment Governance Risk Assessment Risk Management Strategy PROTECT Access Control Awareness and Training Data Security Information Protection and Procedures Maintenance Protective Technology DETECT Anomalies and Events Security Continuous Monitoring Detection Process CSF Implement based on specific cybersecurity outcomes 22
23 Detect Anomalies and Events Anomalous activity is detected in a timely manner and the potential impact of events is understood. Implement Auditing (Microsoft s Sysmon) Implement HIDS (Host-based Intrusion Detection System) and NIDS (Networkbased Intrusion Detection System) Capture and Store PCAP (Packet Capture) Data Provide Strong Protection of this Data Ensure Active Analysis and Alerting Security Continuous Monitoring The information system and assets are monitored to identify cybersecurity events and verify the effectiveness of protective measures. Insist on 3 rd Party Assessments that include: Social Engineering Vulnerability Assessment Penetration Testing 23
24 Detect Detection Processes Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events. Must be Thoroughly Tested (Can be in conjunction with a 3 rd Party Assessment) Continuous Improvement is Paramount 24
25 Respond What techniques can contain impacts of incidents? Develop and implement the appropriate activities to take action regarding a detected cybersecurity event. Supports the ability to contain the impact of a potential cybersecurity event IDENTIFY Asset Management Business Environment Governance Risk Assessment Risk Management Strategy PROTECT Access Control Awareness and Training Data Security Information Protection and Procedures Maintenance Protective Technology DETECT Anomalies and Events Security Continuous Monitoring Detection Process CSF Implement based on specific cybersecurity outcomes 25 RESPOND Response Planning Communications Analysis Mitigation Improvements
26 Respond Response Planning Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events. Respond according to a Formally Documented Incident Response Plan Communications Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies. Analysis Ensure the Incident is Properly Reported Ensure Proper Coordination with all Stakeholders Analysis is conducted to ensure adequate response and support recovery activities. Ensure All Notifications from Detection Systems are Investigated Ensure you Understand the Total Impact of the Incident Perform Forensics Ensure the Response is consistent with your Incident Response Plan 26
27 Respond Mitigation Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident. Ensure Incidents are Contained Ensure Incidents are Mitigated Improvements Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities. Perform After-the-Fact Analysis to Identify Lessons Learned During the Response Update Response Strategies based on Lessons Learned 27
28 Recover What techniques can restore capabilities? Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event. Supports timely recovery to normal operations to reduce the impact from a cybersecurity event IDENTIFY Asset Management Business Environment Governance Risk Assessment Risk Management Strategy PROTECT Access Control Awareness and Training Data Security Information Protection and Procedures Maintenance Protective Technology DETECT Anomalies and Events Security Continuous Monitoring Detection Process CSF Implement based on specific cybersecurity outcomes 28 RESPOND Response Planning Communications Analysis Mitigation Improvements RECOVER Recovery Planning Improvements Communications
29 Recover Recovery Planning Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events. Implement Recovery according to a Formally Documented Recovery Plan Improvements Recovery planning and processes are improved by incorporating lessons learned into future activities. Perform After-the-Fact Analysis to Identify Lessons Learned During Recovery Update Recovery Strategies based on Lessons Learned Communications Restoration activities are coordinated with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs (CyberSecurity Incident Response Team), and vendors. Manage Public Relations Repair Reputation of the Organization Communicate Recovery Activities with Internal Stakeholders and Executive and Management teams 29
30 Prioritize and Scope CyberSecurity Framework (CSF) Implementation Determine business objectives Identify organizational priorities Business Impact Assessment Orient Identify regulatory requirements Determine risk approach Risk Mitigation Strategy Create a Current Profile Which outcomes are currently being achieved Conduct a Risk Assessment Identify current vulnerabilities Determine likelihood and impact of a cybersecurity event Risk Assessment 30
31 Implementation Create a Target Profile What are the organizations desired cybersecurity outcomes Determine, Analyze, and Prioritize Gaps Compare current profile to target profile to identify gaps Develop an action plan that s driven by the outcome of Step 1 Identify resources necessary to achieve the Target Profile Implement Action Plan Implement security controls necessary to achieve the outcomes identified in the Target Profile Continuous monitoring 31
32 Questions? Implementing a Framework, such as the CyberSecurity Framework, allows you to answer the questions How do I know what to protect? How do I prioritize security decisions? How much security is enough? PO Box 5500 Huntsville, AL Greg Jackson Sr. Cyber Security Analyst 1004 Explorer Blvd Huntsville, AL Office: Mobile: greg.jackson@dynetics.com Dynetics is an employee-owned company. We hold the State s contract for Information Systems Assessment Services (ISAS) 32
33 Cyber Threat Level Dynetics Cyber RiskScope Cyber RiskScope is a new risk management methodology from Dynetics that provides visual, easy-to-grasp information for managing and responding to cyber risks. Cyber RiskScope focuses on three key risk indicators (KRIs): Business Impact, Cyber Threat, and Cybersecurity. When these KRI s are plotted on our innovative 3D Cyber Risk Profile, it is easy to visualize and analyze cyber risk. Recommended Minimum CsL Level 5 Target Level 4 Current Level 3 Level 2 Current Target (Z) Business Impact Level Cybersecurity Level (CsL) Circle size indicates financial impact. 33
34 Managed Security Monitoring Services NetAlert Core Capabilities Intrusion Detection System Honeypot Full Packet Capture at Internet Edge Benefits Increased visibility into what is happening on the wire Ability to notice and respond to threats quicker Additional Features More visibility primarily at the endpoint level Requirements: Logs Customer environment modifications Sysmon (process/network connections at the host level) EMET (exploit prevention) SRP (whitelisting) Snare (Windows Event Logs) Cisco Firewall (syslog) 34
35 Contact Information PO Box 5500 Huntsville, AL Greg Jackson Sr. Cyber Security Analyst 1004 Explorer Blvd Huntsville, AL Office: Mobile: Dynetics is an employee-owned company. 35
CRR-NIST CSF Crosswalk 1
IDENTIFY (ID) Asset Management (AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationCybersecurity Framework Security Policy Mapping Table
Cybersecurity Framework Security Policy Mapping Table The following table illustrates how specific requirements of the US Cybersecurity Framework [1] are addressed by the ISO 27002 standard and covered
More informationThe President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013.
The President issued an Executive Order Improving Critical Infrastructure Cybersecurity, on February 2013. The Executive Order calls for the development of a voluntary risk based Cybersecurity Framework
More informationAutomation Suite for NIST Cyber Security Framework
WHITEPAPER NIST Cyber Security Framework Automation Suite for NIST Cyber Security Framework NOVEMBER 2014 Automation Suite for NIST Cyber Security Framework The National Institute of Standards and Technology
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationNIST Cybersecurity Framework & A Tale of Two Criticalities
NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented
More informationNIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015
NIST Cybersecurity Framework Sean Sweeney, Information Security Officer 5/20/2015 Overview The University of Pittsburgh NIST Cybersecurity Framework Pitt NIST Cybersecurity Framework Program Wrap Up Questions
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationImproving Critical Infrastructure Cybersecurity Executive Order 13636. Preliminary Cybersecurity Framework
1 Improving Critical Infrastructure Cybersecurity Executive Order 13636 Preliminary Cybersecurity Framework 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
More informationIntel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security
Intel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security David Brezinski, Professional Services, Enterprise Security Architect Agenda Overview
More informationThe NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session
The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session Robert Smith Systemwide IT Policy Director Compliance & Audit Educational Series 5/5/2016 1 Today s reality There are two kinds
More informationHow To Write A Cybersecurity Framework
NIST Cybersecurity Framework Overview Executive Order 13636 Improving Critical Infrastructure Cybersecurity 2nd ENISA International Conference on Cyber Crisis Cooperation and Exercises Executive Order
More informationBuilding Security In:
#CACyberSS2015 Building Security In: Intelligent Security Design, Development and Acquisition Steve Caimi Industry Solutions Specialist, US Public Sector Cybersecurity September 2015 A Little About Me
More informationIT ASSET MANAGEMENT Securing Assets for the Financial Services Sector
IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationAnatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow
Anatomy of a Breach: A case study in how to protect your organization Presented By Greg Sparrow Agenda Background & Threat landscape Breach: A Case Study Incident Response Best Practices Lessons Learned
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationCONCEPTS IN CYBER SECURITY
CONCEPTS IN CYBER SECURITY GARY KNEELAND, CISSP SENIOR CONSULTANT CRITICAL INFRASTRUCTURE & SECURITY PRACTICE 1 OBJECTIVES FRAMEWORK FOR CYBERSECURITY CYBERSECURITY FUNCTIONS CYBERSECURITY CONTROLS COMPARATIVE
More informationClient Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs
1 Client Update NFA Adopts Interpretive Notice Regarding Information Systems Security Programs NEW YORK Byungkwon Lim blim@debevoise.com Gary E. Murphy gemurphy@debevoise.com Michael J. Decker mdecker@debevoise.com
More informationCybersecurity Framework. Executive Order 13636 Improving Critical Infrastructure Cybersecurity
Cybersecurity Framework Executive Order 13636 Improving Critical Infrastructure Cybersecurity National Institute of Standards and Technology (NIST) Mission To promote U.S. innovation and industrial competitiveness
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationExecutive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014
Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework September 23, 2014 Executive Order: Improving Critical Infrastructure Cybersecurity It is the policy of the United States to
More informationCybersecurity as a Risk Factor in doing business
Cybersecurity as a Risk Factor in doing business 1 Data is the new raw material of business Economist UK, 2013. In trying to defend everything he defended nothing Frederick the Great, Prussia 1712-86.
More informationApplying IBM Security solutions to the NIST Cybersecurity Framework
IBM Software Thought Leadership White Paper August 2014 Applying IBM Security solutions to the NIST Cybersecurity Framework Help avoid gaps in security and compliance coverage as threats and business requirements
More information¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India
CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More informationCritical Manufacturing Cybersecurity Framework Implementation Guidance
F Critical Manufacturing Cybersecurity Framework Implementation Guidance i Foreword The National Institute of Standards and Technology (NIST) released the 2014 Framework for Improving Critical Infrastructure
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationUnderstanding the NIST Cybersecurity Framework September 30, 2014
Understanding the NIST Cybersecurity Framework September 30, 2014 Earlier this year the National Institute of Standard and Technology released the Framework for Improving Critical Infrastructure Cybersecurity
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationDiscussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples The
More informationO N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationFeedback Ferret. Security Incident Response Plan
Feedback Ferret Security Incident Response Plan Document Reference Feedback Ferret Security Incident Response Plan Version 3.0 Date Created June 2013 Effective From 20 June 2013 Issued By Feedback Ferret
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationSmall Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.
Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationEnterprise Cybersecurity: Building an Effective Defense
: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced
More informationGUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT
GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology A comprehensive approach
More informationSession 334 Incident Management. Jeff Roth, CISA, CGEIT, CISSP
Session 334 Incident Management Jeff Roth, CISA, CGEIT, CISSP SPEAKER BIOGRAPHY Jeff Roth, CISA, CGEIT Jeff Roth has over 25 years experience in IT audit, security, risk management and IT Governance experience
More informationIMS-ISA Incident Response Guideline
THE UNIVERSITY OF TEXAS HEALTH SCIENCE CENTER AT SAN ANTONIO IMS-ISA Incident Response Guideline Incident Response Information Security and Assurance 12/31/2009 This document serves as a guideline for
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 National Institute of Standards and Technology February 12, 2014 Table of Contents Executive Summary...1 1.0 Framework Introduction...3
More informationCyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology
Cyber Security Incident Handling Policy Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Date: Oct 9, 2015 i Document Control Document Owner Classification
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationThe Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense. Tony Sager The Center for Internet Security
The Cyber OODA Loop: How Your Attacker Should Help You Design Your Defense Tony Sager The Center for Internet Security Classic Risk Equation Risk = { Vulnerability, Threat, Consequence } countermeasures
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationInformation Technology Risk Management
Find What Matters Information Technology Risk Management Control What Counts The Cyber-Security Discussion Series for Federal Government security experts... by Carson Associates your bridge to better IT
More informationIT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski
IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS
ITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationApplying Framework to Mobile & BYOD
Applying Framework to Mobile & BYOD Framework for Improving Critical Infrastructure Cybersecurity National Association of Attorneys General Southern Region Meeting 13 March 2015 cyberframework@nist.gov
More informationCYBERSECURITY & EXPECTATIONS FOR INDEPENDENT GROCERS
October 21, 2015 CYBERSECURITY & EXPECTATIONS FOR INDEPENDENT GROCERS Cerone F. Cy Sturdivant Managing Consultant csturdivant@bkd.com 1 TO RECEIVE CPE CREDIT Participate in entire webinar Answer polls
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 National Institute of Standards and Technology February 12, 2014 Table of Contents Executive Summary...1 1.0 Framework Introduction...3
More informationCYBERSECURITY INVESTIGATIONS
CYBERSECURITY INVESTIGATIONS Planning & Best Practices May 4, 2016 Lanny Morrow, EnCE Managing Consultant lmorrow@bkd.com Cy Sturdivant, CISA Managing Consultant csturdivant@bkd.com Michal Ploskonka, CPA
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationCIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System
CIP- 005 R2: Understanding the Security Requirements for Secure Remote Access to the Bulk Energy System Purpose CIP-005-5 R2 is focused on ensuring that the security of the Bulk Energy System is not compromised
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationEnterprise Cybersecurity: Building an Effective Defense
Enterprise Cybersecurity: Building an Effective Defense Chris Williams Oct 29, 2015 14 Leidos 0224 1135 About the Presenter Chris Williams is an Enterprise Cybersecurity Architect at Leidos, Inc. He has
More informationSecurity Policy for External Customers
1 Purpose Security Policy for This security policy outlines the requirements for external agencies to gain access to the City of Fort Worth radio system. It also specifies the equipment, configuration
More informationDIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014
DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy Threat and Vulnerability Management V1.0 April 21, 2014 Revision History Update this table every time a new edition of the document is
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationFINRA Publishes its 2015 Report on Cybersecurity Practices
Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February
More informationCybersecurity Audit Why are we still Vulnerable? November 30, 2015
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
More informationNine Network Considerations in the New HIPAA Landscape
Guide Nine Network Considerations in the New HIPAA Landscape The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Omnibus Final Rule, released January 2013, introduced some significant
More informationGEARS Cyber-Security Services
Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments
More informationAssessing the Effectiveness of a Cybersecurity Program
Assessing the Effectiveness of a Cybersecurity Program Lynn D. Shiang Delta Risk LLC, A Chertoff Group Company Objectives Understand control frameworks, assessment structures and scoping of detailed reviews
More informationWeak (1.0) Limited (2.0) Effective (3.0) Strong (4.0) Very Strong (5.0)
Results for Telco Co Your Cyber Risk Profile The Cyber Risk Profile is designed to quickly provide a visual indication of your cybersecurity risk. In the Cyber RiskScope methodology, your Cybersecurity
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationSupporting information technology risk management
IBM Global Technology Services Thought Leadership White Paper October 2011 Supporting information technology risk management It takes an entire organization 2 Supporting information technology risk management
More informationOlav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord
Olav Mo, Cyber Security Manager Oil, Gas & Chemicals, 28.09.2015 CASE: Implementation of Cyber Security for Yara Glomfjord Implementation of Cyber Security for Yara Glomfjord Speaker profile Olav Mo ABB
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationManaging Business Risk
Managing Business Risk With Assurance Report Cards April 7, 2015 Table of Contents Introduction... 3 Cybersecurity is a Business Issue... 3 Standards, Control Objectives and Controls... 5 Standards and
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationLeveraging Regulatory Compliance to Improve Cyber Security
Leveraging Regulatory Compliance to Improve Cyber Security Leveraging Regulatory Compliance to Improve Cyber Security Brian Irish, Cyber Security Assurance Manager Salt River Project LEVERAGING REGULATORY
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationIT Security Incident Management Policies and Practices
IT Security Incident Management Policies and Practices Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Date: Feb 6, 2015 i Document Control Document
More informationFACT SHEET: Ransomware and HIPAA
FACT SHEET: Ransomware and HIPAA A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000
More informationCybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015
Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key
More informationThe NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide
SOLUTION BRIEF NIST FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide SOLUTION BRIEF CA DATABASE
More information