SolarWinds Federal Cybersecurity Survey Summary Report
|
|
- Dortha Pope
- 8 years ago
- Views:
Transcription
1 SolarWinds Federal Cybersecurity Survey Summary Report March 26, Market Connections, Inc.
2 BACKGROUND AND APPROACH 2 Background and Approach SolarWinds and Market Connections worked together to design and conduct a blind online cybersecurity survey among 200 federal government IT decision makers and influencers in January and February Throughout the report, notable significant differences are reported. Statistical analyses were conducted for continuous monitoring status, agency type and job function. There were no significant differences detected by job function. Due to rounding, graphs may not add up to 100%.
3 RESPONDENT CLASSIFICATIONS 3 Organizations Represented If a respondent did not work for any of the specific organization types noted below, the survey was terminated. Organizations Represented Federal, Civilian or Independent Government Agency Department of Defense or Military Service Federal Judicial Branch Intelligence Agency Federal Legislature 3% 2% 40% 56% Sample Organizations Represented (In Alphabetical Order) Air Force Army Department of Agriculture (USDA) Department of Commerce (DOC) Department of Defense (DOD) Department of Energy (DOE) Department of Homeland Security (DHS) Department of Labor (DOL) Department of State (DOS) Department of the Interior (DOI) Department of Transportation (DOT) Department of Treasury (TREAS) Department of Veteran Affairs (VA) Federal Aviation Administration (FAA) Judicial/Courts Marine Corps National Aeronautics and Space Administration (NASA) Navy Social Security Administration (SSA) US Postal Service (USPS) 0% 10% 20% 30% 40% 50% 60% Which of the following best describes your current employer? What agency do you work for?
4 RESPONDENT CLASSIFICATIONS 4 Decision Making Involvement All respondents are knowledgeable or involved in decisions and recommendations regarding IT operations and management and IT security solutions and services. On a team that makes decisions regarding IT security and/or IT operations and management solutions 5 Manage or implement security and/or IT operations and management solutions 4 Evaluate or recommend firms offering IT security and/or IT operations and management solutions 40% Develop technical requirements for IT security and/or IT operations and management solutions 33% Make the final decision regarding IT security and/or IT operations and management solutions or contractors Other involvement in IT security and/or IT operations and management solutions Note: Multiple responses allowed 8% 0% 10% 20% 30% 40% 50% 60% How are you involved in your organization s decisions or recommendations regarding IT operations and management and IT security solutions and services? (select all that apply)
5 RESPONDENT CLASSIFICATIONS 5 Job Function and Tenure A variety of job functions and tenures are represented in the sample, with most being IT/IS staff and working at their agency for over 20 years. Job Function Tenure IT/IS staff 33% 20+ Years 30% IT director/manager 26% Years Security/IA staff 15% Years Security/IA director or manager 5% 5-9 Years 2 CIO/CTO 5% Includes: 3-4 Years IT Procurement CSO/CISO 2% Program Manager 1-2 Years 2% Other <1 Year 0% 10% 20% 30% 40% 0% 10% 20% 30% 40% Which of the following best describes your current job title/function? How long have you been working at your current agency?
6 CONTINUOUS MONITORING IMPLEMENTATION 6 Continuous Monitoring Plan Two-thirds report having implemented at least one continuous monitoring solution. The majority of those who have not started planning report it is due to budget constraints. Supporting Requirements Reasons for Not Planning We have implemented at least one continuous monitoring solution 63% Budget constraints 86% We are planning to implement continuous monitoring 20% Lack of manpower 43% Competing priorities and other initiatives 29% We have not started planning 4% Non-users 37% Lack of top-level direction and leadership 0% Don t know 13% Other 0% 20% 40% 60% 80% 100% N=7 0% 20% 40% 60% 80% 100% How well equipped is your agency to support federal government (ex. OMB mandate, DISA STIG, etc.) continuous monitoring requirements? What are the reasons that you have not started planning to implement continuous monitoring? (select all that apply)
7 CONTINUOUS MONITORING IMPLEMENTATION 7 Return on Investment Nearly half of respondents have measured the return on investment of continuous monitoring and report it is paying off nicely. Of those planning to implement continuous monitoring, the majority plan to measure its return on investment once implemented. Have Measured Return on Investment Plan to Measure ROI Once Implemented Yes, it s paying off nicely 49% Yes Yes, and we re disappointed in the results 9% 3 59% No No, but we feel we re getting our money s worth 38% 10% Unsure at this time No, but we feel we aren t getting a payoff from the technology 4% 0% 10% 20% 30% 40% 50% 60% N=125 N=39 Have you measured the return on your investment in using continuous monitoring? Once implemented, do you plan to measure the return on your investment in using continuous monitoring?
8 CONTINUOUS MONITORING IMPLEMENTATION 8 Continuous Monitoring Benefits The majority perceive more timely awareness of real-time vulnerabilities as the top benefit to comprehensive continuous monitoring. Automated Score Card report on compliance by functional area Increased technical collaboration with various functional areas More timely awareness of real-time vulnerabilities Note: Multiple responses allowed Keeping up with the newest vulnerabilities Keeping up with the latest compliance requirements Increased visibility into current IT configurations More timely visibility into results of compliance efforts Automated compliance reports Reduced labor costs Reduction in Data Calls Other Not sure What do you perceive as the top three benefits to comprehensive continuous monitoring? (select three) 2% 5% % 26% 33% % Keeping up with the newest vulnerabilities 69% Defense 0% 20% 40% 60% 80% = statistically significant difference Civilian 56% 40%
9 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 9 Cybersecurity Readiness The majority describe their agency s overall cybersecurity readiness as good or excellent. A significantly greater proportion of defense agency respondents as well as respondents that use continuous monitoring rate their readiness as excellent. Excellent we have the appropriate tools, processes and policies in place 44% Good some tools, processes or polices are in place and/or some may need updating Poor we are lacking the necessary tools, process Not sure 2% 5% Continuous Monitoring User Non- User Excellent 54% 28% Good 44% 60% Poor 2% 9% 50% Defense Civilian Excellent 54% 37% 0% 10% 20% 30% 40% 50% 60% = statistically significant difference How would you describe your agency s overall cybersecurity readiness?
10 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 10 IT Security Obstacles Respondents most often consider budget constraints as the single most significant high-level obstacle to maintain or improve IT security. Budget constraints 40% Competing priorities and other initiatives Complexity of internal environment 19% Lack of manpower 8% Lack of top-level direction and leadership Lack of training for personnel Lack of clear standards Lack of technical solutions available at my agency Other 6% 5% 4% 2% 4% 0% 10% 20% 30% 40% 50% What is the single most significant high-level obstacle to maintain or improve IT security at your agency?
11 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 11 Tool Implementation Frustrations The majority report lack of budget is the biggest frustration an IT manager faces in implementing cyber security tools. Difficult to update due to evolving compliance requirements Lack of executive buy-in on importance of compliance Note: Multiple responses allowed Lack of budget Organizational issues or turf battles Expensive to maintain Expensive to upgrade High cost of training Difficult to implement and/or operate Hidden operations costs Difficult to update for emerging threats Insufficient or inflexible reporting Agency does not enforce compliance Other What are the biggest frustrations an IT manager in your agency faces in implementing cyber security tools? (select all that apply) 2% 9% 12% 18% 20% 23% 26% 26% 29% 29% 32% 42% Lack of executive buy-in on importance of compliance Continuous Monitoring User 63% Non- User 29% 0% 10% 20% 30% 40% 50% 60% 70% = statistically significant difference
12 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 12 Cybersecurity Threats External hacking and malware are the overall top cybersecurity threats plaguing agencies. External hacking 50% Malware 46% Social engineering 37% SPAM 36% Insider data leakage/theft 29% Denial of service 25% Mobile device theft 20% Physical security attacks APT Other No cyber threats plague my agency Unsure if cyber threats plague my agency 6% 3% 6% 9% 18% External hacking Continuous Monitoring User Non- User 57% 37% Insider data leakage/theft Mobile device theft Physical security attacks Defense Civilian % 25% 25% 13% Note: Multiple responses allowed What types of cybersecurity threats are plaguing your agency? (select all that apply) 0% 10% 20% 30% 40% 50% 60% = statistically significant difference
13 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 13 Security Threat Sources The general hacking community and careless/untrained insiders are the largest sources of security threats at agencies. General hacking community 47% Careless/untrained insiders 42% Foreign governments 34% Hacktivists 26% Terrorists 2 Malicious insiders For-profit crime Industrial spies Other None of the above plague my agency Unsure if these threats plague my agency 3% 4% 6% 9% 1 Defense Civilian General hacking community 35% 55% Careless/untrained insiders 53% 35% Foreign governments 48% 24% Terrorists 3 13% Malicious insiders 26% 10% Note: Multiple responses allowed What are the largest sources of security threats to your agency? (select all that apply) 0% 10% 20% 30% 40% 50% = statistically significant difference
14 CYBERSECURITY OBSTACLES, THREATS, & EVENTS Security Investment Priorities Firewall configuration and security continuous monitoring are the top essential priorities for investing resources in the next 12 months. Not sure 1 Not a priority 2 Low priority 3 Medium priority 4 & 5 High or essential priority 14 AVG Intrusion detection and prevention 2% 3% 78% 4.19 Firewall configuration and security continuous monitoring 4% 3% 19% 74% 4.19 Improving general network defenses e.g., firewalls, secure gateways 3% 3% 2 73% 4.10 Server security and compliance continuous monitoring 4% 3% 22% Identity and access management 2% 6% Network configuration security compliance continuous monitoring 0% 4% 5% 22% 70% 4.10 Database security 5% 4% 24% 68% 4.02 Improving system defenses e.g. anti-virus, HIPS 3% 6% 24% 68% 4.04 Vulnerability management 4% 4% 25% 67% % 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% For each of the following security practices and/or technologies, please indicate your organization s priority level for investing resources in the next 12 months.
15 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 15 Security Investment Priorities (Continued) Not sure 1 Not a priority 2 Low priority 3 Medium priority 4 & 5 High or essential priority Security information and event management 4% 7% 25% 65% AVG Implementing technologies and processes to monitor information system activity Secure document sharing 4% 7% 5% 3% 1 25% 23% 64% 60% Technologies and processes to monitor and block use of removable media (USB, etc.) Secure remote systems administration Patch management Implementing technologies and processes to monitor user activity Improving mobile device security (mobile policy enforcement, etc.) 5% 3% 3% 3% 4% 6% 4% 3% 5% 5% 12% 12% 10% 23% 25% 33% 27% 25% 58% 58% 58% 58% 52% Log management 7% 2% 10% 34% 49% % 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% For each of the following security practices and/or technologies, please indicate your organization s priority level for investing resources in the next 12 months.
16 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 16 Security Investment Priorities (Continued) Continuous monitoring users indicate that most practices and technologies are of essential priority investments significantly more than non-users. 5 - Essential Continuous Monitoring User Non-User Firewall configuration and security continuous monitoring 53% 33% Intrusion detection and prevention 52% 3 Improving system defenses e.g. anti-virus, HIPS 46% 32% Network configuration security compliance continuous monitoring 46% 3 Database security 44% Vulnerability management 4 25% Technologies and processes to monitor and block use of removable media (USB, etc.) 37% 23% Secure remote systems administration 36% 20% Security information and event management 34% 20% Patch management 33% 19% = statistically significant difference For each of the following security practices and/or technologies, please indicate your organization s priority level for investing resources in the next 12 months.
17 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 17 Security Event Detection Respondents report most often that inappropriate internet access by insiders can be detected within minutes. Within minutes Within hours Within one day More than one day No ability to detect Don t know/unsure Inappropriate internet access by insiders 40% 19% 16% 13% 4% 10% Rogue device on network 37% 27% 13% 10% 2% 12% Misuse/abuse of credentials 32% 23% 13% 3% External data breach 3 23% 15% Compromised account 27% 25% 18% 12% 3% New malware variant 25% 29% 20% 12% Firewall rules out of compliance 25% 22% 24% 13% 16% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% How long does it typically take your organization to detect and/or analyze to the following types of security events or compliance issues?
18 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 18 Security Event Detection (Continued) Inappropriate sharing of documents is reported least as being able to be detected within minutes. Within minutes Within hours Within one day More than one day No ability to detect Don t know/unsure Spear-phishing 23% 30% 16% 12% 3% Network device configurations out of compliance 20% 28% 2 2% 13% Windows system configurations out of compliance 18% 30% 20% 20% 4% 10% Non-Windows system configurations out of compliance 25% 16% 19% 5% 19% Data leakage 24% 20% 15% 5% 20% Inappropriate sharing of documents 22% 1 22% 18% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% How long does it typically take your organization to detect and/or analyze to the following types of security events or compliance issues?
19 CYBERSECURITY OBSTACLES, THREATS, & EVENTS 19 Security Event Detection (Continued) Continuous monitoring users indicate detecting and analyzing most security events or compliance issues within minutes significantly more than non-users. Within Minutes Continuous Monitoring User Non-User Inappropriate internet access by insiders 46% 29% Rogue device on network 46% 23% Misuse/abuse of credentials 37% 23% Compromised account 34% 15% Firewall rules out of compliance 30% 16% Windows system configurations out of compliance 23% 8% Data leakage 22% 8% How long does it typically take your organization to detect and/or analyze to the following types of security events or compliance issues? = statistically significant difference
20 RESEARCH TO INFORM YOUR BUSINESS DECISIONS 20 Contact Information Laurie Morrow, Director of Research Services Market Connections, Inc Avion Parkway, Suite 125 Chantilly, VA , ext. 101 Lisa M. Sherwin Wulf, Federal Marketing Leader SolarWinds
Managing the Unpredictable Human Element of Cybersecurity
CONTINUOUS MONITORING Managing the Unpredictable Human Element of Cybersecurity A WHITE PAPER PRESENTED BY: May 2014 PREPARED BY MARKET CONNECTIONS, INC. 14555 AVION PARKWAY, SUITE 125 CHANTILLY, VA 20151
More informationManaging the Ongoing Challenge of Insider Threats
CYBERSECURITY IN THE FEDERAL GOVERNMENT Managing the Ongoing Challenge of Insider Threats A WHITE PAPER PRESENTED BY: May 2015 PREPARED BY MARKET CONNECTIONS, INC. 11350 RANDOM HILLS ROAD, SUITE 800 FAIRFAX,
More informationFederal Network Security Survey Report
Federal Network Security Survey Report April 20, 2015 2015 Market Connec1ons, Inc. EXECUTIVE SUMMARY 2 About the Study As networks become increasingly complex and more data moves across the network vulnerability
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationFEDERAL CLOUD COMPUTING SUMMIT
FEDERAL CLOUD COMPUTING SUMMIT Federal Cloud Computing Summit January 14-15, 2015 Washington Marriott at Metro Center The Federal Cloud Computing Summit will be held on January 14-15, 2015, at the Washington
More informationPointofView. You Need to be Known to be Liked: Applying Lessons from Corporate Reputation Management to the Public Sector
PointofView You Need to be Known to be Liked: Applying Lessons from Corporate Reputation Management to the Public Sector Public Perceptions of the Reputation of the Federal Government and Other Public
More informationCYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More informationWorking with the FBI
Working with the FBI WMACCA Data Privacy & Security Conference September 17, 2014 Individuals Organized Crime Syndicates Hacktivist Groups Nation States Nation-States Individuals Industry Law Enforcement
More informationKeynote: FBI Wednesday, February 4 noon 1:10 p.m.
Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Speaker: Leo Taddeo Special Agent in Change, Cyber/Special Operations Division Federal Bureau of Investigation Biography: Leo Taddeo Leo Taddeo is the
More informationForeScout CounterACT and Compliance June 2012 Overview Major Mandates PCI-DSS ISO 27002
ForeScout CounterACT and Compliance An independent assessment on how network access control maps to leading compliance mandates and helps automate GRC operations June 2012 Overview Information security
More informationGAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement
GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,
More informationImprovements Needed With Host-Based Intrusion Detection Systems
Report No. DODIG-2012-050 February 3, 2012 Improvements Needed With Host-Based Intrusion Detection Systems Warning This report is a product of the Inspector General of the Department of Defense. Its contents
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationAverage annual cost of security incidents
Breaches reported Annual number of data breaches Average annual cost of security incidents Among companies with revenues over $1 billion Regulatory mandates 900 800 700 600 500 400 300 200 100 0 2011 2012
More informationPerceptions About Network Security Survey of IT & IT security practitioners in the U.S.
Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationCyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community
Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community A Sampling of Cyber Security Solutions Designed for the
More informationCDW-G Federal Cybersecurity Report: Danger on the Front Lines. November 2009. 2009 CDW Government, Inc.
CDW-G Federal Cybersecurity Report: Danger on the Front Lines November 2009 2009 CDW Government, Inc. 1 Table of Contents Introduction 3 Key Findings 4 The Threats 5 Frequent Threats 6 Persistence and
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES The information provided in this document is presented as a courtesy to be used for informational purposes only. This information
More informationTHE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY
THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY CYBER HYGIENE AND ORGANIZATIONAL PLANNING ARE AT LEAST AS INTEGRAL TO SECURING INFORMATION NETWORKS AS FIREWALLS AND ANTIVIRUS SOFTWARE Cybersecurity
More informationGuidelines for Website Security and Security Counter Measures for e-e Governance Project
and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online
More informationSecretary of the Senate Office of Public Records 232 Hart Building Washington, DC 20510 http://www.senate.gov/lobby
Page 1 of 12 Clerk of the House of Representatives Legislative Resource Center B-106 Cannon Building Washington, DC 20515 http://lobbyingdisclosure.house.gov Secretary of the Senate Office of Public Records
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationInformation Technology Risk Management
Find What Matters Information Technology Risk Management Control What Counts The Cyber-Security Discussion Series for Federal Government security experts... by Carson Associates your bridge to better IT
More informationWeb 2.0 and Data Protection. Paul Tsang Security Consultant McAfee
Web 2.0 and Data Protection Paul Tsang Security Consultant McAfee Criminal Motivators For Profit Targeted Attacks Cyber Warfare (Credit Cards, PII, Criminal Infrastructure) (Nation-State Secrets, Trade
More informationNetwork Security. Intertech Associates, Inc.
Network Security Intertech Associates, Inc. Agenda IT Security - Past to Future Security Vulnerabilities Protecting the Enterprise What do we need in each site? Requirements for a Security Architecture
More informationGOVERNMENT SECURITY PRACTITIONER SURVEY:
Introduction In today s IT environment, U.S. federal organizations face a wide range of electronic adversaries, including hackers that develop ever more complex and diverse attacks designed for the specific
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationBriefing Outline. Overview of the CUI Program. CUI and IT Implementation
Briefing Outline Overview of the CUI Program Establishment of the Program Elements of the CUI Executive Order Categories and Registry Handling CUI Current Efforts Implementation Plan CUI and IT Implementation
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More information4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015
CYBER LIABILITY AND AVIATION Presented by Hal Hunt May 3, 2015 AGENDA Introduction Leaning Objectives Threat Examples Underwriting Protection/Cyber Policy Summary 2 LEARNING OBJECTIVES Understand Key Terms
More informationThe Importance of Cyber Threat Intelligence to a Strong Security Posture
The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report
More informationCybersecurity Enhancement Account. FY 2017 President s Budget
Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities
More informationTop five strategies for combating modern threats Is anti-virus dead?
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
More informationCyber Security Issues - Brief Business Report
Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete
More informationEndpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014
Endpoint & Server Protection Brent Biernat First Vice President Network Services May 13, 2014 The Evolution of Cyber Crime 1878 Bell Telephone Teenage Switchboard Operator Disconnected calls, eavesdropped,
More informationManaging Vulnerabilities For PCI Compliance
Managing Vulnerabilities For PCI Compliance Christopher S. Harper Vice President of Technical Services, Secure Enterprise Computing, Inc. June 2012 NOTE CONCERNING INTELLECTUAL PROPERTY AND SOLUTIONS OF
More informationActions and Recommendations (A/R) Summary
Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationData Breaches in the Government Sector. A Rapid7 Research Report
Data Breaches in the Government Sector A Rapid7 Research Report Summary of Report Across all industries, data breaches and the protection of business-critical data remain a top concern. While the government
More informationProtect the data that drives our customers business. Data Security. Imperva s mission is simple:
The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent
More informationOFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC 20301-1700
OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC 20301-1700 OPERATIONAL TEST AND EVALUATION AUG 0 1 2014 MEMORANDUM FOR COMMANDER, ARMY TEST AND EVALUATION COMMAND COMMANDER, AIR
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationDeepwater Horizon: The Politics of Disaster
Deepwater Horizon: The Professor Juliette Kayyem April 2012 US-South Asia Leader Engagement Program Professor Juliette Kayyem Lesson 1 There was the BP Oil Spill and... There was the BP Oil Spill Event
More informationCyber Security Solutions:
ThisIsCable for Business Report Series Cyber Security Solutions: A Sampling of Cyber Security Solutions Designed for the Small Business Community Comparison Report Produced by BizTechReports.com Editorial
More informationHow To Protect A Network From Attack From A Hacker (Hbss)
Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment
More informationForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)
ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationA MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS
A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS CYBER ATTACKS INFILTRATE CRITICAL INFRASTRUCTURE SECTORS Government and enterprise critical infrastructure sectors such as energy, communications
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationEffective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention
Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention Your Security Challenges Defending the Dynamic Network! Dynamic threats 䕬 䕬 䕬 䕬 Many threats
More informationVA Office of Inspector General
VA Office of Inspector General OFFICE OF AUDITS & EVALUATIONS Department of Veterans Affairs Federal Information Security Management Act Audit for Fiscal Year 2013 May 29, 2014 13-01391-72 ACRONYMS AND
More informationBetter secure IT equipment and systems
Chapter 5 Central Services Data Centre Security 1.0 MAIN POINTS The Ministry of Central Services, through its Information Technology Division (ITD), provides information technology (IT) services to government
More informationPromoting a cyber security culture and demand compliance with minimum security standards;
Input by Dr. S.C. Cwele Minister of State Security, Republic of South Africa Cyber Security Meeting, Johannesburg 27 March 2014 I would like to thank the Wits School of Governance for inviting us to contribute
More informationMalware isn t The only Threat on Your Endpoints
Malware isn t The only Threat on Your Endpoints Key Themes The cyber-threat landscape has Overview Cybersecurity has gained a much higher profile over the changed, and so have the past few years, thanks
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationAppendix -- Homeland Security Mission Funding by Agency and Budget Account (budget authority in millions of dollars)
Department of Agriculture 508.8-528.6-603.6 Agricultural Research Service/ Buildings and Facilities/005-18-1401 - - 45.0-113.7 Protecting Critical Infrastructure and Key Assets - - 45.0-113.7 Agricultural
More informationEverything You Wanted to Know about DISA STIGs but were Afraid to Ask
Everything You Wanted to Know about DISA STIGs but were Afraid to Ask An EiQ Networks White Paper 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue,
More informationLifecycle Solutions & Services. Managed Industrial Cyber Security Services
Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationSecurity for NG9-1-1 SYSTEMS
The Next Generation of Security for NG9-1-1 SYSTEMS The Challenge of Securing Public Safety Agencies A white paper from L.R. Kimball JANUARY 2010 866.375.6812 www.lrkimball.com/cybersecurity L.R. Kimball
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationFEDERAL INFORMATION SECURITY
United States Government Accountability Office Report to Congressional Committees September 2015 FEDERAL INFORMATION SECURITY Agencies Need to Correct Weaknesses and Fully Implement Security Programs GAO-15-714
More informationManaging Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services
Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult
More informationThree Branches of Government. Lesson 2
Three Branches of Government The Executive Branch The President of the United States is the leader of the executive branch. The President s duties are to: Enforce federal laws and recommend new ones Serve
More informationApril 17, 2012 2012 CDW
April 17, 2012 2012 CDW INTRODUCTION AND METHODOLOGY One in four organizations has experienced a data loss in the last two years. Many report breaches jeopardizing their email, network or other sensitive
More information1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.
Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is
More informationCarney, Inc. helps Federal agencies accelerate workforce performance
Carney, Inc. helps Federal agencies accelerate workforce performance In the face of rapidly developing national priorities, an inundation of information, and constrained resources, the need to enable the
More informationTLP WHITE. Denial of service attacks: what you need to know
Denial of service attacks: what you need to know Contents Introduction... 2 What is DOS and how does it work?... 2 DDOS... 4 Why are they used?... 5 Take action... 6 Firewalls, antivirus and updates...
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More information1. First, how familiar are you with Master of Public Administration (MPA) and Master of Public Policy (MPP) degrees?
. First, how familiar are you with Master of Public Administration (MPA) and Master of Public Policy (MPP) degrees? Not familiar at all 6.2% 64 2 3.4% 3 3 26.6% 0 4 9.2% 76 Extremely familiar 23.8% 94
More informationThe Department of Homeland Security The Department of Justice
The Department of Homeland Security The Department of Justice to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationGAO INFORMATION SECURITY. Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing. Report to Congressional Requesters
GAO United States Government Accountability Office Report to Congressional Requesters May 2010 INFORMATION SECURITY Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing GAO-10-513
More informationAND RESPONSE. Continuity Insights Conference Chicago June 18-19, 2013. Unclassified
CYBER THREATS AND RESPONSE Continuity Insights Conference Chicago June 18-19, 2013 Unclassified OBJECTIVES Why it is important Threats, players, and response FBI s Next Generation Cyber Government and
More information2011 Cyber Security and the Advanced Persistent Threat A Holistic View
2011 Cyber and the Advanced Persistent Threat A Holistic View Thomas Varney Cybersecurity & Privacy BM Global Business Services 1 31/10/11 Agenda The Threat We Face A View to Addressing the Four Big Problem
More informationSBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics
SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA s online training course: Cybersecurity for Small Businesses. SBA s Office of Entrepreneurship Education provides this self-paced
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationVA Office of Inspector General
VA Office of Inspector General OFFICE OF AUDITS & EVALUATIONS Department of Veterans Affairs Federal Information Security Management Act Audit for Fiscal Year 2014 May 19, 2015 14-01820-355 ACRONYMS CRISP
More informationAANVAL INDUSTRY FOCUS SOLUTIONS BRIEF. Aanval for Financial Services
TACTICAL FLEX, INC. AANVAL INDUSTRY FOCUS SOLUTIONS BRIEF Aanval for Financial Services Aanval is a product of Tactical FLEX, Inc. - Copyright 2012 - All Rights Reserved Challenge for IT in Today s Financial
More informationI N T E L L I G E N C E A S S E S S M E N T
I N T E L L I G E N C E A S S E S S M E N T (U//FOUO) Malicious Cyber Actors Target US Universities and Colleges 16 January 2015 Office of Intelligence and Analysis IA-0090-15 (U) Warning: This document
More informationHealth Insurance Exchange/Marketplace Privacy and Security Issues
Health Insurance Exchange/Marketplace Privacy and Security Issues Twenty-Second National HIPAA Summit Elizabeth A. Ferrell McKenna Long & Aldridge LLP February 6, 2014 mckennalong.com ACA Exchange System
More informationIT Security Community
IT Security Community Who are we? The CompTIA IT Security is a group focused on the changing security issues of today. Who should join? Anyone looking to stay current with the ever- changing security landscape.
More informationStatement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education
Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education Before the U.S. House Oversight and Government Reform Committee Hearing on Agency Compliance with the Federal Information
More informationCybersecurity Report on Small Business: Study Shows Gap between Needs and Actions
SURVEY REPORT: cyber security Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions Confidence in a connected world. Executive summary An online survey revealed that while U.S.
More informationCyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention
Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)
More informationSymantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it
Complete and high performance protection where you need it Overview delivers high-performance protection against physical and virtual server downtime with policy based prevention, using multiple protection
More informationAUDIT TAX SYSTEMS ADVISORY
AUDIT TAX SYSTEMS ADVISORY Presented by: Jim Rumph Introduction JIM RUMPH, CISA Systems Manager Jim is a graduate of the University of Georgia with a Bachelor of Business Administration in Accounting and
More informationCybersecurity Primer
Cybersecurity Primer August 15, 2014 National Journal Presentation Credits Producer: David Stauffer Director: Jessica Guzik Cybersecurity: Key Terms Cybersecurity Information security applied to computers
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES. second edition
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES second edition The information provided in this document is presented as a courtesy to be used for informational purposes only.
More informationInternet Safety and Security: Strategies for Building an Internet Safety Wall
Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet
More informationProtecting critical infrastructure from Cyber-attack
Protecting critical infrastructure from Cyber-attack ACI-NA BIT Workshop, Session 6 (Cybersecurity) Long Beach, California October 4, 2015 Ben Trethowan Aviation Systems & Security Architect The scale
More informationCyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
More informationA Channel Company White Paper. Online Security. Beyond Malware and Antivirus. Brought to You By:
A Channel Company White Paper Online Security Beyond Malware and Antivirus Brought to You By: Abstract Security has always encompassed physical and logical components. But in the face of Bring Your Own
More informationEfficacy of Emerging Network Security Technologies
Efficacy of Emerging Network Security Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More information