WCA WEBINAR SERIES: The Case for Cyber Security Training

Transcription

1 WCA WEBINAR SERIES: The Case for Cyber Security Training PLEASE NOTE: IN ORDER TO HEAR THE AUDIO FOR THIS WEBCAST YOU WILL NEED TO USE YOUR TELEPHONE TO DIAL INTO THE FOLLOWING CONFERENCE LINE: Conference Line: (855) Passcode: # FOR QUESTIONS OR ASSISTANCE, PLEASE CONTACT THE WCA OFFICE AT (608)

2 The Case for Cyber Security Training Presenters Liz Stephens, Membership & External Affairs Director Kristin Judge, Executive Director, Trusted Purchasing Alliance for the Center for Internet Security

3 The Case for Cyber Security Training August 14, 2013 Wisconsin Counties Association Kristin Judge, Executive Director Trusted Purchasing Alliance Center for Internet Security WILLIAM F. PELGRIN PRESIDENT & CEO

4 Center for Internet Security CIS MS-ISAC Security Benchmarks Trusted Purchasing Alliance Integrated Intelligence Center

5

6 CIA, FBI and the Director of National Intelligence agree Cyber security is the top threat 3/12/13

7 Global Cost of Cybercrime is estimated to be $114 Billion Annually The cost of each record in a data breach is $194 County government holds data on millions of citizens

8 Counties Hacked

9 When: January 12, 2012 Where: Rutherford County, TN (pop. 262,000) What: Sheriff s Department and Election Commission Hacked by Turkish Hackers Reaction: Sheriff Robert Arnold remains concerned about the hacker's motives. "What information are they going after? What are they planting in our system? There could be the potential of them changing prison release dates," said Arnold.

10 When: January 22, 2012 Where: Salem County, NJ (pop. 66,058) What: Salem County $13M bank account Hacked Reaction: Wright said the hacker was able to access the county s online banking system through the Microsoft Exchange server. Exchange is an -based collaborative communications server for businesses. They were able to jump in our account and essentially blocked us from logging on, said Wright. When they were logged in, they wired out $19,000 to an account with JP Morgan Chase out in California.

11 When: April 24, 2013 Where: Jefferson County, WI (pop. 262,000) What: Website defaced by hackers Reaction: Hacker s web address was from Italy. Site was compromised for 8 hours on a Thursday. All website data was deleted and needed to be recreated by staff.

12 When: July 12, 2013 Where: Harris County, TX (pop. 4.2M ) What: Personal information of 16,000 employees found in Vietnam Reaction: Letter sent to all affected employees. Social security numbers, dates of birth and other personal information found. State law may require ID Theft protection.

13 Who Is Behind The Threats? Cyber Criminals Corporate Espionage Hacktivists Nation States

14 Phishing scams entice recipients into clicking on a link or attachment which is malicious. WELL WRITTEN APPEARS CREDIBLE ENTICING OR SHOCKING SUBJECT APPARENT TRUSTED SOURCE

15 Employee Training is Critical United States Computer Emergency Readiness Team (USCERT) Data Processed 107,655 incident reports % or 55,153 of those were phishing attacks Combining the use of web filtering, antivirus signature protection, proactive malware protection, firewalls, strong security policies and employee training significantly lowers the risk of infection. FCC Small Biz Cyber Planning Guide

16 A new partnership WCA and the Center for Internet Security have established a new Partnership to help Wisconsin Counties get the training they need at a cost they can afford This partnership will allow counties to save up to 92% off the cost of training Training includes both user awareness training and training for information technology professionals

17 Four Great Partners Two types of training End User Awareness IT Professional

18 End User Awareness Training

19 SANS Securing the Human for End Users

20 65 Minutes of Training

21

22

23

24

25 Reinforcement of Training

26 NYSAC and Center for Internet Security Partnership Videos: Minimum purchase $2,000 to train up to 1,250 people for one year $3,500 to train up to 1,250 people for two years 92% Off List Price Support Materials (Posters/Newsletters/Screensaver Package): $2,500 with videos, $5,000 solo 50% discount

27 Inspired elearning

28

29 Safe Computing Best Practices Creation of Strong Passwords Avoiding Malware Protecting Mobile Data Outwitting Social Engineers and Phishers Data Security (Retention and Storage) Physical Security Following Acceptable Use Policies Reporting of Security Incidents

30

31 Never Deploy the Same Course Any Two Years in Row Year One Train Everyone with Basic Awareness Course Train Managers S-110 Train IT S-120, S-125 Year Two All New Hires Basic Awareness Course Incumbents Refresher course Year Three Train Everyone with Basic Awareness Course Year Four All New Hires Basic Awareness Course Incumbents Refresher course Human Firewall Theme Strongest Link Theme

32 Chunk Learning spread out over a period of time Quarter One Hackers Target You Outwitting Phishers Privacy and Legal Issues Quarter Two Acceptable Use What is Info Security Data Snoopers & Eavesdroppers Quarter Three Password Mgmt Malware, Viruses, Worms Mobile Data & Devices Quarter Four Protect Home PC Physical Security Social Engineering Select your modules Select your time frame

33 Inspired elearning Pricing Pick One Class $1,369 minimum purchase to train up to 249 staff members for one year $2,399 minimum purchase to train up to 249 staff members for two years Pick Three Classes $2,191 minimum purchase to train up to 249 staff members for one year $3,838 minimum purchase to train up to 249 staff members for two years

34 IT Professional Training

35 SANS OnDemand Courses & GIAC Certification Exams OnDemand technical training (June/July) Order Online: Pricing SANS OnDemand Courses = $1,350 (24+ CPE/CMU per class) GIAC = $579 Minimum order size per transaction: $4,000 Delivery Format All courses and exams credits hosted in SANS online SANS Voucher Credit program (sort of an online checking account) Customer has 1-Year to allocate credits (assign courses and exams) Once allocated, student will have four months to complete the training and exam All training is done online at the student s own pace

36 Carnegie Mellon Software Engineering Institute CERT STEPfwd SEI CERT STEPfwd (Security Training Evaluation Platform) classes designed for DHS 253 hours of training: On-Demand Lectures, Hands-on Labs, Quizzes, Private Learning Communities, Progress Reporting 26 classes and growing: Classes range from 1hr to 59hrs One account allows access to all classes for one year $1,500/account or $1,250/account when purchasing 5+ Demo accounts available Good through 2014 Purchase directly from CIS

37 (ISC)² (ISC) 2 s Certification Process Pass a rigorous exam to assess their knowledge, skills, and abilities relevant to the common body of knowledge (CBK) Endorsement by another member of (ISC)² Subscribe to the (ISC)² Code of Ethics Earn a minimum number of Continuing Professional Education (CPEs) every year and renew every three years to maintain the certification Hands on experience in several of the domains

38 (ISC)² Qualifying employees get 25% Off any of the following official (ISC)² CBK Training Seminars: CISSP (ISSAP, ISSEP, ISSMP) - Certified Information Systems Security Professional CSSLP - Certified Secure Software Lifecycle Professional SSCP - Systems Security Certified Practitioner CAP - Certified Authorization Professional

39 Next Steps 1. Have a conversation with IT staff, administration and elected officials 2. Identify needs 3. Request demo accounts to see the different options 4. Work with CIS to purchase the training to meet your county s needs

40 Center for Internet Security We are Here To Help!! alliance.cisecurity.org Cyber Security is our Shared Responsibility