Cybersecurity and Technology Update. Paul Rainbow, Information Security Supervisor, Umpqua Bank Francis Tam, Partner, Moss Adams LLP
|
|
- Jennifer Goodman
- 8 years ago
- Views:
Transcription
1 Cybersecurity and Technology Update Paul Rainbow, Information Security Supervisor, Umpqua Bank Francis Tam, Partner, Moss Adams LLP
2 Agenda Cybersecurity Governance Threat Intelligence/Monitoring Vendor Management Third Party Service Providers SSAE16 Incident Response/Resilience Strategy Focus on Technology Threat Detection and Monitoring Malware and Social Engineering Public Security Flaws
3 Cybersecurity $45 million cyberheist and ATM cash out scheme of December 2012, May 2013, and November Twenty five suspects detained in an international cybercrime ring in April Hijack of domain name service (DNS) of Federal Reserve Bank of St. Louis to redirect (research.stlouisfed.org ) visitors to lookalike sites that were under attackers control in April In January 2015, Morgan Stanley fired an employee who they claim stole account data for hundreds of thousands of their wealth management clients. Stolen information for approximately 900 of those clients was posted online for a brief period of time, the company says.
4 Cybersecurity ebay May 2014: 145 million user accounts impacted; $200 million hit to revenue Anthem Health Insurance February 2015: PII for 80 million customers stolen; $100+ million to fix Home Depot September 2014: 109 million customer records stolen (56 million payment card, 53 million e mails) icloud, Sony, Neiman Marcus, UPS, Jimmy Johns, and on, and on, and on..
5 Cybersecurity Heightened awareness of cybersecurity Legislation and regulations on cybersecurity and privacy SB 1386 California Security Breach Information Act Red Flag Act PCI DSS Cybersecurity Information Sharing Act of 2014 (CISA) (proposed)
6 Cybersecurity New federal agencies on cybersecurity Cyber Threat Intelligence Integration Center (CTIIC; pronounced see tick), which culls cyberthreat information from a variety of sources within the government and business community and then produces timely intelligence about the latest threats and threat actors The Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC; pronounced n kick) is an around the clock cyber situational awareness, incident response, and management center that is at the nexus of cyber and communications integration for the federal government, intelligence community, and law enforcement
7 Cybersecurity
8 Cybersecurity FFIEC members include: ( Board of Governors of the Federal Reserve System Consumer Financial Protection Bureau Federal Deposit Insurance Corporation National Credit Union Administration Office of the Comptroller of the Currency State Liaison Committee
9 Cybersecurity: Evolution of Technology in FI
10 Cybersecurity: Current Threats
11 Cybersecurity: Current Threats
12 Cybersecurity: Cyber Risk Management Governance Threat intelligence Third party/vendor management Incident response and resilience
13 Cybersecurity: Governance
14 Cybersecurity: Threat Intelligence Internal Resources Internal audit reports Fraud detection tools Anti Money Laundering/ Office of Foreign Assets Control/Bank Secrecy Act tools External Resources Financial Services Information and Sharing Analysis Center (FS ISAC) FBI InfraGard United States Secret Service (USSS) Electronic Crimes Task Forces Conferences Vendor Reports CTIIC NCCIC
15 Threat Monitoring It is critical in today s fast changing environment to stay up todate on threat trends There are various ways to do this, but FS ISAC is a valuable asset to Financial Institutions and Financial Services companies. It was mentioned in the recent FDIC Cyber Security Awareness presentation.
16 Threat Monitoring FS ISAC provides ongoing trend data and analysis on cybersecurity threats and activities Members submit samples of phishing and attack activity, which is sanitized and publicized to the group Groups also exist for peer to peer communication and submission of data
17 Cybersecurity: Third Party/Vendor Management
18 Cybersecurity: Third Party/Vendor Management The latest FFIEC guidance builds on updated third party risk guidance the OCC issued in August 2014 On February 6, 2015, the FFIEC added a 16 page appendix to its Business Continuity Planning (BCP) Booklet, which was first issued in March 2003 and included in the FFIEC's IT Examination Handbook The new appendix, "Strengthening the Resilience of Outsourced Technology Services," specifically calls out key cybersecurity risks, such as distributed denial of service attacks, the need for more due diligence of third parties, and infrastructural interdependencies
19 Cybersecurity: Third Party/Vendor Management Appendix J of the BCP Booklet discusses the following four key elements of BCP that a financial institution should address to ensure that their technology service providers (TSPs) are providing resilient technology services: Third Party Management Third Party Capacity Testing with Third Party TSPs Cyber Resilience
20 Cybersecurity: Third Party/Vendor Management Cybercriminals leapfrog through Bank information supply chains A bank's cybersecurity is often only as good as the cybersecurity of its vendors; unfortunately, those third party firms can provide a backdoor entrance to hackers who are seeking to steal sensitive bank customer data NYDFS expects to move forward by end of 2015 on regulations strengthening cybersecurity standards for banks' third party vendors, including potential measures related to the representations and warranties banks receive about the cybersecurity protections in place at those firms Federal guidance, including FFIEC, will mirror soon
21 Cybersecurity Third Party/Vendor Management Who are your vendors? One critical element of a third party risk program is knowing who all your vendors are How can you identify all the vendors that are used by your organization?
22 Cybersecurity Third Party/Vendor Management Risk Rating Areas Security Access to network/systems? Share sensitive data? Web presence or customer access to data via the web? Subcontractors?
23 Cybersecurity Third Party/Vendor Management Monitoring Audit reports and other required reporting (SSAE 16) that address business continuity, security, and other facets of the outsourcing relationship can be effective tools Various reports can provide evidence based on the risk and nature of the service provided ISO27001, FISMA, PCI, HIPAA, Internal Audit reports, etc.
24 Cybersecurity Third Party/Vendor Management SSAE16 Reports (formerly SAS70) SSAE16 reports are a useful (and widely utilized) way to monitor third party service providers Changes from SAS70 to SSAE16 have altered the nature of the reports It is important to understand the different types of reports in order to ensure that reliance is justifiable Review and understand the scope. Many reports carve out data canters or other business lines/technologies.
25 Report Comparison SOC 1 1. Auditors report 2. Detail system description 3. Management assertion 4. Management controls 5. Auditor tests of controls and results of those tests control objectives SOC 2 1. Auditors report 2. Detail system description 3. Management assertion 4. Management controls 5. Auditor tests of controls and results of those tests criteria SOC 3 1. Auditors report 2. Detail system description 3. Management assertion 4. Management controls 5. Auditor tests of controls and results of those tests Source: AICPA 2011
26 Trust Principles Security Availability Processing Integrity Confidentiality Privacy
27 Type 1 vs. Type 2 Type 1 reports are for a point in time Type 2 reports are for a period of time
28 Cybersecurity: Incident Response and Resilience Preparation Incident response plan and policy Incident response team Escalation: Internal Notification: External
29 Cybersecurity: Strategy People security awareness training, constant education, instill in the culture Process SOPs, SDLC, change management, provisioning/ deprovisioning, access authorization Policy acceptable use policy, e mail security, BYOD policy, system acquisition, incident response and escalation, business continuity Technology firewall(s), network design, IDS/IPS, AV/DLP, MDM, encryption, system alerting Monitoring ongoing review, awareness and risk assessment/ business impact analysis Governance tone at the top, IT strategy, and cybersecurity insurance
30 Cybersecurity: Technology Areas Network topology, architecture, and design Network device security DMZ and VLAN segmentation External connections and extranets Wireless access point security Web server security Internet content filtering and scanning Intrusion detection/prevention systems Physical system placement and protection Data center physical access and security controls Technical Citrix/Terminal Services Logging, monitoring, and alerting Server security and baselines Virtual environment security Phishing Workstation security and hardening Operating system security and configuration Application security Database security Physical Access logging and auditing Environmental controls Remote access, VPN connectivity, and modem access E mail security Mobile device security, including BYOD strategy Virus, spyware, spam, and other malware filtering Containment measures Data leakage protections (DLP) Data encryption (in transit and at rest) Data backup, restoration, and backup media storage
31 Cybersecurity: Technology Areas Information security management Information security policies Organizational controls including staffing External party risks (e.g., hosting, cloud service providers, etc.) Compliance with information security laws and regulations (e.g., CJIS, HIPAA, PCI DSS, etc.) Software development lifecycle (SDLC) Source code management Administrative Change management of systems and security components Testing and development procedures Configuration management Authentication/login management Identity management and authorization User awareness and training Segregation of duties Information leakage Security incident response Disaster recovery planning Social Engineering Phishing Security awareness Asset management Media disposal, including paper records Software licensing compliance Self auditing procedures (e.g., account reviews, penetration testing, etc.) Remediation procedures Human Resources security Software and hardware asset tracking Software/firmware patch management Equipment leasing agreements and processes
32 Malware It is common to receive e mail based malware attempts It can come in the form of an attachment (Word documents have been very common lately) or a link These typically attempt to download and install malware (Dridex has been the most common) or take the user to a drive by download site
33 Malware Defense The best defense for malware is layered security: Security Awareness Firewall E mail Filtering/Monitoring Local Anti Virus/Anti Malware Intrusion Detection System Patch Management Administrative Rights Network Segmentation
34 Phishing Phishing comes in many formats, but e mail tends to be most common They usually trend with events or time of year (taxes in April, package delivery in December) The intent varies from disclosure of information to wire transfer scams
35 Phishing Defense The best defense is security awareness (but this will never be sufficient, as we are all human) Technical controls are also key (e mail/spam filters, dual factor authentication, dual control for key activities)
36 Security Flaws Heartbleed is a security bug disclosed in April 2014 in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. The vulnerability allows theft of a server s private keys and users' session cookies and passwords. Shellshock is a family of security bugs in the widely used Unix Bash shell, disclosed on September 24, Many Internet facing services use Bash to process certain requests. The exploit can allow an attacker to gain unauthorized access to a computer system.
37 Exploits The attackers were able to get user credentials from the memory of a Juniper device, which was vulnerable to the Heartbleed flaw at the time. The attackers used the stolen credentials to log into the corporate network through the VPN.
38 Poodle The POODLE attack is a man in the middle exploit which takes advantage of Internet and security software clients' fallback to SSL 3.0. If attackers successfully exploit this vulnerability, they can reveal encrypted messages.
39 SSL Labs Tool Qualys SSL Labs has a free tool to scan websites for SSL issues
40 Presenters Paul Rainbow, CPA, CIA, CISA, CISSP, CTGA Information Security Supervisor (509) Francis Tam, CPA, CISM, CISA, CITP, CRISC, PCIP, PCI QSA Partner (310) Questions?
Cybersecurity and Other IT Related Focus Areas. Francis Tam, Partner
Cybersecurity and Other IT Related Focus Areas Francis Tam, Partner Agenda Cybersecurity Payment Card Industry (PCI) Outsourced Cloud Computing 2 Cybersecurity $45 million cyberheist and ATM cash out scheme
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationWhat is Management Responsible For?
What is Management Responsible For? Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf & Company, P.C Regional
More informationSECURITY CONSIDERATIONS FOR LAW FIRMS
SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,
More informationCybersecurity Governance Update: New FFIEC Requirements cliftonlarsonallen.com
Cybersecurity Governance Update: New FFIEC Requirements cliftonlarsonallen.com Overview Up To Date Cybersecurity and Fraud Risks Current threat environment Industry examples and case studies FFIEC Cybersecurity
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationCYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015
CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015 TODAY S PRESENTER Viviana Campanaro, CISSP Director, Security and
More informationHOW SECURE IS YOUR PAYMENT CARD DATA?
HOW SECURE IS YOUR PAYMENT CARD DATA? October 27, 2011 MOSS ADAMS LLP 1 TODAY S PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director PCI Practice Leader Kevin Villanueva,, CISSP,
More informationDESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More information2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP
2015 CEO & Board University Cybersecurity on the Rise Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf
More informationHow To Protect Yourself From A Hacker Attack
Cybersecurity Demystified: Information Technology Security Trends Joe Oleksak, Plante Moran Agenda Data Security Trends Example Attacks Industry Examples An Answer 1 Who Are The Victims? Targets - victims
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationCybersecurity Awareness. Part 2
Part 2 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationCyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013
Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory
More informationI n f o r m a t i o n S e c u r i t y
We help organizations protect INFORMATION The BorderHawk Team has significant experience assessing, analyzing, and designing information protection programs especially in Critical Infrastructure environments.
More informationCybersecurity Governance Update on New FFIEC Requirements
Cybersecurity Governance Update on New FFIEC Requirements cliftonlarsonallen.com Our perspective CliftonLarsonAllen Started in 1953 with a goal of total client service Today, Professional Services Firm
More informationEd McMurray, CISA, CISSP, CTGA CoNetrix
Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats
More informationInformation Security for the Rest of Us
Secure Your Way Forward. AuditWest.com Information Security for the Rest of Us Practical Advice for Small Businesses Brian Morkert President and Chief Consultant 1 Introduction President Audit West IT
More informationCurrent Trends in Cyber Crime & Payments Fraud cliftonlarsonallen.com
Current Trends in Cyber Crime & Payments Fraud cliftonlarsonallen.com Our perspective CliftonLarsonAllen Started in 1953 with a goal of total client service Today, industry specialized CPA and Advisory
More informationDON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0 CYBERSECURITY BREACHES
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationWho s Regulating Whom & What are the Requirements: Banks As Payment Services Providers
Who s Regulating Whom & What are the Requirements: Banks As Payment Services Providers Tony DaSilva, AAP, CISA S&R Senior Technical Expert Federal Reserve Bank of Atlanta Disclaimer The opinions expressed
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More informationSWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE
SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationSecurely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More informationHOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS
HOW SECURE IS YOUR PAYMENT CARD DATA? COMPLYING WITH PCI DSS August 23, 2011 MOSS ADAMS LLP 1 TODAY S PRESENTERS Presenters Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director, IT Security
More informationA Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER
A Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER 1 Agenda Audits Articles/Examples Classify Your Data IT Control
More informationHow are we keeping Hackers away from our UCD networks and computer systems?
How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationTop 10 Baseline Cybersecurity Controls Banks Aren't Doing
Top 10 Baseline Cybersecurity Controls Banks Aren't Doing SECURE BANKING SOLUTIONS 1 Contact Information Chad Knutson President, SBS Institute Senior Information Security Consultant Masters in Information
More informationIs Your IT Environment Secure? November 18, 2015. Sarah Ackerman, Greg Bernard, Brian Matteson Clark Schaefer Consulting
Is Your IT Environment Secure? November 18, 2015 Sarah Ackerman, Greg Bernard, Brian Matteson Clark Schaefer Consulting Clark Schaefer Consulting Serving elite and emerging companies with practical solutions
More informationCyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationDepartment of Management Services. Request for Information
Department of Management Services Request for Information Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services September 3, 2015 Submitted By: Carlos Henley
More informationCyber Security 2014 SECURE BANKING SOLUTIONS, LLC
Cyber Security CHAD KNUTSON SECURE BANKING SOLUTIONS 2014 SECURE BANKING SOLUTIONS, LLC Presenter Chad Knutson Senior Information Security Consultant Masters in Information Assurance CISSP (Certified Information
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationIntro. Tod Ferran, CISSP, QSA. SecurityMetrics. 2 years PCI and HIPAA security consulting, performing entity compliance audits
HIPAA Security Rule & Live Hack Tod Ferran, CISSP, QSA Intro Tod Ferran, CISSP, QSA 25 years working with IT and physical security 2 years PCI and HIPAA security consulting, performing entity compliance
More informationReport on CAP Cybersecurity November 5, 2015
Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationNetwork and Security Controls
Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting
More informationData Security and Healthcare
Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationCloud Assurance: Ensuring Security and Compliance for your IT Environment
Cloud Assurance: Ensuring Security and Compliance for your IT Environment A large global enterprise has to deal with all sorts of potential threats: advanced persistent threats (APTs), phishing, malware
More information2 0 1 4 F G F O A A N N U A L C O N F E R E N C E
I T G OV E R NANCE 2 0 1 4 F G F O A A N N U A L C O N F E R E N C E RAJ PATEL Plante Moran 248.223.3428 raj.patel@plantemoran.com This presentation will discuss current threats faced by public institutions,
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationTenzing Security Services and Best Practices
Tenzing Security Services and Best Practices OVERVIEW Security is about managing risks and threats to your environment. The most basic security protection is achieved by pro-actively monitoring and intercepting
More informationRisky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015
Risky Business Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015 What We ll Cover About Me Background The threat Risks to your organization What your organization can/should
More informationThe Information Security Problem
Chapter 10 Objectives Describe the major concepts and terminology of EC security. Understand phishing and its relationship to financial crimes. Describe the information assurance security principles. Identify
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More information2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP
2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,
More informationData Breaches and Cyber Risks
Data Breaches and Cyber Risks Carolinas Credit Union League Leadership Conference Presented by: Ken Otsuka Business Protection Risk Management CUNA Mutual Group CUNA Mutual Group Proprietary Reproduction,
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationCybersecurity. Regional and Community Banks. Inherent Risks and Preparedness. www.bostonfed.org
Cybersecurity Inherent Risks and Preparedness Regional and Community Banks www.bostonfed.org Disclaimer The opinions expressed in this presentation are intended for informational purposes, and are not
More informationEnterprise Computing Solutions
Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company
More information全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks
全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks Agenda Challenges and PCI DSS 3.0 Updates Personal Information Protection Act Strategy to Protect against leak of Confidential Personal and Corporate
More informationCyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s
Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s 1 Agenda Data Security Trends Root causes of Cyber Attacks How can we fix this? Secure Infrastructure Security Practices
More informationA Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014
A Wake-Up Call? Fight Back Against Cybercrime Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014 1 Coalfire Background Leading Information Security Consulting Firm Offices: Atlanta,
More informationCompliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:
Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationBAE Systems PCI Essentail. PCI Requirements Coverage Summary Table
BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationCYBERSECURITY INVESTIGATIONS
CYBERSECURITY INVESTIGATIONS Planning & Best Practices May 4, 2016 Lanny Morrow, EnCE Managing Consultant lmorrow@bkd.com Cy Sturdivant, CISA Managing Consultant csturdivant@bkd.com Michal Ploskonka, CPA
More informationVendor Audit Questionnaire
Vendor Audit Questionnaire The following questionnaire should be completed as thoroughly as possible. When information cannot be provided it should be noted why it cannot be provided. Information may be
More informationVendor Risk Management Financial Organizations
Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationSSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch
SSAE 16 for Transportation & Logistics Companies Chris Kradjan Kim Koch 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind,
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationPresented by Evan Sylvester, CISSP
Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information
More information1B1 SECURITY RESPONSIBILITY
(ITSP-1) SECURITY MANAGEMENT 1A. Policy Statement District management and IT staff will plan, deploy and monitor IT security mechanisms, policies, procedures, and technologies necessary to prevent disclosure,
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the
More informationSECURITY AND EXTERNAL SERVICE PROVIDERS
SECURITY AND EXTERNAL SERVICE PROVIDERS How to ensure regulatory compliance and manage risks with Service Organization Control (SOC) Reports Jorge Rey, CISA, CISM, CGEIT Director, Information Security
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationInformation Technology General Controls And Best Practices
Paul M. Perry, FHFMA, CITP, CPA Alabama CyberNow Conference April 5, 2016 Information Technology General Controls And Best Practices 1. IT General Controls - Why? 2. IT General Control Objectives 3. Documentation
More informationDON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? FREEMAN WOOD HEAD OF MERCER SENTINEL NORTH AMERICA GREGG SOMMER HEAD OF OPERATIONAL RISK ASSESSMENTS MERCER
More informationHEC Security & Compliance
HEC Security & Compliance SAP Security, Risk & Compliance Office November, 2014 Public Version 2.0 Details Introduction Overview Security Offering Approach Certifications Introduction Dear Customer, Information
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationFBLA Cyber Security aligned with Common Core 6.14. FBLA: Cyber Security RST.9-10.4 RST.11-12.4 RST.9-10.4 RST.11-12.4 WHST.9-10.4 WHST.11-12.
Competency: Defend and Attack (virus, spam, spyware, Trojans, hijackers, worms) 1. Identify basic security risks and issues to computer hardware, software, and data. 2. Define the various virus types and
More informationKey Considerations of Regulatory Compliance in the Public Cloud
Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,
More informationCompliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations
Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased
More informationIf you know the enemy and know yourself, you need not fear the result of a hundred battles.
Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you
More informationSCAC Annual Conference. Cybersecurity Demystified
SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber
More informationInstructions for Completing the Information Technology Officer s Questionnaire
Instructions for Completing the The (Questionnaire) contains questions covering significant areas of a bank s information technology (IT) function. Your responses to these questions will help determine
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationThe Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant
THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda
More informationMobile Banking. Secure Banking on the Go. Matt Hillary, Director of Information Security, MX
Mobile Banking Secure Banking on the Go Matt Hillary, Director of Information Security, MX Mobile Banking Channels SMS / Texting Mobile Banking Channels Mobile Web Browser Mobile Banking Channels Mobile
More information