Cybersecurity Awareness. Part 1



Similar documents
Cybersecurity Awareness

Cybersecurity Awareness

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Cybersecurity: What CFO s Need to Know

CYBERSECURITY HOT TOPICS

OCIE Technology Controls Program

Cybersecurity. Are you prepared?

Into the cybersecurity breach

Cyber Threat Intelligence and Incident Coordination Center (C 3 ) Protecting the Healthcare Industry from Cyber Attacks

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

Combatting the Biggest Cyber Threats to the Financial Services Industry. A White Paper Presented by: Lockheed Martin Corporation

I N T E L L I G E N C E A S S E S S M E N T

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Presented by: Islanders Bank

Information Security and Risk Management

Click to edit Master title style

Defending Against Data Beaches: Internal Controls for Cybersecurity

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

September 20, 2013 Senior IT Examiner Gene Lilienthal

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

NATIONAL CYBER SECURITY AWARENESS MONTH

Practical Steps To Securing Process Control Networks

Perspectives on Cybersecurity in Healthcare June 2015

THE EVOLUTION OF CYBERSECURITY

Discussion Draft of the Preliminary Cybersecurity Framework Illustrative Examples

Top Fraud Trends Facing Financial Institutions

Cybersecurity Workshop

Collateral Effects of Cyberwar

Cybersecurity for Medical Devices

SOMEBODY'S WATCHING YOU! Maritime Cyber Security White Paper. Safeguarding data through increased awareness

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Don t Fall Victim to Cybercrime:

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO

Cybersecurity: Protecting Your Business. March 11, 2015

Who s Doing the Hacking?

Cyber Security An Exercise in Predicting the Future

Getting real about cyber threats: where are you headed?

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Webinar: Creating a Culture of Cybersecurity at Work

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Threats to Local Governments and What You Can Do to Mitigate the Risks

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER SECURITY INFORMATION SHARING & COLLABORATION

FACT SHEET: Ransomware and HIPAA

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY

How To Protect Your Online Banking From Fraud

Cyber-Security. FAS Annual Conference September 12, 2014

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Cyber Security Metrics Dashboards & Analytics

CYBERSPACE SECURITY CONTINUUM

Defensible Strategy To. Cyber Incident Response

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Topic 1 Lesson 1: Importance of network security

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?

Attachment A. Identification of Risks/Cybersecurity Governance

I ve been breached! Now what?

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

20+ At risk and unready in an interconnected world

Promoting a cyber security culture and demand compliance with minimum security standards;

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Internet threats: steps to security for your small business

Agenda. Introduction to SCADA. Importance of SCADA security. Recommended steps

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Managing cyber risks with insurance

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

Cybersecurity Issues for Community Banks

2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP

Presented by Evan Sylvester, CISSP

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB Cyber Risk Management Guidance. Purpose

IT Security Community

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

Ed McMurray, CISA, CISSP, CTGA CoNetrix

CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015

A Primer on Cyber Threat Intelligence

Italy. EY s Global Information Security Survey 2013

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations

CSM-ACE 2014 Cyber Threat Intelligence Driven Environments

State of Security Survey GLOBAL FINDINGS

External Supplier Control Requirements

Transcription:

Part 1

Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat Intelligence Third-Party Management Cyber-Resilience Incident Response Part 2 Describe Cybersecurity Assessment Tool & Other Available Resources

Evolution of Data Security

Evolution of Data Security

Evolution of Data Security Emerging ATM

Definition The National Institute of Standards and The National Institute of Standards and Technology Technology (NIST) defines cybersecurity as: (NIST) defines cybersecurity as: The process of protecting information by preventing, detecting, and responding to attacks. NIST Framework for Cybersecurity Identify Detect Respond Protect Recover

Appendix B to Part 364 Standards for Information Security s Ensure the security and confidentiality of customer information; s Protect against any anticipated threats or hazards to the security or integrity of such information; s Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer; and s Ensure the proper disposal of customer information and consumer information.

Information Security Incidents 2014 42.8 million 2009 3.4 million 2010 9.4 million 2011 22.7 million 2012 24.9 million 2013 28.9 million Source: PwC.com

People and Patches a campaign of just ten e-mails yields a greater than 90% chance that at least one person will become the criminal s prey 11% of recipients of phishing messages click on attachments. Source: Verizon 2015 Data Breach Investigations Report

People and Patches 99.9% of the exploited vulnerabilities had been compromised more than a year after the associated [patch] was published. Ten [vulnerabilities] accounted for almost 97% of the exploits observed in 2014. In 2014, there were 7,945 security vulnerabilities identified. That is 22 new vulnerabilities a day. Nearly one an hour. Sources: Verizon 2015 Data Breach Investigations Report NopSec

Threat Environment Growing Vulnerabilities s Interconnected systems s New delivery channels s Legacy products Increasing Threats s Number/types of actors s Nature/volume of attacks s Level of sophistication

Threat Environment: Vulnerabilities Technological s Weaknesses in hardware, software, network, or system configurations Organizational s Human s s Lack of awareness of threats/vulnerabilities, incomplete asset inventories, weaknesses in/over-reliance on third parties Exploitation of human behavior such as trust and curiosity Lack of effective security awareness training Physical s Theft, tampering, device failure, or introduction of infected media

Threat Environment: Actors Cyber Criminals - Financially motivated; attacks include account takeovers, ATM cash-outs, and payment card fraud. Nation States - Attempt to gain strategic advantage by stealing trade secrets and engaging in cyber espionage. Hacktivists - Maliciously use information technologies to raise awareness for specific causes. Insiders - Abuse their position and/or computer authorization for financial gain or as a response to a personal grievance with the organization.

Threat Environment: Attacks Malware/Destructive Malware s e.g., Key Loggers, Trojans, Ransomware, Wiper

Threat Environment: Attacks Malware/Destructive Malware s e.g., Key Loggers, Trojans, Ransomware, Wiper Phishing/Spear Phishing

Threat Environment: Attacks Malware/Destructive Malware s e.g., Key Loggers, Trojans, Ransomware, Wiper Phishing/Spear Phishing Distributed Denial of Service (DDoS) Compound Attacks s e.g., DDoS/Account Takeover, Phishing/Trojan The Unknown

Threat Environment: Example This image cannot currently be displayed. Email Installation Execution People Patches Detection Account Takeover Ransomware Data Theft Data Destruction Potential Concerns

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information