North Texas ISSA CISO Roundtable

Similar documents
Cybersecurity: Protecting Your Business. March 11, 2015

Security Risk Management Strategy in a Mobile and Consumerised World

CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015

NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo

I ve been breached! Now what?

Developing National Frameworks & Engaging the Private Sector

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

CONSULTING IMAGE PLACEHOLDER

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015

Defending Against Data Beaches: Internal Controls for Cybersecurity

InfoSec Academy Application & Secure Code Track

Cyber Risk Management with COBIT 5

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

October 24, Mitigating Legal and Business Risks of Cyber Breaches

InfoSec Academy Forensics Track

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Big 4 Information Security Forum

Into the cybersecurity breach

CYBER RISK INTERNATIONAL COMPANY PROFILE

HOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE

Reducing Cyber Risk in Your Organization

WSECU Cyber Security Journey. David Luchtel VP IT Infrastructure & Opera:ons

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing

SECURITY CONSIDERATIONS FOR LAW FIRMS

FFIEC Cybersecurity Assessment Tool

Security & privacy in the cloud; an easy road?

Cybersecurity The role of Internal Audit

Internal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Advancing Cyber Security Using System Dynamics Simulation Modeling for System Resilience, Patching, and Software Development

Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards

Executive Cyber Security Training. One Day Training Course

Information Systems Security Certificate Program

GEARS Cyber-Security Services

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

Cyber security: Are consumer companies up to the challenge?

CyberArk Privileged Threat Analytics. Solution Brief

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Developing a robust cyber security governance framework 16 April 2015

CYBERSECURITY SLAs: MANANGING REQUIREMENTS AT ARM S LENGTH

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

CYBERBOK Cyber Crime Security Essential Body of Knowledge: A Competency and Functional Framework for Cyber Crime Management

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

Consolidated Audit Program (CAP) A multi-compliance approach

Cybersecurity and internal audit. August 15, 2014

Report on CAP Cybersecurity November 5, 2015

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

InfoSec Academy Pen Testing & Hacking Track

IT AUDIT WHO WE ARE. Current Trends and Top Risks of /9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

OCIE Technology Controls Program

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

National Railroad Passenger Corp. (AMTRAK) Session 1 Threats and Constraints. Continuous. - Continuous Monitoring. - Continuous Assessment

How To Fix A Broken Server At A Major Corporation

Italy. EY s Global Information Security Survey 2013

HP Cyber Security Control Cyber Insight & Defence

developing your potential Cyber Security Training

Enhancing NASA Cyber Security Awareness From the C-Suite to the End-User

KLC Consulting, Inc. All Rights Reserved. 1 THIRD PARTY (VENDOR) SECURITY RISK MANAGEMENT

Defining the Gap: The Cybersecurity Governance Study

The Next Generation of Security Leaders

Incident Response. Proactive Incident Management. Sean Curran Director

Enterprise Cybersecurity: Building an Effective Defense

Developing a Mature Security Operations Center

Professional Services Overview

OCIE CYBERSECURITY INITIATIVE

Logging In: Auditing Cybersecurity in an Unsecure World

(BDT) BDT/POL/CYB/Circular

State of South Carolina InfoSec and Privacy Career Path Model

THE CYBERSECURITY SKILL GAP: WHAT EMPLOYERS WANT YOU TO KNOW

ACE European Risk Briefing 2012

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.

A Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014

Top 10 Baseline Cybersecurity Controls Banks Aren't Doing

Smart Security. Smart Compliance.

Address C-level Cybersecurity issues to enable and secure Digital transformation

Secure360. Measuring the Maturity of your Information Security Program Impossible? Presented by: Mark Carney, VP of Strategic Services

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

CESG Certification of Cyber Security Training Courses

Transcription:

North Texas ISSA CISO Roundtable Roundtable Topic Threat Against Our Well Being The Most Effective Methods in Combating and Responding to the Cyber Attack Event Sponsor Moderator and Panelists David Stanton (Moderator) ISSA Executive Forums Director Chris Ray (Panelist) CISO, Epsilon Parrish Gunnels (Panelist) CISO, Invitation Homes Ron Mehring (Panelist) CISO, Texas Health Resources Objective This ISSA Executive Roundtable will discuss various topics relevant to current threats against our Nation, our industries, our businesses, our customers, and us as individuals. This session will include topics around phishing / malware, emerging security strategies and standards, offshoring / third party risk management, incident responses around cloud technologies, personal privacy, and counter response tactics. 1

CISO Roundtable Agenda and Topics Chapter Announcements (5 10 minutes) Roundtable Introductions (5 10 minutes) Topics (80 minutes) o Current cyber threats against our organizations (Anthem, Sony, Target, Home Depot, etc.) o Various methods for reducing exposure to these threats o Attacks against us as individuals o Protecting and tracking sensitive data o Emerging technologies demanded by the business (BYOD, Cloud Services, etc.) Questions from the Audience (5 10 minutes) Closing and Drawings 2

About Me David Stanton, ISSA Executive Forum Director, Security & Privacy Director at Protiviti, and regularly acting in senior security roles for various clients (Moderator) David has more than 16 years of IT and IT Security consulting experience and received a BBA in Managerial Information Systems from Baylor University. He joined the Protiviti Dallas office in the IT Consulting practice focusing on Security and Privacy in 2013. Prior to Protiviti, David held the position of Data Protection and Privacy lead for a Fortune Global 500 consulting firm, acted as an interim Chief Information Security for a large entertainment company, and was previously Information Security Officer (ISO) for a top 5 US credit union. Currently, David is also the ISSA Executive Forums Director, is the senior security leader for a local Healthcare Provider, and regularly speaks to large audiences around top of mind security topics (including Cloud Security, Third Party Risk Management Forensics / Incident Handling, and Cyber Threats). David Stanton Director, Security and Privacy Dallas, TX Phone: +1.214.850.7051 david.stanton@protiviti.com Powerful Insights. Proven Delivery. 3

Protiviti Who we are Risk Consulting & Advisory Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk, and internal audit. Through our network of more than 70 offices in over 20 countries, we have served more than 35 percent of FORTUNE 1000 and Global 500 companies. We also work with smaller, growing companies, large multi-national corporations, as well as with educational institutions and government agencies. We help clients improve performance and manage risks. We believe in combining business insight and entrepreneurial spirit with experience and pragmatism. Now more than ever, this combination is essential for growing value whilst retaining control. IT Security Managing the Business of IT Managing Applications Forecasting & Business Planning IT Consulting Business and Finance Operations Improvement Finance & Performance e Governance, Risk & Audit Restructuring & Financing Integrated Performance & Risk Management Strategic and Operational Risk Regulatory Compliance Program and Project Management Internal Audit Sourcing & Consulting Embedded Internal Control 4

5 Protiviti IT Consulting Offerings at a Glance

What are Cyber Attacks? Cyber Attacks describes the recent surge of internet sourced attacks focusing on effecting business operations, causing reputation harm, degrading ecommerce, stealing digital assets, and espionage against foreign entities. Usually these attack motivators are driven by financial, political, reputational, and personal interests in creating physical or logical harm. Rule of Thumb What is important to you or to your company is likely of value to and target of someone else. 6

The Story of the Attack Initial Compromise Establish Foothold Escalate Privileges Move Laterally Maintain Presence Complete Mission 7

Who did they get and how? Who are the victims? Larger Organizations 25% Financial Institutions 34% Retail Environments 11% Information and Professional Services Firms 8% Manufacturing, Transportation, and Utilities 11% 0% 5% 10% 15% 20% 25% 30% 35% 40% How the breaches occur? Error 2% Hacking Malware Physical Attacks Social Tactics Priviledged Misuse and Abuse 13% 11% 31% 55% 88% 0% 20% 40% 60% 80% 100% 8 Source: 2014 Verizon Data Breach Investigations Report, State of Cybersecurity: Implications for 2015

Who is after us and Why? Who is the attacker? Outsiders 90% State-affiliated Actors Insiders Multiple Parties Business Partners 18% 13% 7% 1% 100% 80% 60% 40% 20% 0% -20% 0% 20% 40% 60% 80% 100% What is the trends of attacker? 98% 86% 92% 95% 78% 72% 48% 39% 12% 14% 6% 6% 12% 2% 4% 1% 1% 2008 2009 2010 2011 2012 2013 External (Trend) Internal (Trend) Partner (Trend) 9 Source: 2014 Verizon Data Breach Investigations Report, State of Cybersecurity: Implications for 2015

How to Respond? Monitor Build capabilities that identify anomalies quickly and accurately. Establish a baseline. Awareness Protect Build a set of layers to protect infrastructure based upon risk. Monitor Resilient Build elastic and flexible capabilities that can compensate for each other and adapt to new threats. Resilient Protect Awareness Improve internal and external awareness around capabilities. Being smart about what you share externally. 10

About Our Panelists Parrish Gunnels, Sr. Director and CISO of Information Security at Invitation Homes Parrish has more than 16 years of IT experience in various functions such as business analysis, project management, development, policy and process creation, business continuity management, internal / external audit, risk management and information security. He joined Invitation Homes, a Blackstone company, in February of this year. His experience includes working in multiple industries including financial services, telecommunications, and chemical manufacturing. Over the past few years, he has been focused on developing information security programs and securing existing networks through risk analysis, control definition, and user experience. Parrish holds a Master s of Business Administration from Texas Christian University and certifications as a Professional Project Manager (PMP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), and Certified Information Systems Security Professional (CISSP). Chris Ray, SVP and CISO at Epsilon, Inc. Since November 2011 and as CISO of Epsilon, Chris oversees many facets of information security, including security operations, incident response, identity management and regulatory compliance. Prior to Epsilon, Chris was the CISO at Aflac Corporation for 7½ years and responsible for Information Security and Software Change Management. He also started and oversaw the first infosec department at Healthsouth Corporation. Finally, Chris served as an active duty United States Air Force (USAF) enlisted airman and then officer for 13 years with another 8 years in the active USAF Reserves. He retired in 2009 after 21 years of service. For over a decade, he worked at the Air Force Information Warfare Center conducting global cyber-warfare and cyber-terrorism exercises to provide government agencies information warfare tactics, techniques and procedures. Chris holds a BS in Computer Science from the University of Texas at Austin and a CISSP (Certified Information Systems Security Professional) certification as well as an ISSMP concentration in management. Ron Mehring, Sr. Director and CISO of Information Security at Texas Health Resources Ron Mehring serves as the chief information security officer / senior director, information security for Texas Health Resources, one of the largest faith-based, nonprofit health care delivery systems in the United States. At Texas health Resources, Ron leads IT GRC, security architecture, security operations, and the IT BC DR program. His current initiatives are focused on improving team performance, improving resiliency management, integrating a threat-management architecture that accounts for present and emerging threats, and maturing a technology risk management program that is aligned with the strategic goals of the organization. Ron holds an MBA in Risk Management from NYIT and is a Certified Information Systems Security Professional (CISSP). 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information