2016 - Cyber Security for the Public Sector
-
Upload
scott-geye-cissp-cisa -
Category
Documents
-
view
207 -
download
3
Transcript of 2016 - Cyber Security for the Public Sector
![Page 1: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/1.jpg)
Scott Geye, CISSP, CISA
Cyber Security for the Public Sector
![Page 2: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/2.jpg)
About Whitley Penn, LLP Why is Cybersecurity Important? 2015-2016 Breach Reports Vulnerabilities Exploits Malware Cybercrime Marketplaces Hacktivism Texas Cybersecurity Framework Cybersecurity Resources
1
Agenda
![Page 3: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/3.jpg)
Scott Geye – CISSP, CISA
Experience • Certified Information Systems Security Professional (CISSP)• Certified Information Systems Auditor (CISA)• 8 years of Information Technology experience focused on networking and information security• Served as an Information Security Analyst for a large university• Participated in the execution of SOC 1 and SOC 2 engagements• Participated in in the execution of SOX 404 engagements and implementations• Performed IT engagements in multiple industries, including technology, manufacturing, public sector, oil and gas,
and healthcare• Advised clients regarding process and control improvement to minimize risk• Provided guidance to clients regarding system evaluation and implementation• Perform IT Risk Assessments and Security Audits
EDUCATIONMasters in Information Technology Service ManagementUniversity of Dallas Bachelors in Management Information Systems (MIS) University of Texas at Arlington
Bio
2
![Page 4: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/4.jpg)
Service Areas:– IT Audits and Consulting – Internal Control and Compliance Reviews– IT and Business Risk Assessments – Internal Audit Services– Vulnerability Assessments and Network Penetration Testing– Business Process Improvement– Enterprise Risk Management Implementation and
Maintenance
3
Whitley Penn, LLP – Risk Advisory Services
![Page 5: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/5.jpg)
Why is Cyber Security Important?
4
![Page 6: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/6.jpg)
The unauthorized access, acquisition, use, or disclosure of sensitive information.
What is a Breach?
5
![Page 7: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/7.jpg)
There are numerous definitions, but most include data “that allow the identification of a person directly or indirectly” or similar language.
Definition of Personal Data
6
![Page 8: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/8.jpg)
2015-2016Information Security Reports
7
![Page 9: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/9.jpg)
Theme #1: The year of collateral damage
Theme #2: Overreaching regulations push research underground
Theme #3: Moving from point fixes to broad impact solutions
Theme #4: Political pressures attempt to decouple privacy and security efforts
Theme #5: The industry didn’t learn anything about patching in 2015
Theme #6: Attackers have shifted their efforts to directly attack applications
Theme #7: The monetization of malware
2015 Themes
HP Enterprise – 2016 Cyber Risk Report8
![Page 10: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/10.jpg)
Breaches By Industry
Verizon – 2016 Data Breach Digest9
![Page 11: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/11.jpg)
Breaches by Environment
2016 Trustwave Global Security Report10
![Page 12: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/12.jpg)
Types of Data Breached
2016 Trustwave Global Security Report11
![Page 13: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/13.jpg)
Method of Compromise
2016 Trustwave Global Security Report12
![Page 14: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/14.jpg)
Method of Detection
2016 Trustwave Global Security Report13
![Page 15: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/15.jpg)
Duration: Intrusion -> Detection -> Containment
2016 Trustwave Global Security Report14
![Page 16: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/16.jpg)
Vulnerabilities
15
![Page 17: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/17.jpg)
16
![Page 18: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/18.jpg)
Top Platforms by Vulnerabilities
HP Enterprise – 2016 Cyber Risk Report17
![Page 19: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/19.jpg)
Vulnerability Marketplace
HP Enterprise – 2016 Cyber Risk Report18
![Page 20: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/20.jpg)
Vulnerability Marketplace
HP Enterprise – 2016 Cyber Risk Report19
![Page 21: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/21.jpg)
Vulnerability Marketplace
HP Enterprise – 2016 Cyber Risk Report20
![Page 22: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/22.jpg)
Exploits
21
![Page 23: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/23.jpg)
2015 – New Exploits
HP Enterprise – 2016 Cyber Risk Report22
![Page 24: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/24.jpg)
2015 – Old Exploits
HP Enterprise – 2016 Cyber Risk Report23
![Page 25: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/25.jpg)
New Exploits by Platform
HP Enterprise – 2016 Cyber Risk Report24
![Page 26: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/26.jpg)
New Exploits by File Type
HP Enterprise – 2016 Cyber Risk Report25
![Page 27: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/27.jpg)
Abusing API Calls
HP Enterprise – 2016 Cyber Risk Report26
![Page 28: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/28.jpg)
Abusing API Calls
HP Enterprise – 2016 Cyber Risk Report27
![Page 29: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/29.jpg)
Malware
28
![Page 30: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/30.jpg)
Growth in Malware
HP Enterprise – 2016 Cyber Risk Report29
![Page 31: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/31.jpg)
Growth in Malware
HP Enterprise – 2016 Cyber Risk Report30
![Page 32: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/32.jpg)
Reporting to Executives
Ponemon Institute – State of Malware Detection & Prevention31
![Page 33: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/33.jpg)
Cybercrime Marketplace
32
![Page 34: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/34.jpg)
Cybercrime Marketplace
33 Dell SecureWorks – 2016 Underground Hacker Markets
![Page 35: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/35.jpg)
Cybercrime Marketplace
34 Dell SecureWorks – 2016 Underground Hacker Markets
![Page 36: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/36.jpg)
Cybercrime Marketplace
Dell SecureWorks – 2016 Underground Hacker Markets35
![Page 37: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/37.jpg)
Cybercrime Marketplace
Dell SecureWorks – 2016 Underground Hacker Markets36
![Page 38: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/38.jpg)
Cybercrime Marketplace
37
![Page 39: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/39.jpg)
Cybercrime Marketplace
Dell SecureWorks – 2016 Underground Hacker Markets38
![Page 40: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/40.jpg)
Hacktivism
39
![Page 41: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/41.jpg)
Hacktivism
40
Who is Anonymous?
![Page 42: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/42.jpg)
Hacktivism (continued)
41
• City of Denver – Website shutdown after police shooting on 4/12/2016. Members of New World Hackers (NWH), a division of Anonymous, launched a Distributed Denial of Service (DDoS) attack against the City’s website. This attack took the City’s website down for the day.
• Cincinnati and Miami Police Departments – Members of these Departments were “Doxed” by Anonymous, and personal details were leaked online.
Security Newspaper – Anonymous Shuts Down City of Denver Website….
![Page 43: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/43.jpg)
Hacktivism (continued)
Identity Theft Resource Center42
Missouri Sheriff’s Association
In retaliation to the arrest of members of the group Anonymous, hackers breached the association’s website and released personal information on 7,000 officers. 76 other law enforcement agencies were also targeted in the attack.
![Page 44: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/44.jpg)
Texas Cybersecurity Framework
43
![Page 45: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/45.jpg)
Texas Cybersecurity Framework
Texas Cyber Security Framework44
Identify– Privacy and Confidentiality– Data Classification– Critical Information Asset Inventory– Enterprise Security Policy, Standards and Guidelines– Control Oversight and Safeguard Assurance– Information Security Risk Management– Security Oversight and Governance– Security Compliance and Regulatory Requirements Management– Cloud Usage and Security– Security Assessment and Authorization / Technology Risk Assessments– External Vendors and Third Party Providers
http://www.dir.state.tx.us/security/policy/Pages/framework.aspx
![Page 46: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/46.jpg)
Texas Cybersecurity Framework (continued)
Texas Cyber Security Framework45
Protect– Enterprise Architecture, Roadmap & Emerging Technology– Secure System Services, Acquisition and Development – Security Awareness and Training– Privacy Awareness and Training– Cryptography– Secure Configuration Management– Change Management– Contingency Planning– Media– Physical Environmental Protection– Personnel Security
– Third-Party Personnel Security
– System Configuration Hardening & Patch Management– Access Control– Account Management– Security Systems Management– Network Access and Perimeter Controls– Internet Content Filtering– Data Loss Prevention– Identification & Authentication – Spam Filtering– Portable & Remote Computing– System Communications Protection
![Page 47: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/47.jpg)
Texas Cybersecurity Framework (continued)
Texas Cyber Security Framework46
Detect– Malware Protection– Vulnerability Assessment – Security Monitoring and Event Analysis
Respond– Cyber-Security Incident Response– Privacy Incident Response
Recover– Disaster Recovery Procedures
![Page 48: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/48.jpg)
Cybersecurity Resources
47
![Page 49: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/49.jpg)
Resources for Local Governments
Cyber Guide for Counties48
Critical Infrastructure Partnership Advisory Council (CIPAC)
“A partnership between government and critical infrastructure owners and operators, which provides a forum to engage in a broad spectrum of critical infrastructure protection activities, like the Cross-Sector Cybersecurity Working Group”
http://www.dhs.gov/critical-infrastructure-partnership-advisory-council
![Page 50: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/50.jpg)
Resources for Local Governments (continued)
Cyber Guide for Counties49
Information Technology Government Coordinating Council (IT-GCC)
“Brings together diverse federal, state, local, and tribal interests to identify and develop collaborative strategies that advance IT critical infrastructure protection. The IT-GCC serves as a counterpart to the IT Sector Coordinating Council (IT-SCC)”
http://www.dhs.gov/critical-infrastructure-sector-partnerships
![Page 51: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/51.jpg)
Resources for Local Governments (continued)
Cyber Guide for Counties50
Multi-State Information Sharing and Analysis Center (MS-ISAC)
“A division of the not-for-profit Center for Internet Security, is a collaborative effort based on a strong partnership with the Department of Homeland Security (DHS) and State, Local, Tribal, and Territorial (SLTT) Cybersecurity Engagement program. The MS-ISAC has been designated by DHS as the key resource for cyber threat prevention, protection, response, and recovery for the Nations SLTT governments. Through its state-of-the-art 24/7 Security Operations Center, the MS-ISAC serves as a central resource for situational awareness and incident response for SLTT governments, at no cost to its members.”
http://msisac.cisecurity.org/
If you would like to leverage the MS-ISAC for malware analysis, computer forensics, network forensics, incident response, or onsite response, contact the 7x24 Security Operations Center at 1-866-787-4722 or [email protected]
![Page 52: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/52.jpg)
Resources for Local Governments (continued)
Cyber Guide for Counties51
Cyber Resilience Review
“Provided by DHS to SLTT governments as a free service and involves a one-day, onsite interview that examines the overall practice, integration and health of an organization’s cybersecurity program.”
https://www.us-cert.gov/ccubedvp/self-service-crr
![Page 53: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/53.jpg)
Resources for Local Governments (continued)
Cyber Guide for Counties52
Exercises
“Directly supports state, local, tribal, and territorial cyber exercise, design, development, and execution. Cyber exercises familiarize SLTT cyber stakeholders with the roles, responsibilities, policies, plans, and procedures related to cyber incidents.”
![Page 54: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/54.jpg)
Resources for Local Governments (continued)
Cyber Guide for Counties53
National Cybersecurity Communications Integration Center (NCCIC)
“A 24x7 cyber monitoring, analysis, incident response, and management center that is the national nexus of cyber and communications incident integration for the federal domain, intelligence networks, law enforcement, the private sector, State, local, tribal, and territorial governments, and international partners.”
https://www.us-cert.gov/nccic
![Page 55: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/55.jpg)
Resources for Local Governments (continued)
Cyber Guide for Counties54
United States Computer Emergency Readiness Team (US-CERT)
“Brings advanced network and digital media analysis expertise to bear on malicious activity targeting our nations networks. US-CERT develops timely and actionable information for distribution to federal departments and agencies, state and local governments, private sector organizations, and international partners. In addition, US-CERT operates the National Cybersecurity Protection System (NCPS), which provides intrusion detection and prevention capabilities to covered federal departments and agencies. The US-CERT’s National Cyber Alert System (NCAS) delivers timely and actionable information and threat productions including alerts, bulletins and tips.”
https://www.us-cert.gov/
![Page 56: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/56.jpg)
Resources for Local Governments (continued)
Cyber Guide for Counties55
Trusted Purchasing Alliance
“Designed to drive down the price of security products by combining state and local government purchases into bulk buys. The alliance works with public agencies to pinpoint the areas of greatest need, and then negotiates with vendors for discounted pricing. Product choices are vetted by a review board stocked with analysts and security experts.”
http://alliance.cisecurity.org/
![Page 57: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/57.jpg)
Resources for Local Governments (continued)
NIST Special Publication 800 Series56
NIST Special Publications (SP):
NIST SP 800 series - Computer Security (December 1990-present):NIST's primary mode of publishing computer/cyber/information security guidelines, recommendations and reference materials.
• This framework can provide the “meat” for the Texas Cybersecurity Framework
![Page 58: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/58.jpg)
Questions
![Page 59: 2016 - Cyber Security for the Public Sector](https://reader035.fdocuments.in/reader035/viewer/2022062820/58a843fc1a28ab30658b66cd/html5/thumbnails/59.jpg)
References
• HP Enterprise – 2016 Cyber Risk Report• 2016 Trustwave Global Security Report• Verizon 2016 Data Breach Digest• Ponemon Institute – State of Malware Detection & Prevention• Dell SecureWorks – 2016 Underground Hacker Markets• Security Newspaper – Anonymous Shuts Down City of Denver Website After Another
Fatal Police Shooting• Identity Theft Research Center• Texas Cybersecurity Framework• National Association of Counties (“NACo”) Cyber Guide for Counties• National Institute of Standards and Technology (NIST) Special Publication 800 Series