Cybersecurity for Startups Workshop · Workshop Mike Johnson Renier Chair/Director of Graduate...

Copyright©2017Nopartofthispresentationmaybereproducedinanyformwithoutpriorauthorization.

CybersecurityforStartupsWorkshop

MikeJohnsonRenier Chair/DirectorofGraduateStudies,SecurityTechnologies

TechnologicalLeadershipInstituteTheUniversityofMinnesota

March6th,2018


• Master of Science in Security Technologies (MSST) Director of Graduate

Studies and Senior Fellow, UMN Technological Leadership Institute

• Honeywell James J. Renier endowed chair in Security Technologies

• TLI Faculty – Cyber Security and Cyber Risk Management

• 26+ Years security and risk management experience

• Chief Information Security Officer/Operations Risk Director – Bremer Bank

• IT Director & Compliance Officer – Dean Financial Services

• FDIC Bank Examiner

• MSST Class of 2011

Mike JohnsonDirector of Graduate Studies & Honeywell/James J. Renier Chair

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

:(,$.2*%2'%G'6,%H,<.)"I.2"')!"#$%$&'%$&()*&+,-./&*0&1*23'-,$/4&(#*/$&(#'(&#'5$&6$$-&#'1+$.&'-.&(#*/$&(#'(&.*-7(&+-*)&(#$875$&6$$-&#'1+$.9:&&&'()%-(.JK$,*8%3',J$,%-LH%'3%-"*1'%M.)5%'2($,*N

!"#$%&#'()*+',)$'-./'+)'(0#%1'23'%,+#$'+4#5$'62*51#**#*'4%"#'6##1'4%(7#89'!"#$%$$$&,)$'*:%00'%18')"#$';<':5005)1',)$':58=*5>#8'62*51#**?''''''''''''''''''''''''''

'()&*+,-./0

@)1#:)1'A1*+5+2+#

OPQ%R$,$%.<.")*2%*J.;;%K6*")$**$*%R"2(%;$**%2(.)%CSD R',#$,*1234560/


1 – Cisco 2017 Cybersecurity Report2 – Antiphishing Working Group3 - Imperva 2016 Bot Traffic Report4 – Privacy Rights Clearing House

• Over 50% of organizations faced public scrutiny after a breach1

• 22% of breached organization lost customers, 40% lost more than one-fifth of their customer base1

• 29% of organizations lost revenue – 38% losing more than 1/5th 1

• Over 4.8 billion personal data records exposed in 20164

• Every third website visitor on the internet is a bad bot3

• 27% of employee introduced cloud apps were high-risk1

• In 2016, the world connected 5.5 million new things to the internet daily, and 8.4B devices were in use 2017 according to Gartner

• Phishing grew 250% in 20162, SPAM is now 2/3 of all email1

• 58% of breaches caused by internal incidents or with a business partner’s organization (Forrestor Research).

Sobering Cyber Statistics

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

>57&[email protected]:898680=

A66B=CDDB4;0=E.8=F:4=07=0/@.862E/-3DA@:[email protected]:89862LI$O@8/F?80PLI$H0B-.6EB7G

2018 Annual Cybersecurity Report2018 Annual Cybersecurity Report

H8=F&(4=07&10/@.862&?@95Q(

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

<2:0.&H4607&>&R-B&S9-:49&N/-5-38/&H8=F

I$JK&T-.97&N/-5-38/&,-.@3&S9-:49&H0B-.6

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

T22.1#$,%!'2"A.2"')*

4++3_WWZZZ?4%(7:%&#88)1?():WDE<VWE<WENW8#(#:6#$=DE<F=(G6#$=%++%(7*=*+%+5*+5(*W

Technological Leadership Institute

Motivations Behind Attacks December 2017

.. U:-JIVERSITY OF MINNESOTA

.-ai. Driven to Discover

• Cyber Crime

• Cyber Espionage

• Hackt ivism

• Cyber Warfare

hackmageddon.com

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

1A8G685;&>664/F0.&S-49=

A66B=CDDPPPE83B0.U4E/-3D:9-;DI$JVD$ID50P+.0=04./A+/.2B6-+38585;+7.8U0=+493-=6+#$+.03-60+/-70+0W0/@68-5+4664/F=D

2018 Annual Cybersecurity Report2018 Annual Cybersecurity Report

'3B0.U4E/-3

2018 Annual Cybersecurity Report

10B603:0.&I$JK Q0/03:0.&I$JK

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

l\Vha Happ n d o My Comput r? !Your impor ant files are encrypted. IM y of your documents, photos, vid os. d t b s s doh r f ~ I ccessibl bee use they h ve been encrypted M ybe you .recov r your files, but do not waste your tim . Nobody c lour ecryptlon 1 rvlca.

1 an I R ov r My Fil s? I 1sure. We gu tee th t you c recov r 1 your files s ely d sDy. But you h ve

1

not so enough time.

I

You c decrypt some of your files for fr e. Try now by cl ck <D cryp·>.

1

But if you w t to decrypt all your files, you n d op y. 1You only h v 3 d ys to subml the p ymen . Af r h t h pr.c w 1 b doubt . Also, if you don't p y ln 7 d ys, you won't be ble to recover your fil s for v r . We wm h ve free events for users who are so poor h t they couldn' p y fn 6 months.

How Do I Pay? Payment is accepted in Bitcoin only. For more informa ion. click <Abou bi coin>. t•ease check the current price of Bitcoin and buy some bi cofns. For more information, click <How to buy bi coins>. IAnd send the correct amount to the address specified in his windo IAfter your payment, click <Cleek Payment>. Bes time to check: 9:00am - 11:00am n •"" C---.. l'«--...l--... .L- r _.:..J---

it • n ACWTED HERE.

Send $300 worth of bitcoin to this address:

_1_1_sp_1_u_M_M~ng_o_j_1p_M_v_k_p_H_ij_cR_d_r._J_N_x~_·_L_~_"~~~--•

Check f ayment Qecrypt


• 638millionattacksin2016(167timesmorethan2015)• $5Billioninransom&impactestimatedgloballyin2017• Criminalsadaptingtheirservices• SocialEngineering– callingaschooltoobtainteacheremails• Gettingcreativewithdistribution– infectyourfriendsandget

yourfilesdecryptedforfree• Learningbusinessprocesses– sending“resume”attachmentsto

theHRdepartment• Ransomwareasaservice– for30%commission• Othercriminaloutsourcingfrominfectiontohelpdesk• $400pointandclickransomwaresystems

Ransomware,AnEqualOpportunityMenace

Source: CSO.COM


• HollywoodPresbyterianHospital– Offlinemorethanaweek,requiredredirectingpatients– Paid$17,000inBitCointorestorefiles(anditworked,thistime…)

• WannaCry– AyearafterHollywoodPresbyterian,UKNHSdramaticallyimpactedby

ransomware– AllegedlysourcedfromstolenNSAhackingtools

• NOT-Petya– Maskingattacker’srealmotives?Nodecryptionkeys– TargetingUkraineentities– Impactedmanyothers– Maersk,Merck,DeutschePost

Ransomware,AnEqualOpportunityMenace

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

+.)*'JR.,$%+$R")5H0/08U07&:2&4&Y8ZZ4&[email protected]&85&6A0&3489

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

,.4@7&457&<2:0.&<.830P !1G6)8G'Z5+4'%1'%(()21+P -#18')$'$#(#5"#'3%G:#1+*P /2*51#**'Y:%50'():3$):5*#'71)Z*'1)'6)218%$5#*

P Y:%50'+%7#)"#$'$#*20+51&'51'21%2+4)$5>#8'3%G:#1+*P ;K/'0)**#*'*51(#'DE<K'`'DDTEEEa'"5(+5:*P <TKEES'51($#%*#'*51(#'DE<R


• Use social media and published information to identify targets and key players

• Figure out process and possible partners• Takeover or spoof email addresses

• Urgent directive from senior management• Spear Phishing/Whaling• Your clients and employees could be targeted

directly by data thieves as well

Fraud and Cyber Crime

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

]$):'%'$#(#1+'*2$"#G'%18'+#*+'),'():32+#$'#:%50'2*#$*P Q"#$'LVS'),'$#*3)18#1+*'Z#$#'+$5(7#8'6G'#:%50*'+4%+'0))7#8'057#'+4#G'Z#$#',$):'%'()Z)$7#$?

P .#**%&#*',$):'*)(5%0':#85%'():3%15#*'Z5+4'+4#'34$%*#T'de58'G)2'*##'+45*'35('),'G)29'fQfg',))0#8'1#%$0G'L<S'),'3%$+5(53%1+*?

P ]#Z#$'+4%1'KS'),'$#*3)18#1+*',#00',)$'%1'#:%50'(0%5:51&'+4#G'Z)1'%'65&'(%*4'3$5>#',$):'%'*),+'8$517'():3%1G?

10/@.862&>P4.050==&R.48585;&8=&=6899&/.868/49%&:@6&/45[6&:0&6A0&-592&/-56.-9

T)'2($,%=''#%.2%V("*(")<

1-@./0C&<1XE<X)

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

1-@./0C&<1XE<X)

T)'2($,%=''#%.2%V("*(")<


0

r

J

Rep n rd

2 2

J s • ch

r eu g B)

schedu e or our me t n omorro\;v. m OU bl .

.... UN IVERS ITY OF )A INNESOTA

.... Driven to Discover


We aren’t a bank or a hospital, so our data is worthless, or “We’re too small”

• Intellectual Property– Your ideas and products– Business plans and strategy

• Payment/transaction and other data– Customers & Suppliers

• Do you have employees?– Employee bank account and health information– Information is monetized – Dark Web marketplace

• Computing systems/hardware• Do you have accounts at financial institutions?

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

W.;6$%'3%LJ.";%T11'6)2

h$#6*Q1-#(2$5+G?():

Your messages, calendar

Your Google/Skype Chats

Your photos

Call records (+mobile acct)

Your Location (+mobile/itunes)

Privacy

Facebook, Twitter, Tumbler

Macys, Amazon, Walmart

iTunes, Skype, Bestbuy Retail Resale

Spotify, Hulu+, Netflix

Origin, Steam, Crossfire

Bank accounts

Email Acct. Ransom

Change of Billing

Cyberheist Lure

Financial


.... U:"lllVERSITY OF MINNESOTA

..-ai. Driven to Discover

Hacked Email/

Spam

Commercial Email

Phishing, Malware

Stranded Abroad Scam

Face book, Twitter Spam

Email Signature Spam

Harvesting

Email, Chat contacts

File hosting accounts

Google Docs, MS Drive

Employment

Dropbox, Box.com

Software License Keys

Forwarded Works Docs

Forwarded Work Email

Fedex, UPS, Pitney Bowes Acct

Salesforce, ADP Accounts

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

W.;6$%'3%.)%H,<.)"I.2"')X*%T**$2*/0.2.

h$#6*Q1-#(2$5+G?():

Trade Secrets

R&D Data

Customer Lists

Strategic Plans

Intellectual Property

Desktops/Servers

Backups/Disaster Recovery

Telecom EquipmenWOIP

Offices/Industrial Buildings

Email Access (BECIPhishing)

Partner Bank Info

Paths to Compromise

Network Credentials

Physical

Partners

Hacked Company


.... U:'llIVERS ITY OF MINNESOTA

.-a.. Driven to Discover ·

HR Data

Insurance numbers

Employee W2ff ax info

Salary data

Disability information

Financials

Credit Card Data

Employee Bank Info

Corporate Bank Info

Quarterly Earnings

Virtual

Cloud Services

3rd Party Content

Software Licenses

Web sites

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

P >&50P&3498/8-@=&P0:&=860&B-B=&@B&0U0.2&^&=0/-57=

P Q00BP0:&_&/-56056&6A46&8=5[6&8570W07

P Q4.FP0:&_&6A0&:4/F&49902&-G&6A0&8560.506

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

:($%0.,#R$K%.)5%H2($,%71.,9%72',"$*


And Cyber Crime Too?• Botnets, Workstations and IoT• Criminal infrastructure – crime as a service, help desk, DDOS


Cloud,BigData,&ThirdPartyServices• Cloud - SAAS, IAAS, PAAS, etc.

• AWS and other hosts• Products like Salesforce, Workday, LogMeIn, Dropb

• Big Data – are you increasing your data collection?• Increased data = increased security requirements

• Having multiple cloud products increases complexity and creates a larger attack surface

• Do you use other third party services?• Do you provide services to other companies?• Do you use new and emerging technologies?

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

-6,,$)2%72.2$%-9K$,*$16,"29%:(,$.2*


RealRisksFromtheInternetofThingsIoT hacksthathittheheadlines

•2011:Hackertakeswirelesscontrolofinsulinpumps.•2014:Hackerscommandeerhundredsofwebcamsandbabymonitors.•2015:ResearchersremotelytakeoverandcrashCherokeejeep.•2015:Planeflightcontrolshackedviain-flightentertainmentsystem.•2016:Smartthermostatshackedtohostransomware.•2016:Majorinternetoutage- DYNattackfromIoT Botnet•2017:Swisshotelkeycard/doorlockscompromised•2017:St.Juderecalls465,000”hackable”pacemakers

Anyorganizationwithfinancial,identity,orhealthinformationorservicesisatargetforIoT,IP,PHI,andotherhighvalueassets


InsiderThreats• A problem for all organizations

• Departing employees - Disgruntled staff - Too much to do

• San Francisco IT Admin changed all the passwords• Not always malicious intent – architecture &

management issues• BYOD/Mobile, consumer class cloud services• Free Apps & Downloads (legitimate source? reviewed?) • A compromised admin or system is now an insider threat• Accenture survey – 69% of CISOs report attempted/

successful data theft by insiders• IBM X-Force reports 68% of 2016 attacks in healthcare

were attributed to insiders


InsiderThreats• Employee errors/accidents

• Responding to phishing request• Mistyping an email address• Loosing a USB drive – Finding a USB drive• Unwise “collaboration”

• Negligence• Circumventing controls that “impede” their job• Systems management shortcuts• Using consumer grade technology or shadow IT

• Intentional malicious acts• Disgruntled employee actions• Selling your data for their profit


MoreSecurityProblemstoConsider• Your employees are also consumers

– Targets both for their personal assets and work access/assets– Overshare, potentially under trained, re-use passwords, ? Cyber behaviors– A new malicious web site sprouts every 3 seconds – shop at work, etc.– Work email, personal email(s), social media accounts – all have value

• What about devices you don’t think about, like printers?– 56% of organizations don’t include printers in security policy and program– On network, accessible via wi-fi and open ports, located in open areas– Many contain storage drives (all multi-function and many network printers)– What about secure disposal?

• Do you provide Wi-Fi for employees? Visitors?– Can be trivial to penetrate even a reasonably well configured wi-fi network– Mobile devices are rife with potential vulnerabilities and malware


ThirdPartyRisks/CyberSupplyChain

• 63% of all data breaches linked directly or indirectly to third party access • Increased reliance on service providers (& cloud)

• Cost savings• Skills gaps• Competitive advantage

• Other supply chain risks include product sourcing• Android phones from 36 brand name

manufactures found with malware preinstalled• Low-cost phones on eBay and Amazon infected• Many previous examples of other devices as well

Soha Systems survey


QuestionsForYourServiceProvider

• Whoisresponsibleforsecurityatthevendor?

• Whatdoyoudotosecuretheenvironmentwheremydata/applications/systemsare?

• Doyouhaveasecurityauditand/orpenetrationtestfromathirdparty?

• Howdoyoufixidentifiedissues

• Howdoyouconductongoingmonitoringactivities

• WhatsecurityactivitiesareyouresponsibleforandwhatamIresponsiblefor?


QuestionsForYourServiceProvider

Contracts:• Breachnotificationrequirement

• RighttoAudit

• Independentassessmentrequirement

• Requiredsecurityexpectations

• Whatwilltheypayforafteranincident

• EstablishNon-disclosureagreement

• Dataownershipandrighttorestrictmovement

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

<2:0.&10/@.862&a457=/4B0&b RA.046&H0B-.6=

T echnol ogi cal Leadership Institute

I

~~FireEye

LOOKING FORW

... UN I VERS ITY Or M I NNESOTA

.-a.. Driven to Discover -

2015

ictions McAfee Labs

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

[",$L9$/!.)5".)2%%] CDE^%!_:,$)5*%+$>',2

^4$*_%4583P ,-.?*M d5:%41348*3"#(&3)&:1)&"5P 01)&"5*K)1)43*158*2&515:&1B*1:)"%3*D_1:)&:3X*

_4:(5&Y943*158*W%":489%43*D__W3F*&58&3)&5'9&3(17B4

P d5:%41348*8&%4:)*)1%'4)&5'i3#41%*#(&3(&5'*l*#("54*3":&1B*45'&544%&5'

P O1:C*"2*34'%4'1)&"5*M mB1)*04);"%C3P W%&J&B4'4*L3:1B1)&"5P W4%3&3)45:4*)(%"9'(*45:%$#)&"5*158*

B4'&)&61)4*3&)43*("3)&5'*71:C*8""%3*158*!,!*34%J&:43

P K(16""5 61B;1%4*)1%'4)3*"&B*158*454%'$*:"6#15&43

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

!1T3$$%] :(,$.2%V,$5"12"')*%3',%CDE^`^4$*W%48&:)&"53

P R1%8;1%4*158*2&%6;1%4*)(%41)3*15*&5:%413&5'*)1%'4)*2"%*3"#(&3)&:1)48*1))1:C4%3*

P Pe%"54g1:C&5'Q*#B1:43*)(%41)3*&5*)(4*3C$*P a"7&B4*)(%41)3*)"*&5:B984*%153"6;1%4X*S\_3X*:"6#%"6&348*

1##*61%C4)3*P d"_ 61B;1%4*"#453*1*71:C8""%*&5)"*)(4*("64*P N1%)54%*43)&61)43*)(1)*7$*,-,-*6"%4*)(15*,ET*"2*1))1:C3*

&5*45)4%#%&343*;&BB*&5J"BJ4*d"_ 84J&:43=*P a1:(&54*B41%5&5'*1::4B4%1)43*3":&1B*45'&544%&5'*1))1:C3*P L3:1B1)&"5*"2*18*;1%3*7""3)3*61B;1%4*84B&J4%$*P R1:)&J&3)3 4k#"34*#%&J1:$*&33943*P _(%41)*&5)4BB&'45:4*3(1%&5'*61C43*'%41)*3)%&843*P !$74%*43#&"51'4f*&5893)%$*158*B1;*452"%:4645)*g"&5*2"%:43*P W($3&:1B*158*:$74%*34:9%&)$*&5893)%&43*g"&5*2"%:43

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

79J.)2$1%] ?)2$,)$2%7$16,"29%:(,$.2%+$>',2%CDE^> m%"6*1*81)17134*"2*AAXn--*%4:"%848*J9B54%17&B&)&43*D3#155&5'*6"%4*

)(15*);"*84:1843F*2%"6*,VXE?-*J458"%3*%4#%4345)&5'*"J4%*/AXn--*#%"89:)3

> [(&B4*18J15:48*1))1:C3*158*<4%"`81$*J9B54%17&B&)&43*1%4*1*61g"%*)(%41)X*:$74%*:%&6&51B3*:"5)&594*)"*934*3#41%*#(&3(&5'*158*:"66"5*)""B3*)"*7B458*&5*;&)(*5"%61B*)%122&:=

> d845)&2&48*1*)%458*&5*:$74%*43#&"51'4*74&5'*9348*)"*:1934*:(1"3X*8&3%9#)&"5X*8&3&52"%61)&"5o*158*&52B945:4*)(4*"9):"643*&5*)(4*4B4:)&"5*#%":43343X*84:&3&"5*61C&5'*158*61g"%*'"J4%5645)*84:&3&"53*&5*)(4*29)9%4=*\B3"*2"958*13*)(4*#"B&)&:1B*934*"2*:$74%`1))1:C3*'%";3X*51)&"5*3)1)43*1%4*#%4#1%&5'*)"*74*"5*)(4*"22453&J4*;(45*)1%'4)48=

P m&515:&1B*)(42)*'4))&5'*7&''4%*158*7"B84%X*6"J&5'*1;1$*2%"6*)(4*)%18&)&"51B*361BB*)&64*:%48&)*:1%8*)(42)*)"*)(4*&554%*;"%C&5'3*"2*)(4*2&515:&1B*&5893)%$=

P \))1:C4%3*:(15'&5'*)(4&%*)1:)&:3*)"*61C4*6"%4*934*"2*4k#4:)48*241)9%43*158*)""B3*158*1:)&J&)&43=

P d5:%41348*934*"2*:%&6&51B*"9)3"9%:&5'*34%J&:43X*158*d"_*13*7")(*1*)1%'4)*158*15*1))1:C*)""B

P L61&B*158*K#16*61C&5'*1*:"6471:C*13*#%&61%$*84B&J4%$*64:(15&36*2"%*C4$*1))1:C*1:)&J&)&43=

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

W$,"I')%_ CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2M4#'e/AH'5*'():3$5*#8'),'$#%0=Z)$08'8%+%'6$#%(4#*'%18'*#(2$5+G'51(58#1+*o#5+4#$'51"#*+5&%+#8'6G'n#$5>)1')$'3$)"58#8'6G'%'8%+%'()1+$562+)$'\LR'*)2$(#*^

P M#1+4'G#%$'),'+45*'&$)2186$#%751&'$#3)$+P Y*+%605*4#8'U'51(58#1+'(0%**5,5(%+5)1'3%++#$1*P M45*'G#%$'%88*'5182*+$G'"#$+5(%0'*3#(5,5('51,)$:%+5)1P f#"#$%&#*'nYHA-'= n)(%620%$G',)$'Y"#1+'H#()$851&'%18'A1(58#1+'-4%$51&T'%'*#+'),':#+$5(*'8#*5&1#8'+)'3$)"58#'%'()::)1'0%1&2%&#',)$'8#*($5651&'*#(2$5+G'51(58#1+*'51'%'*+$2(+2$#8'%18'$#3#%+%60#':%11#$?

P @$)"58#*')33)$+215+G'+)'%1%0G>#'+$#18*'%18'5**2#*'51'%&&$#&%+#?''

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

W$,"I')CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

W$,"I')CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2

R2B0&-G&>/6-.

R2B0&-G&>/68-5

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

W$,"I')CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2

)-68U468-5 Q8=/-U0.2

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

W$,"I')+$>',2

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

?-9@30&:2&

?0.68/49

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

W$,"I')+$>',2

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

W$,"I')CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

W$,"I')CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2

<-3B4.85;&>664/F=&:06P005&'57@=6.80=]51%1(5%0'-#$"5(#* .%12,%(+2$51& H#+%50

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

W$,"I')CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2

>;;.0;460&>664/F&'5G-.3468-5

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

W$,"I')CDE^%0.2.%Y,$.1(%?)A$*2"<.2"')*%+$>',2

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

<.830P4.0&>57&

N=B8-54;0&>5492=8=


OtherReportObservations– Paceincreases• Newzerodayrisks– partiallyfueledbyhackingdumps(Vault7,ShadowBrokers,etc.)

• Re-emergenceofworkingworms• Techgrowthincreasesattacksurface– IoT,AutonomousVehicles,Cloud/ThirdPartyRisk

• OutsourcedcriminalservicesandBitcoinfuelexpansionofinternationalcybercrime

• Hackingbynationstates• Politicalinfluence• Fundingnationalobjectives• Cyber-physicaltargetingofpoliticaladversaries

• Ransomwareasadiversion?

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

V')$J')CDE^%-'*2%'3%0.2.%Y,$.1(%72659

P C)*+'3#$'$#()$8'6$#%(4#8'51(028#*'()*+'),',)$#1*5('#X3#$+*T'($#85+':)15+)$51&T'(2*+):#$''4)+051#T',2+2$#'3$)82(+'85*()21+*T'51=4)2*#'51"#*+5&%+5)1*T'()::215(%+5)1*W1)+5,5(%+5)1*T'%18'()*+'),'0)*+'(2*+):#$*'\(42$1^

P A182*+$G'%18'()21+$G'30%G'%'65&'$)0#'51'()*+*P C):3%1G'%(+5"5+5#*'6#,)$#'%18'82$51&'%'6$#%(4'%0*)'5:3%(+'()*+*'B Yj25,%X9

P @)1#:)1'#*+5:%+#*'+4%+'DVS'),'3%$+5(53%1+*'()1+$562+51&'6$#%(4'51,)'Z500'#X3#$5#1(#'%1)+4#$'6$#%(4'51'D'G#%$*

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

V')$J')CDE^%-'*2%'3%0.2.%Y,$.1(%72659

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

V')$J')CDE^%-'*2%'3%0.2.%Y,$.1(%72659

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

CDE^%-'*2%'3%0.2.%Y,$.1(%72659

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

V')$J')CDE^%-'*2%'3%0.2.%Y,$.1(%72659

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

V')$J')CDE^%-'*2%'3%0.2.%Y,$.1(%72659

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

CDE^%-'*2%'3%0.2.%Y,$.1(%72659

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

V')$J')CDE^%-'*2%'3%0.2.%Y,$.1(%72659

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

V')$J')CDEB%-'*2%'3%-9K$,%-,"J$%72659

!"&?'C)*+'),'CG6#$'C$5:#'B @#$'Q$&%15>%+5)1

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

V')$J')CDEB%-'*2%'3%-9K$,%-,"J$%72659

C)*+'),'CG6#$'C$5:#'= !&&$#&%+#8

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

V')$J')CDEB%-'*2%'3%-9K$,%-,"J$%72659

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

V')$J')CDEB%-'*2%'3%-9K$,%-,"J$%72659


Ponemon2016CostofCyberCrimeStudy

Nine characteristics of innovative and cyber secure organizations.

1. Security posture. Overall, these organizations, prior to engaging in new business opportunities and changes in operations, assess potential security risks in order to improve their security posture. This includes the persistent use of security technologies such as advanced access management systems, extensive deployment of encryption technologiesand enterprise deployment of GRC tools.

2. Information management. Information loss is now the biggest financial impact of a cyber attack. Consequently, organizations with advanced backup and recovery were able to reduce the impact and ensure business continuity and data protection.



3. Information governance. These companies deploy advanced procedures for backup and recovery operations, share threat intelligence, collaborate with industry partners on security issues and integrate security operations with enterprise risk management activities.

4. Data protection. These organizations make investing in technologies and processes that reduce information loss a priority because they understand it is the most costly cyber attack to remediate. They are also shifting budget to the application and data layers rather than the network layers, to fortify the areas most vulnerable to information loss.

5. Application security. Prior to the launch of customer-facing applications, these organizations do not rush to release. They ensure the necessary security is built into the applications and vulnerabilities are addressed. These companies use several application security controls such as penetration testing, security patch management and dynamic and static scanning.



6. Detection and recovery. To reduce the time to determine the root cause of the attack and control the costs associated with a lengthy time to detect and contain the attack, these organizations are increasing their investment in technologies to help facilitate the detection process.

7. Third-party risk. These organizations are able to reduce the risk of taking on a significant new supplier or partner by conducting thorough audits and assessments of the third party’s data protection practices.

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

V')$J')CDE^%72.2$%'3%7!Y%-9K$,%7$16,"29%72659

P RUV'-./*'*2$"#G#8'P f#**'+4%1'<EE'+)'<TEEE'#:30)G##*P L<S'$#3)$+#8'%'(G6#$'%++%(7T'%18'RNS'$#3)$+#8'%'6$#%(4'),'(2*+):#$')$'#:30)G##'51,)$:%+5)1'51'+4#'0%*+'<D':)1+4*


Ponemon2017StateofSMBCyberSecurityStudy- Findings• CyberattacksaffectedmoreSMBsinthepast12months,anincreasefrom

55%to61%ofrespondents.Themostprevalentattacksagainstsmallerbusinessesarephishing/socialengineeringandweb-based(48%and43%ofrespondents,respectively).Morerespondentsinthisyear’sstudysaycyberattacksaremoretargeted,severeandsophisticated.

• TheriseofransomwareisaffectingSMBs.Inlastyear,onlytwopercentofrespondentsdescribedthecyberattackstheyexperiencedasransomware.Thisyear,52% ofrespondentssaytheircompaniesexperiencedaransomwareattackand53%oftheserespondentssaytheyhadmorethantworansomwareincidentsinthepast12months.79%percentofrespondentsaytheransomwarewasunleashedthroughaphishing/socialengineeringattack.


Ponemon2017StateofSMBCyberSecurityStudy- Findings• SMBsarehavingslightlymoredatabreachesinvolvingpersonalinformation

andthesizeofdatabreachesislarger.Inthepast12months,54%ofrespondentsreporttheyhadabreachinvolvingsensitiveinformationaboutcustomers,targetcustomersoremployees,anincreasefrom50%inlastyear’sstudy.Theaveragesizeofthebreachinvolved9,350individualrecords,anincreasefromanaverageof5,079records.

• Oftherespondentswhosaytheirorganizationhadadatabreach,54% saynegligentemployeesweretherootcauseofdata,anincreasefrom48%ofrespondentsinlastyear’sstudy.However,similartolastyear,almostone-thirdofcompaniesinthisresearchcouldnotdeterminetherootcause.

• Cyberattacksaremorecostly.TheaveragecostduetodamageortheftofITassetsandinfrastructureincreasedfrom$879,582to$1,027,053.Theaveragecostduetodisruptiontonormaloperationsincreasedfrom$955,429to$1,207,965.


Ponemon2017StateofSMBCyberSecurityStudy- Findings• Whileonly23%ofrespondentsreporttheirorganizationhadadatabreach

orsecurityincidentduetotheuseoftheInternetofThings(IoT),67%ofrespondentsareconcernedaboutthesecurityofIoTdevicesintheworkplace.Moreoveronly29%ofrespondentssaytheyhaveconfidenceintheirabilitytocontainorminimizetheriskofinsecureIoT.Infact,56%ofrespondentssayIoTandmobiledevicesarethemostvulnerableendpointtheirorganization’snetworksandenterprisesystems.

• Personnel,budgetandtechnologiescontinuetobeinsufficienttohaveastrongsecurityposture.Asaresult,somecompaniesengagemanagedsecurityserviceproviderstosupportanaverageof36%oftheirITsecurityoperations.TheservicesmostoftenusedaremonitoredormanagedfirewallsorintrusionpreventionsystemsandintrusiondetectionsystemsandsecuritygatewaysformessagingorWebtraffic.


SmallBusinessScams

• Directoryscams• Techsupportscams• 419/AdvancedFee• IRS• Check/Invoice/Billingscam• Overpayment• Ransomware


2016GlobalOccupationalFraud&AbuseStudy

• Thetypicalorganizationlosesanestimated5%ofannualrevenuesasaresultoffraud

• Themedianlosssufferedbysmallorganizations(thosewithfewerthan100employees)wasthesameasthatincurredbythelargestorganizations(thosewithmorethan10,000employees)

• Corruptionwasmoreprevalentinlargerorganizations,whilechecktampering,skimming,payroll,andcashlarcenyschemesweretwiceascommoninsmallorgs.

• Thelongerafraudlasted,thegreaterthefinancialdamage.Whilethemediandurationwas18months,lossesroseasdurationincreased.Attheextremeend,schemesthatlastedmorethanfiveyearscausedamedianlossof$850,000vs.overall$150,000loss.

• Thepresenceofanti-fraudcontrolswascorrelatedwithbothlowerfraudlossesandquickerdetection.Comparingorganizationsthathadspecificanti-fraudcontrolsinplaceagainstorganizationslackingthosecontrolsidentifiedthatwherecontrolswerepresent,fraudlosseswere14.3%–54%lowerandfraudsweredetected33.3%–50%morequickly.

Association of Certified Fraud Examiners http://www.acfe.com/rttn2016/about/executive-summary.aspx

Data collected from a survey of 41,788 CFEs reporting 2,410 fraud cases investigated the previous year.


FraudPreventionTips• ExternalActors

– Trainstafftobewaryofsocialengineeringandmakesuretheyunderstandtheimpactofasignificantfraudevent

– Establishcontrolsoverpaymentsystems• Implementtwo-factorauthenticationforonlinebanking• Requiresecondvalidationforwiretransfers&otherpayments• ConsiderusingacontrolledPCforonlinebankingactivity• Usechecksecurityfeatures/tools• MonitorchecksandACHusingtoolslikepositivepay• Takeadvantageofyourbank’sfraudtoolsorservices

– Implementastrongcybersecurityprogram

– Implementcontrolsforthirdpartyserviceproviders

– Reconcileaccountsregularlyandusebanktoolsandalertstokeeptabs


FraudPreventionTips

• Insiders– Followgoodhiringpractices:pre-hireduediligenceandbackground

checks

– Establishpoliciesandcodeofconduct,trainemployeesandholdthemaccountable

– Implementcontrolsoverpaymentsystems

• Segregationofduties

• Splitapprovals(oneusercreatespayment,seconduserapproves)

• Crosstrainandrotatehighriskjobs

• Controlsprotectboththecompanyandtheemployee


WhatDrivesSecurityEfforts?• Doing the ”Right Thing”• Protecting Organization Viability• Civil Liability• Director Liability• National Security• Federal Laws• International Laws• Regulators


Standards, Frameworks, and Best Practices?

• Different than regulations like HIPAA or GLBA• A Roadmap to improved security posture

Examples:• Payment Card Industry Data Security Standards (PCI

DSS)• CIS Top 20 Controls• NIST Cybersecurity Framework• NIST Small Business Cybersecurity Guidance


CIS/SANS/NIST Top20

20) Penetration Tests and Red Team Exercises

19) Secure Network Engineering

18) Incident Response Capability

17) Data Loss Prevention

16) Account Monitoring and Control

15) Controlled Access Based on Need to Know

14) Maintenance, Monitoring and Analysis of Audit Logs

13) Boundary Defense

1) Inventory of Authorized and

Unauthorized Devices

12) Controlled Use of 11) Limitation and Control


Administrative Privileges of Network Ports, Protocols and Services

.. U:-JIVERSITY Or M INNESOTA

..... Driven to Discover

2) Inventory of Authorized and Unauthorized Software

3 3) Secure Configurations for Hardware and

Software on Laptops, Workstations, and Servers

4) Continuous Vulnerability Assessment and Remediation

6

5) Malware Defense

6) Application Software Security

7) Wireless Device Control

8) Data Recovery Capability

9) Security Skills Assessment and Appropriate Training to Fill Gaps

10) Secure Configuration of Devices such as Firewalls, Routers, and Switches

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

164574.7=%&,.430P-.F=%&457&(0=6&Y.4/68/0=`

<0560.&G-.&'560.506&10/@.862&b <.868/49&<-56.-9=

Y,,#(+5"#'5:30#:#1+%+5)1'),'+4#'+)3'R'()1+$)0*'Z500'3$#"#1+')"#$'VRS'),'51+$2*5)1*'

\!2*+$%05%1'-5&1%0*'e5$#(+)$%+#'-+28G^


Function and Unique

Identifier Category and Unique Identifier Subcategory Informative References

IDENTIFY (ID)

Asset Management (AM): Identify and manage the personnel, devices,

systems, and facilities that enable the organization to achieve business purposes, including their relative

importance to business objectives, in support of effective risk decisions.

ID.AM-1: Physical devices and systems within the organization are inventoried

• ISA 99.02.01 4.2.3.4 • COBIT BAI03.04, BAI09.01,

BAI09, BAI09.05 • ISO/IEC 27001 A.7.1.1, A.7.1.2 • NIST SP 800-53 Rev. 4 CM-8

CSC1 ID.AM-2: Software platforms and applications within the organization are inventoried

• ISA 99.02.01 4.2.3.4 • COBIT BAI03.04, BAI09.01,

BAI09, BAI09.05 • ISO/IEC 27001 A.7.1.1, A.7.1.2 • NIST SP 800-53 Rev. 4 CM-8 • CCS CSC 2

… …

… … …

PROTECT (PR)

Awareness and Training (AT): Ensure that organizational personnel and partners are adequately trained to carry out their assigned information

security-related duties and responsibilities through awareness

and training activities.

PR.AT-1: General users are informed and trained

• ISA 99.02.01 4.3.2.4.2 • COBIT APO07.03, BAI05.07 • ISO/IEC 27001 A.8.2.2 • NIST SP 800-53 Rev. 4 AT-2 • CCS CSC 9

… …

… … …

DETECT (DE)

Detection Processes (DP): Ensure timely and adequate awareness of

anomalous events through tested and implemented detection processes and

procedures.

DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability

• ISA 99.02.01 4.4.3.1 • COBIT DSS05.01 • NIST SP 800-53 Rev 4 IR-2,

IR-4, IR-8 • CCS CSC 5

… …

… … …

RESPOND (RS)

Mitigation (MI): Conduct activities to prevent expansion of an event,

mitigate its effects, and eradicate the incident.

RS.MI-1: Incidents are contained • ISO/IEC 27001 A.3.6, A.13.2.3 • ISA 99.02.01 4.3.4.5.6 • NIST SP 800-53 Rev. 4 IR-4

… …

… … …

RECOVER (RC)

Recovery Planning (RP): Execute Recovery Plan activities to achieve restoration of services or functions

RC.RP-1: Recovery plan is executed • COBIT DSS02.05, DSS03.04 • ISO/IEC 27001 A.14.1.3,

A.14.1.4, A.14.1.5

NIST Cybersecurity Framework

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

164574.7=%&,.430P-.F=%&457&(0=6&Y.4/68/0=`

c'1R&<2:0.=0/@.862&,.430P-.F&b '3B903056468-5&Q0/8=8-5

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

c'1R&<2:0.=0/@.862&,.430P-.F& '3B903056468-5&Q0/8=8-5


Standards, Frameworks, and Best Practices?

Technologica Leadership lnsti

~ 0 i::::

~ ~ ~ Q: 0 v; ::i LL. 0 Lu (.!)

~ ~ u fli Cl..

50

40

30

20

10

0

CYBERSECURITY FRAMEWORK USAGE

As of 2015, 30% of U.S. 50% organizations use the NIST PROJECTED Cybersecurity Framework; • • • • • • and use is predicted to rise ••••• • • • • • • to 50% by 2020 according ••••• • • • • • • ••••• to Gartner research. • • • • • • • •••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • •••••

30% • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • ••••• • • • • • • • ••• 0%

2012 2015 2020

YEARS

NISI Notional Institute of Standards and Technology U.S. Department of Commerce

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29g%:($%[6)5.J$)2.;*

d570.=6457&2-@.&.8=F

14G0;@4.7&2-@.&85G-.3468-5

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29g%:($%[6)5.J$)2.;*

14G0;@4.7&2-@.&85G-.3468-5

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29g%:($%[6)5.J$)2.;*

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29

Tnreats Environmental

Business Resources

Hackers I Criminals

Vulnerabilities

Weakness in security protections

--[i e i oo - c ance ~of t ti reat a fecting t tie ousiness--


Occurrence based on history I industry statistics

For adversarial threats: capability and intent

Impact - potentia arm tot e Business

The theft or disclosure of sensitive business information

Business information or systems being modified

The loss of information or system availability

RISK

.... UN I VERS IT Y OF MI NNESOTA

.-am. Driven to Discover "

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29Table 1: Jden.tify and Prioritize Jnfonnation Types

Example: Customer Contact

InfQrmation

Cost of revelation Med (Confidentiality)

Cost to verify High information (Integrity)

Cost of lost access High.

(Availability)

Cost oflost work High

Fines, penalties, Med customer notification

Other legal costs Low

Reputation I public High

Relations costs

Cost to identify and High repair problem

Overall Score: High


.... UNIVERSITY OF MINNESOTA

.-a.. Driven to Discover ~

Info type l Info type 2 Info type 3 ...

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29

Tab.le 2: Inventory

Description (e.g. nickname, Location make, model. serial number, service ID , other identifying information)

[ Dr. J. Smith's cell phone; Mobile Type - Sonic; Version - 9.0 T&S Network ID - "Police Box"

2

3

4

5


.... UNIVERSITY OF MINNESOTA

.-a.. Driven to Discover ~

Type of information the product comes in contact with.

Email,: Calendar; Customer Contact Information; Photos; Social Media; Locations; Medical Dictionary Application

Overall Potential Impact

High

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29Table 3: Identify Threats, Vulnerabilities, and the Likelihood of an Incident

Example: Customer Contact

Information on Dr. J. Smith's cel(pflone

Confidentiality

Med Theft by criminal (encrypted; password-

protecte<!J.. Med

Accidental disclosure (has previously lost _llfione twict&

Integrity

Accidental alteration by Med user I employee

Intentional alteration by external criminal I Low hacker

Availability

Accidental Destruction Med (fire, water, user error) (Regular backups)

Intentional Destruction Low

Overall Likellbood: Med


.... U:-<tVERSITY OF Yltl'NESOTA


Info type / Info type / lnfo type / Technology Technology Technology ...

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

f?7:%_ 7J.;;%Y6*")$**%?)3',J.2"')%7$16,"29

High

Impact

Low


Table 4: Prioritize Resolution Action

Priority 3 - Schedule a Priority 1 - Implement resolution. Focus on Respond immediate resolution. Focus on

and Recover solutions. Detect and Protect solutions.

Priority 2 - Schedule a No action needed resolution. Focus on Detect and

Protect solutions.

Low High

Likelihood

... UNIVERSITY 01' MINNESOTA

.-a.. Driven to Discover


Assessing your cybersecurity capabilities

• Identify cybersecurity-related activities that are critical to business strategy and the delivery of critical services;

• Prioritize investments in managing cybersecurity risk;• Assess the effectiveness and efficiency in using

cybersecurity standards, guidelines and practices;• Evaluate their cybersecurity results; and• Identify priorities for improvement.

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

>==0==85;&M-@.&<2:0.=0/@.862&)[email protected]&

h$#6*)1*#(2$5+G?():

= I4)'5*'%(()21+%60#',)$'G)2$'*#(2$5+G'3$)&$%:9= I4)'+%7#*'%(+5)1')1'*#(2$5+G'$#j25$#:#1+*9


ISACA.ORGTechnological

Leadership lnstih

MATURITY M ODEL

P010 Manage Projects

Manal:t'ment of the proass of 11/anag<' projerts that satisfies the business requirement for IT of •nsuring th• deifrt'I')' of projtct f<'Slllts '"ithln agr.:ed-11pon Um<' frames, blldgn and q11ali1)• is:

O Non-existent .. nc:n PIOJCCI m31\3gcrncnt tc:chniqllt's are not used and the organisation docs l>O( consider bas1nc:u impactS ossociated ,.;th project m 1smamgcmcn1 and dc\'dopmcnl project failures.

1 lnltlal/ Ad Hoc \\bcn The use of prOJCCI mmagcn>c:nt ltthniQUt'S md awroacbcs ,.;thin IT is a decision left to indi\idual IT man:iicn- Tl-.:rc is a bet of management coourutmcnl to proJCC1 °"'ncrship and project managemenL Cnt1cal doclSIOllS on proJCC1 tnan:1gcmcnt an: made "1thout user management or customer mpuL Tbc:n: is little..- oo customtr and user 1mvh'Cmcnt m dcfmuig IT proJCCIS. There is no c lc:u orpnis»aon ,.,Ihm IT fm the managcmcni of projccu. Roles and rcspo~1>1ht.,s for the ~cmcnt of pro)CCU an: not defined Projce1S.. schedules Ind milc:slon"5 an: poorly defined. if at all. Pro;cct st:tff rime md CXJ'C"IS"S an: not tracked and c..-npan:d to budgets.

2 Repeatable but Intuitive when Senior =~"'mcnt g;iim and c..-nrromicates an awareness of the need for IT project rnanagemcn1 The org.111"'3rion is in the process of dC\'Clopmg and ullhsing some techniques and mediods from project 10 project. IT proJCCIS ha,,, informally defined busmcs. and tcchrucal objcch\'CS. There is !united stakeholder im'Ol\i:mcnt m IT project lll3ll>gcmcnt. lmbal guwlclincs ""' d<..,.,,lopcd for many aspects of project rn:an:igcmcnt Application of project managm>c:nt guidelines is left to the discretion or the indivml project manager.

3 Defined when The IT p<OJe<:t management process and methodology arc es1:1blisbcd and communicated. IT project> arc defined with appropriate business nnd tcchmcul objectives. Senior IT and business management :ire beginning to be committed and m\vh-.:d in the m1111ngcment of IT projects. A project management office is established within IT, with initial roles and responsibilities defined. IT pro:icclS arc monitorc'CI, with defined and updated milestones, schedules, budget and pcrforman<lC mcasurcmcnu. Project management tntimng is nv:iil:lbk 1111d is primarily a result of individual staff imtiatl\'CS. QA proc<:durcs and post~ystcin 1mplcmcnllltion 1tell\'lt1cs arc defined but arc not bl'03dly applied by IT managers. Projccb arc bl-ginmng to be managed as ponfolio•

4 Man-Ced and Measurable when Manab"'mcnt rcquU'Cs formal and standardised project metrics and lessons lc:trncd to be rc-;.,..,,d following project complcuon. Project management is measwi:d and evaluated throughout the organisa1ion and nee just within IT Enhancx-mcnts to the project management process arc formalised and cormnunicated ,.;th project team members tr.uncd on cnhanccmc:nts. IT man:igcmcnt 1mplcmcnb a ptOjCCt organiS:t!Joo structure ,.;th docummted roles. respo11S1b1hbcs and stalTpcrfornw>cc cn1cn:i. Cnacn.a r ... C\'lllu:n1ng success at ac:h milestone arc established. Value and risk arc measured and rrunaged pnor to. dunng and after the c..-nplc:bon of pn>JeCU.. l'rqccts 111Crcasingly ad<ftss org;anisati.on go:tls. rather than only IT~pcc1fte OOCll Then: 1s strong and acb\-C p<OJect suppcn from senior management sponsors as ""II as stlkeholdcn. Rclc-1'111 project m31\3;crncnt training is planned fm staff 1n the ptOJCC1 managcmcnl ofJ">ec and across the IT function.

5 Optimised "hc:n A l""''m. full bfc C)i:lc project and programme mcdaodology is implemented. cnfon:ed and intcgl1lted into the culture of the entire orpr11sa11on. An ongoing miuatn" to identify and insritutionalisr best project m:in.agcrncnt prxt1c:cs IS unplcmcnted. An IT strategy for sowcuig dC\'Clopmcnt and opcrallOnal projects is defined and implcmcnted. An mtcgr:ated proJCCI ~'Cll\CDl office is

rcspoll>lblc r ... pro)cctS and programmes from i.ruptioo to post-implcmcntlbon. Org:ttusabonwidc pl.vmmg or programmes and p<OJCCIS ensures th:t1 user and IT rcSCJUKCS arc best iailiscd to support suatcgic initialn'Cs

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

>==0==85;&2-@.&/2:0.=0/@.862&/4B4:898680=

A-!C!?QHJ

1. IT Stratesv Formulltlon 16. IT lnddent Manaa~ment 2. Enterprise Atchltecture

Manaaement

3. IT lnltl1tives Formulltlon

14. IT Problem Manaaement 4 . fT Protrams & Pro)Kts

Proeramm nc

5. IT Prolfilms & Projects Pomollo Man11ement

U. IT Change Management 6. IT Programs & Pro)ects

lmptementinc

- Scoff'

- Gol

-~.


11. IT Avanabllity Manacement

10. IT Capacity Management ~~--

' . Information Sewrfty Manacement

~---'-rr ~rvlce Continuity Manacement

9. rT ~Niu Ms.et & Configuration Manacement

... C:>itVERSITY Of '.\1t:>Jl"ESOTA

~. Driven to Discover

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

c'1R&Q.4G6&<2:0.=0/@.862&109G+>==0==3056&R--9Assessment Rubric Process (Categories 1-6)

Maturity Level Approach Deployment

Reactive CVBERSECURITY-related DEPLOYMENT of CYBERSECURITY-related policies/operations are APPROACHES to appropriate characterized by activities organizational units, and to rather than by PROCESSES. CUSTOMERS, PARTNERS, and suppliers,

as appropriate, is lacking.

Early CVBERSECURITY-related KEY CYBERSECURITY-related APPROACHES

policies/operations are are beginning to be DEPLOYED to beginning to be carried out appropriate organizational units and With SYSTEMATIC APPROACHES. to CUSTOMERS, PARTNERS, and

suppliers, as appropriate.

Mature Most elements of CYBERSECURITY- KEY CYBERSECURITY-related APPROACHES related policies/operations are are well DEPLOYED to appropriate characterized by SYSTEMATIC organizational units and to APPROACHES. CUSTOMERS, PARTNERS, and suppliers,

as appropriate.

Role Many to all elements of KEY CYBERSECURITY-related APPROACHES Model CYBERSECURITY-related are fully DEPLOYED to appropriate

policies/operations are organizational units and to characterized by SYSTEMATIC CUSTOMERS, PARTNERS, and suppliers, APPROACHES. as appropriate.


.... U'.'JIVERSITY OF MINNESOTA


Evaluation Factor

Learning Integration

Improvement in CYBERSECURITY- CYBERSECURITY-related goals are poorly defined; related policies/operations is individual units within the CYBERSECURITY achieved mainly in reaction to operations function independently of each immediate needs or problems. other. There is no coordination between

CYBERSECURITY-related policies/operations and those of the rest of the organization.

CYBERSECURITY-related CYBERSECURITY-related strategy and quantitative

policies/operations are beginning to GOALS are being defined. There is some early be SYSTEMATICALLY evaluated and alignment among CYBERSECURITY operational improved. units and, as appropriate, between

CYBERSECURITY policies/operations and the rest of the organization.

CYBERSECURITY-related CYBERSECURITY-related APPROACHES address KEY policies/operations are strategies and GOALS. There is alignment SYSTEMATICALLY evaluated for among CYBERSECURITY operational units and, as improvement, and learnings are appropriate, between CYBERSECURITY shared, with some INNOVATION policies/operations and the rest of the evident. organization.

CYBERSECURITY-related CVBERSECURITY-related policies/operations are policies/operations seek and achieve INTEGRATED with current and future efficiencies through ANALYSIS, organizational needs defined by the INNOVATION, and the sharing of organization; these policies/operations are CYBERSECURITY information and well INTEGRATED with those of the rest of the knowledge, including with the rest of organization. the organization.


SBATopTenCybersecurityTips

1. Protectagainstviruses,spyware,andothermaliciouscodeMakesureeachofyourbusiness’s computersareequippedwithantivirussoftwareandantispywareandupdateregularly.Suchsoftwareisreadilyavailableonlinefromavarietyofvendors.Allsoftwarevendorsregularlyprovidepatchesandupdatestotheirproductstocorrectsecurityproblemsandimprovefunctionality.Configureallsoftwaretoinstallupdatesautomatically.

2. SecureyournetworksSafeguardyourInternetconnectionbyusingafirewallandencryptinginformation. IfyouhaveaWi-Finetwork,makesureitissecureandhidden.TohideyourWi-Finetwork,setupyourwirelessaccesspointorroutersoitdoesnotbroadcastthenetworkname,knownastheServiceSetIdentifier(SSID).Passwordprotectaccesstotherouter.



3. EstablishsecuritypracticesandpoliciestoprotectsensitiveinformationEstablishpoliciesonhowemployeesshouldhandleandprotectpersonallyidentifiableinformationandothersensitivedata. Clearlyoutlinetheconsequencesofviolatingyourbusiness’scybersecuritypolicies.

4. EducateemployeesaboutcyberthreatsandholdthemaccountableEducateyouremployeesaboutonlinethreatsandhowtoprotectyourbusiness’sdata,includingsafeuseofsocialnetworkingsites. Dependingonthenatureofyourbusiness,employeesmightbeintroducingcompetitorstosensitivedetailsaboutyourfirm’sinternalbusiness.Employeesshouldbeinformedabouthowtopostonlineinawaythatdoesnotrevealanytradesecretstothepublicorcompetingbusinesses. Holdemployeesaccountabletothebusiness’sInternetsecuritypoliciesandprocedures.



5. RequireemployeestousestrongpasswordsandtochangethemoftenConsiderimplementingmultifactorauthenticationthatrequiresadditionalinformationbeyondapasswordtogainentry.Checkwithyourvendorsthathandlesensitivedata,especiallyfinancialinstitutions,toseeiftheyoffermultifactorauthenticationforyouraccount.

6. EmploybestpracticesonpaymentcardsWorkwithyourbanksorcardprocessorstoensurethemosttrustedandvalidatedtoolsandanti-fraudservicesarebeingused.Youmayalsohaveadditionalsecurityobligationsrelatedtoagreementswithyourbankorprocessor.Isolatepaymentsystemsfromother,lesssecureprogramsanddonotusethesamecomputertoprocesspaymentsandsurftheInternet.



7. MakebackupcopiesofimportantbusinessdataandinformationRegularlybackupthedataonallcomputers.Criticaldataincludeswordprocessingdocuments,electronicspreadsheets,databases,financialfiles,humanresourcesfiles,andaccountsreceivable/payablefiles.Backupdataautomaticallyifpossible,oratleastweekly,andstorethecopieseitheroffsiteoronthecloud.

8. ControlphysicalaccesstocomputersandnetworkcomponentsPreventaccessoruseofbusinesscomputersbyunauthorizedindividuals.Laptopscanbeparticularlyeasytargetsfortheftorcanbelost,solockthemupwhenunattended.Makesureaseparateuseraccountiscreatedforeachemployeeandrequirestrongpasswords.AdministrativeprivilegesshouldonlybegiventotrustedITstaffandkeypersonnel.



9. CreateamobiledeviceactionplanMobiledevicescancreatesignificantsecurityandmanagementchallenges,especiallyiftheyholdconfidentialinformationorcanaccessthecorporatenetwork..Requireuserstopasswordprotecttheirdevices,encrypttheirdata,andinstallsecurityappstopreventcriminalsfromstealinginformationwhilethephoneisonpublicnetworks.Besuretosetreportingproceduresforlostorstolenequipment.

10. Protectallpagesonyourpublic-facingwebsites,notjustthecheckoutandsign-uppages


Leverage your relationships

• Service Providers and Partners• Information Sharing

– Other similar entities– Organizations like Infragard or ISSA– Formal Sharing organizations – Your network of security minded peers– Lists and bulletins from reputable sources

• Take advantage of training opportunities and make time to share learnings – it’s an investment

• Insurance company – Cyber Insurance• Consultants and Auditors


Balancing Resources for Security

• Security can’t trump service delivery• How mature is your process

– Considerations for resource availability– Projects designed to do it right the first time rather than fix it later– Benchmarks and metrics to support resource needs– New functionality is considered with security impact PRIOR to

implementation

• If you don’t have the expertise, consider outsourcing– Managed services or consultants– Cloud isn’t necessarily bad (anymore…)

• Build relationships with other similar organizations– Conduct joint training exercises– Share threat and incident information with your peers


SMBCybersecurityResourcesNISTCybersecurityforSmallBusinesses• http://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.7621r1.pdfNationalCyberSecurityAlliance– CyberSecure MyBusiness• https://staysafeonline.org/cybersecure-business/• https://staysafeonline.org/event_category/cybersecure-my-business/SBACybersecurityPageandCybersecurityOnlineTraining• https://www.sba.gov/managing-business/cybersecurity• https://www.sba.gov/tools/sba-learning-center/training/cybersecurity-small-

businessesFCCCybersecurityPageandCyberPlannertool• https://www.fcc.gov/general/cybersecurity-small-business• https://www.fcc.gov/cyberplannerStop,Think,Connectforsmallbusinesses• http://www.stcguide.com/explore/small-business/US-CERTResourcesforSmallandMidsizedbusinesses• https://www.us-cert.gov/ccubedvp/smb


• Plan for security from the beginning– Design it in, don’t bolt it on

• Knowing what is important and where it is– Inventories and prioritized controls

• Identify the threats and risks– Who wants our “stuff” and how can they get it

• Is someone accountable for security?– Do they have the tools and resources to be

effective?

Top Risks and Best Practices


• Ransomware– Backups, AV/Malware protection and

education

• No perimeter– Mobile devices, cloud apps, service providers

• Service providers– Outsource where necessary but keep

accountability

• Is everyone aware?– Phishing, malware, bad behaviors, etc.



• Email and Internet risks– Phishing, malware downloads, bad behaviors

• Architecture design and systems administration– Plan for security and pay attention to the

important stuff

• Find a trusted partner/expert to help– Focus on your core competencies, but get the

help you need


!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

c)2'(%1[+'8)'#"#$G+451&'%+')1(#T'%18'5+[*'1)+',#%*560#'+)'&)',$):'%'0)Z':%+2$5+G'0#"#0'+)'45&4')"#$15&4+

P /%*5('60)(751&'%18'+%(7051&P @)05(5#*'%18'-+%18%$8*'B *3#(5,5('+)'G)2$'

1##8*'%18')$&%15>%+5)1%0'*+$2(+2$#P CG6#$'5*1[+'*3#(5%0T':%1%&#'5+'057#'%1G')+4#$'

$5*7'+4%+'G)2',%(#'51'G)2$')$&%15>%+5)1P Y:34%*5>#'%6505+5#*'+)',518'%18'$#:#85%+#'B

30%1',)$'6$#%(4'%18'05:5+'8%:%&#

10/@.862&(0=6&Y.4/68/0=I4%+'%$#'+4#'65&&#*+'$5*7*'+)'G)2$')$&%15>%+5)19P @45*451&W-3#%$'@45*451&P @%**Z)$8'H#=2*#P -)(5%0'#1&51##$51&P H%1*):Z%$#P @%+(4'%18'"201#$%6505+G':%1%&#:#1+P A1#,,#(+5"#'$#*)2$(#'3$5)$5+5>%+5)1'3$)(#**P -#(2$5+G'*7500*'*4)$+%&#'

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=


WHO IS TLI - OUR STORY

• Established in 1987 with an endowment from Honeywell Foundation

• Three M.S. degree programs; MDI, MOT & MSST

• Short courses & seminars• 1300 degree program

graduates• Five endowed chairs• 60+ faculty


OUR MISSION

TLI’s mission is to develop local and global leaders for technology-intensive enterprises, and to empower executives and leaders in their strategic vision to leverage technology to drive business development.

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

TLI develops business leaders for

technology-intensive organizations

CSE develops strong engineers and scientists Technical Talent


.... U~ I VERSITY Of MINNESOTA

.-a.. Driven to Discover

MS in Management of Technology

MS in Medical Device Innovation

MS in Security Technologies


MSST BY DESIGN: BECOME A THREAT EXPERT

• Understand risk

• Identify risk

• Mitigate risk

• Integrate tools

• Apply tools

!"#$%&'()*+*,-./*0"*#1%)*"2*)(&3*#%4345)1)&"5*61$*74*%4#%"89:48*&5*15$*2"%6*;&)("9)*#%&"%*19)("%&<1)&"5=

Cybersecurity for Startups Workshop · Workshop Mike Johnson Renier Chair/Director of Graduate...

Documents

Transcript of Cybersecurity for Startups Workshop · Workshop Mike Johnson Renier Chair/Director of Graduate...