1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:

Slides:

Advertisements

Similar presentations

Travelers CyberRisk for Insurance Companies

Advertisements

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

Ray Greenlaw, School of Computing Armstrong Atlantic State University 1 Regional Center for Cyber Security Education and Training January 2003.

DHS, National Cyber Security Division Overview

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

(Geneva, Switzerland, September 2014)

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

US-CERT National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Network Security Resources from the Department of Homeland Security National Cyber Security Division.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.

IDENTITY THEFT. RHONDA L. ANDERSON, RHIA, PRESIDENT ANDERSON HEALTH INFORMATION SYSTEMS, INC.

Information Sharing Challenges, Trends and Opportunities

Cyber Security Nevada Businesses Overview June, 2014.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,

Internet Fraud Complaint. Internet fraud refers to any type of frauds that take place due to the use of internet.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

EECS 710: Information Security and Assurance Assignment #3 Brent Frye 10/13/

Role for Electric Sector in Critical Infrastructure Protection R&D Presented to NERC CIPC Washington D.C. June 9, 2005 Bill Muston Public Release.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.

1 August 18, 2010 Disaster Recovery Coordinators’ Meeting.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

INFORMATION TECHNOLOGY SERVICES Mike Russo, PMP, CISSP, CISA, CFE, CGEIT Director, Information Security and Privacy Office CYBERSECURITY AND PRIVACY Information.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

U.S. Small Business Administration Answers | Resources | Support For Your Small Business Cybersecurity Awareness Cybersecurity Awareness Signs You’ve Been.

111 © 2005 EMC Corporation. All rights reserved. Achieving Business Resilience 2005 Business Continuity and Corporate Security Show & Conference Stephen.

EU activities against cyber crime Radomír Janský Unit - Fight against Organised Crime Directorate-General Justice, Freedom and Security (DG JLS) European.

What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Friday 22nd April 2016 DS Chris Greatorex SEROCU

1 AaS 2.5 Hybrid Cloud - The Best Solution? Bryan Porter, CTO - DataBank.

1 EIT 4.1 Thinking Different: Data Centers and IoT Chris Crosby, CEO, Compass Datacenters.

1 Session ITM 1.4 Healthcare Operations: East meets West David Shaw Director IT Systems Operations.

1 PCE 3.3: Reducing Power Quality Incidents Through Local Power Quality Communities Andy Taylor, CEO Applied Power Technologies, Inc.

Centre of Expertise - Security Securing your business against cybercrime Or surely we do not have anything to worry about...do we?

WHEN, NOT IF THE CYBER SECURITY CHALLENGES AMONG LOCAL GOVERNMENT UMBC Public Policy Forum Baltimore Maryland April 15, 2016 Gayle B. Guilford CISO Baltimore.

1 Session # AaS 2.2 Avoiding Cloud Lock-In Stoney Gwitira.

1 Session Number ITM 7.1 “A” Players: How to Find Them, Hire Them and Keep Them! “It’s All About Relationship” Dennis Thompson, Betsy Zimpfer Thompson.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

1 ITM 5.1 Facility Juggling: Managing Load Balancing, Edge Locations, and Networks Shawn Mills.

1 AaS 6.2 SaaS: Understanding Where it Fits, Who Controls What and What it Costs Joseph Furmanski Director, Data Center Facilities and Technologies.

Cyber Threat Intelligence Program Primer NASCUS August 1, 2016 Chicago, IL Christina Saari, Senior Cyber Intelligence Officer National Credit Union Administration.

Cybersecurity as a Business Differentiator

EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY

CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.

Information Security Program

Cybersecurity - What’s Next? June 2017

California Cybersecurity Integration Center (Cal-CSIC)

Joe, Larry, Josh, Susan, Mary, & Ken

I have many checklists: how do I get started with cyber security?

Andy Hall – Cyber & Tech INSURANCE Specialist

Role for Electric Sector in Critical Infrastructure Protection R&D

1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.

Computer Emergency Response Team

The FBI The Federal Bureau of Investigation is the top law enforcement agency. They investigate all federal crimes and crimes where jurisdiction crosses.

DSC Contract Management Committee Meeting

To Pay or Not to Pay? Intelligent Ransomware Response

Presentation transcript:

1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge: Infiltrating the infrastructure

2 Data Center World – Certified Vendor Neutral Each presenter is required to certify that their presentation will be vendor-neutral. As an attendee you have a right to enforce this policy of having no sales pitch within a session by alerting the speaker if you feel the session is not being presented in a vendor neutral fashion. If the issue continues to be a problem, please alert Data Center World staff after the session is complete.

3 When, Not if Put video # 1 here

4 What cyber security means Ask the panel

5 RankStateLoss 1California$131,363,796 2Florida$ 52,544,107 RankCountryLoss 1United States$672,080,323 IC3* 2014 Complainant Loss by Victim State** **The IC3 was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate.Federal Bureau of InvestigationNational White Collar Crime Center *Note: This total of complaints represents the top 50 countries reporting to the IC3. This total includes complaints listing dollar loss amounts and complaints reporting no dollar loss. Statistics were rounded to the nearest hundredth percent. The top 50 countries represent 99% of the complaints receive

6 Symantec April 2015 Volume 20 Report Internet Security Threat Report Government reports “a 183 percent increase in DNS amplification attacks between January and August 2014”. The Ponemon Institute published “2015 Cost of Data Breach Study” in May The study stated “The cost of data breach varies by industry. The average global cost of data breach per lost or stolen record is $154. However, if a healthcare organization has a breach the average cost could be as high as $363 and in education the average cost could be as high as $300. The lowest cost per lost or stolen record is in transportation ($121) and public sector ($68). The retail industry’s average cost increased dramatically from $105 last year to $165 in this year’s study.” Distributed Denial of Service - DDoS

7

8 When, Not if Put video # 2 here

9 How do we prepare? Educate Users Partnerships Review Policy Review 3 rd Party Contracts Implement Tools

10 Educate Users Weakest Link Can spot and report oddities Can be suspicious Must use Strong Passwords Connect to Internet with Caution Must Secure mobile Devices

11 Partnerships Industry or Sector Information sharing Teams and Committees US-Cert (Computer Emergency Readiness) ISAC’s (Sector Specific information sharing and analysis centers) Regional Committees Fusion Centers (A fusion center is a collaborative effort of two or more agencies that provide resources, expertise and information to the center with the goal of maximizing their ability to detect, prevent, investigate, and respond to criminal and terrorist activity) Local Universities FBI Regional Cyber Security Office Federal Agencies In-House Facilities Management In-House Risk management In-House Procurement In-House Human Resources

12 Review 3 rd party contracts HVAC Electronic Identification Electrical 3 rd Party processing Websites ISP Providers

13 Review and Update Policies Times have changed Physical security and electronic access Physical infrastructure and remote access User Remote Access Internet access Termination

14 When, Not if Put video # 3 here

15 Implement Tools In order to fight the Cyber-War and be in compliance with State and Federal laws, we must implement the CyberSecurity policies in line with state and federal laws, identify and mitigate risks while implementing software and/or equipment designed to: Detect and Stop Expose the cyber-attack life cycle Report Cyber-attack Produce forensic attack details

16 What IS the Greatest Threat or Vulnerability in the future? When, Not if

17 3 Key Things You Have Learned During this Session 1.Key terminology and acronyms used in discussion of CyberSecurity. 2.Best practice security measures to bring back to your organization. 3.Most importantly: awareness of what a security incident could mean to your organization.

18 Thank you! Moderator: Donna M. Jacobs, MBA IT Senior Director University of Pennsylvania Panelist:Gregory Hartley IT Senior Project Lead University of Pennsylvania William Kiss CEO Global 1 Research & Development, Ltd. Adam Ringle, MBA President Adam Ringle Consulting, LLC