Strengthen Your County’s Security Posture Cyber Incident Scenario Joe Frohlich State of Montana – Enterprise Security Manager.

Slides:



Advertisements
Similar presentations
1 Identity Theft and Phishing: What You Need to Know.
Advertisements

Your NEW Social Services Verification Tool
The Most Critical Risk Control: Human Behavior Lynn Goodendorf Director, Information Security Atlanta ISACA Chapter Meeting June 20, 2014.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
James Sees Senior Network Administrator Management Analyst Cyber Protection Strategies White Hall Business Association - Cyber Security & Awareness Conference.
Defense Travel Management Office Office of the Under Secretary of Defense (Personnel and Readiness) Defense Travel Management Office Office of the Under.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Free Business Card Website Dr. K. F. Lee, ARPS IT&C (HK) Ltd.
HIPAA Privacy & Security EVMS Health Services 2004 Training.
Continuity of Operations Planning COOP Overview for Leadership (Date)
Your Trusted Partner In All Things IT. 20 Years of IT Experience University Automotive Food Service Banking Insurance Legal Medical Dental Software Development.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
TELEPHONE ENGLISH.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Have Fun, Be Safe Strategies for Internet and Social Media Safety.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Training PowerPoint.  Just plug into the USB port on your computer. You will find USB ports on the front or back of your computer.  If you have a laptop.
General Awareness Training Security Awareness Module 3 Take Action! Where To Go for Help.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
Chapter 7 Phishing, Pharming, and Spam. Phishing Phishing is a criminal activity using computer security techniques. Phishers try to acquire information.
Information Security Sharon Welna Information Security Officer.
Malware and Phishing By: Sydney Langley. MALWARE- includes viruses and spyware to steal your personal information PHISHING- is an internet scam sending.
Visual 6.1 Unified Command Unit 6: Unified Command.
What are they? What do they have to with me?. Introduction  You may not know exactly what it is, but chances are you have encountered one at some point.
LAP Student Growth Accessing the Application STRENGTHENING STUDENT EDUCATIONAL OUTCOMES RCW 28A
Page ADP PearsonAccess Proctor Training. Page Agenda Test Overview Testing Components Proctor Roles and Responsibilities Overview Administering the Test.
Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.
SY0-401 COMPTIA Security+ Certification Exam Vcepracticetest.com.
Acess Test Questions. Chapter 1 (Lynda.com) Question 1 An access database uses five main components (database objects). Which is not one of them? Tables.
Gmail Technical Support Toll free Number – For more information visit this link -
Real Life Scenario An employee in the Finance and Business Operations receives a targeted phishing . Follows instructions and infects his or.
Washington State Auditor’s Office Cybersecurity Preparing for the Inevitable Washington State Auditor’s Office Peg Bodin, CISA, Local IS Audit Manager.
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.
Your security risk is higher than ever.
PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.
There Will be Attacks – Improve Your Defenses
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Burke.
Information Security.
Cyber Crime What’s all the fuss about?
Cyber Security Awareness Workshop
Data Compromises: A Tax Practitioners “Nightmare”
October 26, 2017 Main Line Association for Continuing Education
International User’s Conference September 2017
Cyber Security Awareness Workshop
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Bird Team Lead, Account Executive.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Michael Vanderhoff.
Staying Austin College
UNIVERSITY Common Cyber Security Myths An Update on Cyber Security.
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Matthew Gardiner Product Marketing.
Cybersecurity Awareness
Unable to set your Webroot account password While logging in to the account, if any message Can't log in? appear on your screen. Then, Click on the link.
Unable to set your Webroot account password While logging in to the account, if any message Can't log in? appear on your screen. Then, Click on the link.
4 ways to stay safe online 1. Avoid viruses and phishing scams
Explaining Bitcoins will be the easy part: Borne Attacks and How You Can Defend Against Them Andrew Cotton.
Welcome to The DBS Companies Portal
There Will be Attacks – Improve Your Defenses
David J. Carter, CISO Commonwealth Office of Technology
The information in this presentation is marked as:
Getting Access to GEMS/MARS
Steppa Cyber Security Training Tips Your Business Was Seeking For With Cyber Security Training!
Corporate Compliance.
Information Security – Sep 18
What is Phishing? Pronounced “Fishing”
Information Protection
Information Protection
Cybersecurity Simplified: Ransomware
“Workplace Behaviour: Activating your greatest security asset”
Presentation transcript:

Strengthen Your County’s Security Posture Cyber Incident Scenario Joe Frohlich State of Montana – Enterprise Security Manager

Accept that this scenario is possible Together we will discuss possible responses No right or wrong answers Use ideas to create or improve incident response plans Cyber Incident Scenario

An employee in your County Clerk’s Office received an in his work account which contained a malicious link. The employee clicked on the link and moments later a pop-up message appeared on his screen telling him all of his files had been encrypted. He has 72 hours to pay $50,000 or the files will be permanently encrypted. The message also warns that any attempt to remove the encryption without the proper key will result in the files being destroyed. Cyber Incident Scenario

A short time later county employees start reporting that they are unable to access the county’s recording software. It appears likely that all county records from the Clerk and Recorders system are encrypted. Soon after you receive a phone from a reporter asking about the county systems all being down.

What are you going to do first? Who are you going to contact? Who is going to manage the response? Who is going to communicate with the media? Would you pay the ransom?

Strengthen Your County’s Security Posture Incident Response Plans Lisa Vasa State of Montana – Security Analyst

Create a plan BEFORE you need it Applicable to any type of incident FEMA ICS forms, checklists, and training SITSD Incident Response manual

Identify an Incident Commander and backup Identity spokesperson Key staff knows their roles Exercise the plan with tabletop exercises

Strengthen Your County’s Security Posture Security Awareness Training Lisa Vasa State of Montana – Security Analyst

95% of incidents are human caused Ransomware & other malware Phishing Poor password management Patch & configuration management Malicious insiders Human errors

Training is your best defense Formal training SANS Securing the Human PhishMe CBFree FedVTE

Training is your best defense Informal training Posters Newsletters & Handouts Security minute

Strengthen Your County’s Security Posture Questions / Open Forum

Dawn Temple: Sean Higginbotham: Joe Frohlich: Lisa Vasa:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.