Best Cyber Security Practices for Counties An introduction to cybersecurity framework.

Slides:

Advertisements

Similar presentations

David A. Brown Chief Information Security Officer State of Ohio

Advertisements

Security Controls – What Works

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Network security policy: best practices

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

SEC835 Database and Web application security Information Security Architecture.

Information Security Training for Management Complying with the HIPAA Security Law.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Test Organization and Management

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Security Architecture

Information Systems Security Operational Control for Information Security.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Appendix C: Designing an Operations Framework to Manage Security.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Note1 (Admi1) Overview of administering security.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Chapter 2 Securing Network Server and User Workstations.

HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Critical Security Controls & Effective Cyber Defense Hasain “The Wolf”

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

Module 7: Designing Security for Accounts and Services.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

GRC: Aligning Policy, Risk and Compliance

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

Information Security tools for records managers Frank Rankin.

Security and Resilience Pat Looney Brookhaven National Laboratory April 2016.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

Business Continuity Planning 101

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Technology and Business Continuity

CompTIA Security+ Study Guide (SY0-401)

Cybersecurity - What’s Next? June 2017

Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.

Security Standard: “reasonable security”

Leverage What’s Out There

Cybersecurity Policies & Procedures ICA

Cyber Protections: First Step, Risk Assessment

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Joe, Larry, Josh, Susan, Mary, & Ken

NYBA 2017 Technology, Compliance &

CYB 110 Competitive Success/snaptutorial.com

CYB 110 Education Begins / Snaptutorial.com. CYB 110 All Assignments For more classes visit CYB 110 Week 1 Individual Protecting.

CYB 110 Education Begins / tutorialrank.com. CYB 110 All Assignments For more course tutorials visit CYB 110 Week 1 Individual Protecting.

I have many checklists: how do I get started with cyber security?

Implementing and Auditing the Critical Controls

Final HIPAA Security Rule

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

County HIPAA Review All Rights Reserved 2002.

Cybersecurity compliance for attorneys

How to Mitigate the Consequences What are the Countermeasures?

Security week 1 Introductions Class website Syllabus review

Cybersecurity Threat Assessment

PLANNING A SECURE BASELINE INSTALLATION

Technology Solutions Cybersecurity Report to the KCTCS Board of Regents March 14, 2019.

In the attack index…what number is your Company?

Presentation transcript:

Best Cyber Security Practices for Counties An introduction to cybersecurity framework

Facts: What we must know Cyber attacks present a tangible element of risk There is no such thing as a secure network The threat landscape is constantly changing The delivery mechanism’s are becoming more advanced Training and preparing for event response determines outcome

Initial Tasks: What can we do? Train Inventory Identify Develop Implement Test

Training “We provided our staff the resources they needed to respond to this.”

Training: There is no substitute for competent staffing Training needs to be recurring There are several centers that provide free educational materials Participate in local and national groups

Inventory “The only thing hooked up is our devices and applications”

Inventory: What does our system look like Hardware What devices are on our network? What devices perform tasks without user intervention? What unauthorized devices are on our network? Software What software applications are on our systems? What software applications have been authorized for use?

Identify “We were unaware that the information we were collecting is protected”

Identify: Do you know where your liability is? Protected Information Can you identify what data your organization is collecting? Can you readily identify the location of the data? Can you determine what laws and regulations govern the data? Access Points Determine what network services are necessary Determine network boarders Determine User Access Determine Standard Use Patterns

Development “Our business strategy did not account for this type of event”

Development: We know what we need to protect. Now what? Policies & Procedures Create an Acceptable Use Policy Create the Security Response plan Create the Disaster Recovery Plan Create a User Awareness Plan

Implement “The controls we had in place prevented the situation from escalating”

Implement: Build your strategy Access Control Secure Network Boarders Limit Use of Network Services Isolate Local Area Networks MonitoringAuditing User Control Limit Administrative Privilege Account AuditingAccount Enforcement Patch Management Lab TestingAutomatic Deployment Information Gathering Use Centralized Log Servers Audit Access LogsAutomate Notifications Data Protection Backups

Test “During an exercise, we had identified a significant gap in our operation protocol”

Test: Are the implemented controls effective Internal Tests Simulate an event and measure effectiveness Modify the incident response plan to fill the gaps External Tests Use companies that have certified penetration testers.

Question and Answers Presented by: Sean Higginbotham Cascade County