Washington State Auditor’s Office Cybersecurity Preparing for the Inevitable Washington State Auditor’s Office Peg Bodin, CISA, Local IS Audit Manager.

Slides:



Advertisements
Similar presentations
Identifying and Responding to Security Incidents in the Law Firm
Advertisements

1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Mr C Johnston ICT Teacher
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Controls – What Works
Information Security Policies and Standards
1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Session 3 – Information Security Policies
Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Incident Response Updated 03/20/2015
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
TRACs Security Awareness FY2009 Office of Information Technology Security 1.
APA of Isfahan University of Technology In the name of God.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
IT Security for Users By Matthew Moody.
BUSINESS B1 Information Security.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
FORESEC Academy FORESEC Academy Security Essentials (II)
C8- Securing Information Systems
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Information Systems Security Operational Control for Information Security.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Security Training USAID Information Security.
A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.
Note1 (Admi1) Overview of administering security.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
3.05 Protect Your Computer and Information Unit 3 Internet Basics.
Topic 5: Basic Security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
CONTROLLING INFORMATION SYSTEMS
Computer Security By Duncan Hall.
©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.
Cybersecurity Test Review Introduction to Digital Technology.
MIS323 – Business Telecommunications Chapter 10 Security.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Incident Response Christian Seifert IMT st October 2007.
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
Santa Clara, CA (408)
2015 TCPA WASHINGTON SUMMIT | SEPT. 27TH-29TH | WASHINGTON DC The Anatomy of a Breach Phillip Naples, Pritchard & Jerden, Inc. Jeremy Henley, ID Experts.
Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
Cyber-Security among American Local Governments Donald F. Norris, Anupam Joshi and Timothy Finin University of Maryland, Baltimore County Baltimore, Maryland.
Vulnerability / Cybersecurity Research Discussion Dwayne Melancon, CISA Chief Technology Officer and VP of Research & Development.
Ransomware BISD Technology Department. Ransomware Ransomware is a type of malicious software (malware) that infects a computer and/or mobile device and.
Presented by: SBS CyberSecurity © SBS CyberSecurity, LLC
Fusion Center ITS security and Privacy Operations Joe Thomas
2016 Data Breach Investigations Report
Security Standard: “reasonable security”
Data Compromises: A Tax Practitioners “Nightmare”
Cybersecurity Awareness
4 ways to stay safe online 1. Avoid viruses and phishing scams
Risk of the Internet At Home
Ransomware and Data breaches in public libraries
Anatomy of a Large Scale Attack
Incident response and intrusion detection
Mohammad Alauthman Computer Security Mohammad Alauthman
Presentation transcript:

Washington State Auditor’s Office Cybersecurity Preparing for the Inevitable Washington State Auditor’s Office Peg Bodin, CISA, Local IS Audit Manager

Washington State Auditor’s Office 2 Presentation objectives  Risk: Why do we need a plan?  Threat: What are we protecting ourselves from?  Action: What’s in an Incident Response Plan?

Washington State Auditor’s Office 3 What are you worried about?

Washington State Auditor’s Office 4 Plan for different types of risk:  Compromised computer devices  Exploited weaknesses in websites  Stolen or disclosed confidential information  Financial theft  Blackmail  Systems and services affected Cybersecurity risks

Washington State Auditor’s Office 5 Five malware events occur every second (Verizon DBIR 2015) Malware

Washington State Auditor’s Office 6 BYOM (Bring your own malware) Malware (continued) Link to article on Verizon report: verizon-provides-a-behind-the-scenes-look-at-data-breaches.html#slide10

Washington State Auditor’s Office 7 Ransomware

Washington State Auditor’s Office 8 Data breaches On+Software&utm_content= &utm_campaign=5%20Advantages%20to%20Choosing%20Open%20Source%2C%20Boston%20Seeks%20Inaugural%20Da ta%20Czar&utm_term=49%20Million%20Californians%5Cu2019%20Records%20Compromised%20in%20Past%204%20Years%2C%20AG%20Sayshttp:// On+Software&utm_content= &utm_campaign=5%20Advantages%20to%20Choosing%20Open%20Source%2C%20Boston%20Seeks%20Inaugural%20Da ta%20Czar&utm_term=49%20Million%20Californians%5Cu2019%20Records%20Compromised%20in%20Past%204%20Years%2C%20AG%20Says

Washington State Auditor’s Office Known vulnerabilities CVE: Common Vulnerabilities and Exposures

Washington State Auditor’s Office Administrative credentials Verizon /security/verizon-provides-a- behind-the-scenes-look-at-data- breaches.html#slide9 Failure to address known vulnerabilities can lead to loss of administrative credentials

Washington State Auditor’s Office scams

Washington State Auditor’s Office Phishing " And break in they did, in 22 minutes….” “Some employees of the state's largest PUD opened an cleverly disguised as work-related, and unsuspectingly downloaded an attack payload.”

Washington State Auditor’s Office Just don’t click The numbers also show that a campaign of just 10 s yields a greater than 90% chance that at least one person will become the criminal’s prey Verizon DBIR 2015 How long do you suppose you have until the first message in a Phishing campaign is clicked? Not long at all, based on the Verizon 2015 DBIR report, with the median time to first click coming in at one minute, 22 seconds across all campaigns

Washington State Auditor’s Office 14 Sophisticated phishing

Washington State Auditor’s Office 15 Insider error

Washington State Auditor’s Office Confidential information disclosure

Washington State Auditor’s Office Web access compromise Verizon /security/verizon-provides-a- behind-the-scenes-look-at-data- breaches.html#slide12 Users’ web access to HR-type systems presents another risk

Washington State Auditor’s Office Security incidents Verizon DBIR 2015

Washington State Auditor’s Office Government and cyber-risks Verizon DBIR 2015

Washington State Auditor’s Office Ransomware 101 Free Encryption, Whether You Want It or Not Free encryption, whether you want it or not Ransomware 101

Washington State Auditor’s Office A brief history of yesterday’s ransomware  First confirmed use: 1989  Malicious code written by a PhD from Harvard: Dr. Joseph L. Popp  Mailed out infected floppies around the world  Send check with $189 to PO Box in Panama or else

Washington State Auditor’s Office And today’s ransomware Look familiar? Hopefully not!

Washington State Auditor’s Office Now, meet the “Kam Chancellor” of ransomware Chimera … “The Game Changer”

Washington State Auditor’s Office Ransomware

Washington State Auditor’s Office I have a firewall … I’m good … right? Malvertising Evil attachmentsPhishing Compromised website

Washington State Auditor’s Office Help! My files are encrypted and I can’t pay bills, now what?  Call someone — help desk perhaps  Disconnect computer from the network  Restore from backup (got one?)  Activate alternate means to pay bills (got one?)  Last resort, victims may have no other option and pay the “coin”

Washington State Auditor’s Office Prevent or reduce ransomware damages  Maintain up-to-date anti-virus or anti-malware programs  Keep computer up-to-date with the latest security patches  Do not open or click unsolicited website links in messages  Educate yourself and other employees about good cyber-hygiene  Test your backup and restore procedure  Have an incident response plan

Washington State Auditor’s Office Incident response program Key elements to include in your plan

Washington State Auditor’s Office Secure your networks, systems and applications  Preventing an incident is less costly and more effective than responding to one after it occurs  Have an incident response plan in case an incident occurs!

Washington State Auditor’s Office Incident response policies and procedures What to include  Define the purpose of the policy  Define an “incident”  Create plans and define responsibility for all 5 key elements of incident response  Develop rules for communicating internally and externally  Train, educate and raise awareness  Test the plans

Washington State Auditor’s Office Define the purpose of the policy For example, the purpose of the policy might be to: 1.Ensure incidents are detected timely 2.Minimize the loss and damage associated with an incident 3.Fix the issue that caused the incident 4.Restore operations

Washington State Auditor’s Office Define an “incident” For example: "Security incident" means an accidental or deliberative event that results in or constitutes an imminent threat of the unauthorized access, loss, disclosure, modification, disruption, or destruction of communication and information resources.

Washington State Auditor’s Office Develop plans and assign responsibility Incidents can occur in many ways, so it is not possible to plan for every incident. Instead, create a step-by-step plan that would apply to the most likely or common types of attacks.  Breach of personal information  An attack caused by clicking on something on a website  Virus outbreak  Denial of service

Washington State Auditor’s Office Key elements to a plan 1.Identification 2.Containment 3.Eradication 4.Recovery 5.Lessons learned

Washington State Auditor’s Office Key Element No. 1: Identification Identify:  The source of compromise (how?)  Timeframe: When it started and ended, or is it ongoing (when?)  The type of data and number of files affected (what?)  The impact to the organization’s mission Identify who is responsible: Most of this is typically handled by the IT Department; will this be contracted out? Management determines the business impact and next steps.

Washington State Auditor’s Office Key Element No. 2: Containment  Change all passwords  Ensure no one access or alters the compromised system  Ensure no one turns off the compromised machine  Isolate the system from the network (unplug cable)  Preserve all audit logs for law enforcement evidence Identify who is responsible: This is typically handled by IT Department; will this be contracted out?

Washington State Auditor’s Office Key Element No. 3: Eradication  Clean out the malicious code or malware  Verify and double check cleaning was successful  Improve defenses Identify who is responsible: This is typically handled by IT. Who in management will IT provide status updates to?

Washington State Auditor’s Office Key Element No. 4: Recovery  Get your systems fully restored and running as normal  Follow technical procedures for system recovery  Restore corrupted information from a trusted backup Identify who is responsible: Some of this is typically handled by IT; end users will also play a role.

Washington State Auditor’s Office Key Element No. 5: Lessons learned Update policies and procedures based on what went well what can be done better next time Identify who is responsible: IT team, contractors, management, legal, communications and end users

Washington State Auditor’s Office Develop rules for communicating internally and externally  Internally  Human resources, legal, end users  Externally  Law enforcement  Other affected organizations (vendors, organizations, does your agency use the IGN?)

Washington State Auditor’s Office Train, educate and raise awareness  Implement specific training for those who implement the incident response plan, IT specialists and executive management  Implement more general training for others

Washington State Auditor’s Office Test the plan  Test to ensure effectiveness (simulated events or tabletop exercises.)  Coordinate the testing with all the organizational elements involved in the incident response plan.

Washington State Auditor’s Office 43 Questions? Website: Twitter: Peg Bodin Local IS Audit Manager (360)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.