September 20, 2016 How to Defend Your Organization from a Cyber Breach LTC Tim Bloechl (U.S. Army, Ret.) Director, Cyber Security Business.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
Security Controls – What Works
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Computer Security: Principles and Practice
Stephen S. Yau CSE , Fall Security Strategies.
Network security policy: best practices
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Information Security Update CTC 18 March 2015 Julianne Tolson.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Chapter 6 of the Executive Guide manual Technology.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
OTech CalCloud Security General 1  Meets the operational and compliance requirements of the State  SAM/SIMM  NIST  FedRAMP v2  Other necessary regulatory.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Douglas DiJulio Director – Enterprise Operations Application Support Cyber Security.
 December 2010 US Chief Information Officer Vivek Kundra released the Federal Cloud Computing Strategy. This became to be what is known as “Cloud First”
Defining your requirements for a successful security (and compliance
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
Enhancing Network Security
Your Partner for Superior Cybersecurity
Managing Compliance for All Departments
Performing Risk Analysis and Testing: Outsource or In-house
IT Best Practices Fred Limmer, IT Practice Manager.
3 Do you monitor for unauthorized intrusion activity?
Your security risk is higher than ever.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Cybersecurity - What’s Next? June 2017
Team 1 – Incident Response
Critical Security Controls
Security Standard: “reasonable security”
Secure Software Confidentiality Integrity Data Security Authentication
Understanding HIPAA Dr. Jennifer Lu.
Data Compromises: A Tax Practitioners “Nightmare”
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Joe, Larry, Josh, Susan, Mary, & Ken
Forensics Week 11.
MEASURE I CITIZEN’S OVERSIGHT COMMITTEE MEETING
Audit Findings: SQL Database
Today’s Risk. Today’s Solutions. Cyber security and
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
I have many checklists: how do I get started with cyber security?
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Cybersecurity Strategy
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
National Cyber Security
Network Security Best Practices
12 STEPS TO A GDPR AWARE NETWORK
Contact Center Security Strategies
Information Security Awareness
Drew Hunt Network Security Analyst Valley Medical Center
Overview UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. The SOC provides benefits to the University.
Technology Solutions Cybersecurity Report to the KCTCS Board of Regents March 14, 2019.
Cybersecurity and Cyberhygiene
3 Do you monitor for unauthorized intrusion activity?
Introduction to the PACS Security
6. Application Software Security
3 Do you monitor for unauthorized intrusion activity?
Presentation transcript:

September 20, 2016 How to Defend Your Organization from a Cyber Breach LTC Tim Bloechl (U.S. Army, Ret.) Director, Cyber Security Business

Simple Checklist

Who Handles Your IT and Cyber Security? 2

3 Who Manages Your Cybersecurity? Source: The Talent Shortage in Cybersecurity [INFOGRAPHIC] Steve Bova January 11, 2016

5 Acceptable Use

7 What You May Use ….

8... What Your IT Lead Would Love

9 Admin Access

10 What You Don’t Want

11

12 Way Back When …

13 Not So Long Ago … Legacy Operating Systems Operating Systems & Applications: The Older They Are, The Harder They Are to Secure

14 Security Updates

15 In the Past…..

16 …Today: Firewalls

What To Buy & Why? 17

18 Healthcare Virus Checking …

19 …Cyber Malware & Virus Scanners

20 In The Recent Past…

21 …Today: System Logs How Many Days are System and Applications Logs Maintained? Who Checks Them? How Often? Do They Use Automated Tools? Do They Know What Information Logs Reveal?

22 Data Backups

23 Use The Cloud?

24Encryption

25Wireless

26 In the Recent Past …

27 … Today: Finding Advanced Persistent Threats (APT)

28 Dealing With Computer Peripherals

29 Today’s Electronic Medical World

30 Incident Response Plan

0715Q007b31 Our Cyber Services Solutions DETERPROTECT DETECT RESPOND RECOVER QNET Platform REVIEW & REPEAT  Policy Development  Phishing Awareness Assessments  Cyber Security Training  Network Architecture Mapping  Logical Device Location  Malicious Traffic Detection  Patch Verification  PCI Audit  Vulnerability Assessment  Penetration Test  Incident Response  Forensics Analysis  COOP Execution  Implement Disaster Recovery Scheduled or Continuous 16+ Years Cyber Security Services Support for the Largest and Most Sensitive Networks in the World Example: Assessed over 25 US Army hospitals and health clinics for overall security of devices and sensitive data supporting HIPAA compliance

32 Internal Assessment Life Cycle Device and Port Interrogation Vulnerability Assessment Network Penetration Testing Remediation Passive Network Traffic Analysis Using port scanning utilities, identify devices and ports to determine the protocol and services utilized Monitoring the network traffic to determine the topology, identify critical systems, and discover rouge devices Using vulnerability assessment tools, analyze network devices to identify weaknesses which could lead to system compromise Utilizing real-world attack methods, attempt to gain access to network systems and devices (external & internal (insider threat). CyberDx Analysts will analyze the data and provide a comprehensive vulnerability report including specific remediation recommendations. Our report provides a context based assessment of the actual risk. Using CyberDx’s VA, perform remediation steps to better secure the network; Quantum can assist as requested with additional services In-Progress Reports (as required) Out-Brief Written Report & CD In-Brief Social Engineering Tests (aka: Phishing) (Optional) Data Analysis and Reporting

  Are security updates researched and applied weekly?   Is an anti-virus product installed on all systems and is it configured to update regularly?   Are any systems using an Operating system that is past the vendors End of Life?   Do all systems log security events for a minimum of 30 days?   Have all systems been secured so that default configurations are not in use? (Vendor passwords, insecure login portals, etc.)   Do all accounts require a password of at least 8 characters and does complexity require a combination of: upper and lower case letters, numbers, and special characters?   Are passwords required to be changed at least every sixty (60) days?   Is each system configured to display a warning banner notifying users that the system is restricted to authorized use only?   Is sensitive customer data encrypted?   Have all non-secure/unneeded protocols/services been disabled?   Are all system clocks synchronized to allow logs to be easily compared?   Has a firewall been installed and configured to only allow required traffic?   Is critical data backed-up daily and protected from physical damage? 33 Executive Spot-Check List

  Are administrative level accounts only issued to employees that require elevated privileges to perform their duties?   Is electronic access to sensitive data restricted to authorized personnel?   Has two-factor authentication been implemented?   Do wireless devices use current encryption (WPA2) standards to protect network traffic?   Are cyber security assessments (vulnerability scans, penetration test) performed against internal systems at least monthly?   Are external cyber security assessments (vulnerability scans, penetration test) performed against all internet facing systems at least quarterly   Is Cyber Security training presented to employees at least annually?   Has an emergency contact list for Cyber Security personnel been created?   Has a contact list for all 3rd party service providers been created?   Are hardcopies above contact lists available? (Printed copies are critical if the network or systems are down)   Has a Cyber Incident Response Plan been created and have all employees read it?   Has an Acceptable Use Policy been created, and have all users read it? 34 Executive Spot-Check List (Cont.)

BOTTOMLINE WE STRIVE TO HELP OUR CUSTOMERS AVOID THIS!

Contact Us Tim Bloechl Director, Cyber Security Business Skype: bloechlt /