Tom Murphy Chief Information Security Officer

Slides:



Advertisements
Similar presentations
7 Effective Habits when using the Internet Philip O’Kane 1.
Advertisements

David A. Brown Chief Information Security Officer State of Ohio
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Topic 5: Basic Security.
Strong Security for Your Weak Link: Implementing People-Centric Security Jennifer Cheng, Director of Product Marketing.
Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
New A.M. Best Cyber Questionnaire
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
Computer Security By Duncan Hall.
Cybersecurity Test Review Introduction to Digital Technology.
1 #UPAugusta Today’s Topics What are Deadly IT Sins? Know them. Fear them. Fix them. #UPAugusta201 6.
What lessons can we learn from other data breaches? Target Sentry Insurance Dynacare Laboratories 1 INTRODUCTION.
External Threats Internal Threats Nation States Cyber Terrorists Hacktivists Organised criminal networks Independent insider Insider planted by external.
PCs ENVIRONMENT and PERIPHERALS Lecture 10. Computer Threats: - Computer threats: - It means anything that has the potential to cause serious harm to.
CDAC ITS Security Awareness How to help your daily computer activities remain safe and sane.
Tuesday March 15, 2016 Session 19-D Technology Forum David Finkelstein, CIO RiverSpring Health.
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.
Presented by: Mike Gerdes Director, Information Security Center of Expertise Cybersecurity State of the Union.
Securing Information Systems
Identifying and Preparing for Emerging Industry Risks
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
Earth’s Mightiest Heroes: Combating the Evils Lurking in Cyberspace
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.
Fusion Center ITS security and Privacy Operations Joe Thomas
Cisco 2017 Security Annual Report
Public Facilities and Cyber Security
Journey to Microsoft Secure Cloud
Business At the Speed of Cyber
That could never happen to me! Think again.
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Presented by Security Management Partners Waltham, MA
Dissecting the Cyber Security Threat Landscape
Office 365 with confidence: security features for Office 365
Securing Information Systems
Jon Peppler, Menlo Security Channels
Today’s Risk. Today’s Solutions. Cyber security and
Cybersecurity Awareness
4 ways to stay safe online 1. Avoid viruses and phishing scams
Cyber Security in the Mortgage Industry
Strong Security for Your Weak Link:
General Counsel and Chief Privacy Officer
Cyber Trends and Market Update
Home Internet Vulnerabilities
Ethics, Part 2 Chapter 5 pp National Income Tax Workbook™
Security Essentials for Small Businesses
David J. Carter, CISO Commonwealth Office of Technology
Information Systems for Health:
Ransomware and Data breaches in public libraries
Anatomy of a Large Scale Attack
Steppa Cyber Security Training Tips Your Business Was Seeking For With Cyber Security Training!
How to keep the bad guys out and your data safe
Strategic threat assessment
Security in mobile technologies
Wireless Spoofing Attacks on Mobile Devices
Introduction to the PACS Security
Security Trends and Threats Affecting Innovations in Technology
In the attack index…what number is your Company?
Threat Landscape Update
Cybersecurity Simplified: Phishing
School of Medicine Orientation Information Security Training
Presentation transcript:

Tom Murphy Chief Information Security Officer Cybersecurity Tom Murphy Chief Information Security Officer

Recent Trends and Events The World: 14 million subscriber’s data breached 145.5 million consumer’s data breached Malware on payment systems (not disclosing number of records) 57 million user’s data breached (paid hackers $100,000 to keep quiet) Higher Education: A hard drive containing the personal information of approximately one million people was stolen from a University storage unit in Olympia, WA.  Names, birthdates, Social Security numbers and salary information for nearly 10,000 non-teaching university employees. Several universities victimized by one bad actor, who used common exploits to break in, then offered to sell backdoor access to their systems on anonymous web sites

Recent Trends and Events Northwestern: Impersonation: Increased targeted email and phishing messages purporting to be from senior leaders. These messages include malicious links, ask for wire transfers, or contain language that threatens personal and institutional reputation. Phishing: Despite blocking over eighty million spam and phishing messages each month, our community continues to fall prey using Northwestern and personal email accounts. Compromised accounts: At least once per week, account-holders are duped into providing their passwords either through phishing messages or click-bait on web sites. Impersonation Link from Phishing Vulnerabilities: Meltdown and Spectre global threat based on flaws in nearly all modern computer processors. Malware downloads: Notification from U.S. Department of Justice that five devices within our networks were infected with Fruitfly malware which turns on the camera on a Mac. Northwestern Information Technology and school support areas eradicated.

The Northwestern Environment Measures of scale: Growth of external partnerships: 65,000 NetIDs 100+ cloud apps 80,000 wired network ports (58,000 unique) 60+ service provider assessments per year 6,000 wireless access points Attack Volume: Wireless access totals (Fall 2016): 135,000 unique devices accessed by NetID, 50,000 unique devices accessed by guests 80 million spam/phishing emails blocked each month Over 20,000 unique, unmanaged mobile devices connect each month 16 million Internet attacks blocked each month originating from: Accessed from more than 190 countries Systems, servers, and storage: More than 6,000 servers 3.0 petabytes of storage (equivalent to 25,000 DVRs) Measures of volume: 20 compromised accounts/month 10 compromised computers per month Six gigabits per second of inbound traffic 2-3 impactful events/year (loss or compromise of device, system, or account) 150M email messages a month

Northwestern’s Top Enterprise Information Security Risks Major potential impacts of reputational damage and loss of confidence Northwestern’s top enterprise information security risks have been identified in alignment with the Enterprise Risk Management (ERM) framework: Exposure or compromise of Health Insurance Portability and Accountability Act (HIPAA)/Health Information Technology for Economic and Clinical Health (HITECH) data Exposure or compromise of data resulting from gaps in coordination of risk between the Feinberg School of Medicine and Northwestern Memorial Hospital Corporation (NMHC) Compromise of key research or institutional data Third-party vendor security Systems availability or disruption Breakdown in breach response Ransomware

Information Security Office Enhance role definitions to increase capacity and maturity required to protect the University's information assets and to provide essential resources to help members of the Northwestern Community fully participate in this effort

Information Security Support & Resources FSM 847-491-4357 or 1-HELP (from on campus) FSMIT-policy@northwestern.edu http://www.feinberg.northwestern.edu/it/standards-policies/information-security/index.html Carl Cammarata, Senior Director, Chief Information Security Officer, 312-503-2822 David Gundrum, Senior Information Security Analyst, 312-503-3869 Marvina Roebuck, Senior Information Security Analyst, 312-503-5735 Leon Tran, Information Security Analyst, 312-503-6140 Northwestern Information Security Office (ISO) security@northwestern.edu Thomas Murphy, Chief Information Security Officer, 847-467-6422

Questions and Answers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.