Presentation is loading. Please wait.

Presentation is loading. Please wait.

Best Cyber Security Practices for Counties An introduction to cybersecurity framework.

Published byJared Kelly Modified over 8 years ago

Similar presentations

Presentation on theme: "Best Cyber Security Practices for Counties An introduction to cybersecurity framework."— Presentation transcript:

1 Best Cyber Security Practices for Counties An introduction to cybersecurity framework

2 Facts: What we must know Cyber attacks present a tangible element of risk There is no such thing as a secure network The threat landscape is constantly changing The delivery mechanism’s are becoming more advanced Training and preparing for event response determines outcome

3 Initial Tasks: What can we do? Train Inventory Identify Develop Implement Test

4 Training “We provided our staff the resources they needed to respond to this.”

5 Training: There is no substitute for competent staffing Training needs to be recurring There are several centers that provide free educational materials Participate in local and national groups

6 Inventory “The only thing hooked up is our devices and applications”

7 Inventory: What does our system look like Hardware What devices are on our network? What devices perform tasks without user intervention? What unauthorized devices are on our network? Software What software applications are on our systems? What software applications have been authorized for use?

8 Identify “We were unaware that the information we were collecting is protected”

9 Identify: Do you know where your liability is? Protected Information Can you identify what data your organization is collecting? Can you readily identify the location of the data? Can you determine what laws and regulations govern the data? Access Points Determine what network services are necessary Determine network boarders Determine User Access Determine Standard Use Patterns

10 Development “Our business strategy did not account for this type of event”

11 Development: We know what we need to protect. Now what? Policies & Procedures Create an Acceptable Use Policy Create the Security Response plan Create the Disaster Recovery Plan Create a User Awareness Plan

12 Implement “The controls we had in place prevented the situation from escalating”

13 Implement: Build your strategy Access Control Secure Network Boarders Limit Use of Network Services Isolate Local Area Networks MonitoringAuditing User Control Limit Administrative Privilege Account AuditingAccount Enforcement Patch Management Lab TestingAutomatic Deployment Information Gathering Use Centralized Log Servers Audit Access LogsAutomate Notifications Data Protection Backups

14 Test “During an exercise, we had identified a significant gap in our operation protocol”

15 Test: Are the implemented controls effective Internal Tests Simulate an event and measure effectiveness Modify the incident response plan to fill the gaps External Tests Use companies that have certified penetration testers.

16 Question and Answers Presented by: Sean Higginbotham Cascade County

Download ppt "Best Cyber Security Practices for Counties An introduction to cybersecurity framework."

Similar presentations

David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Security Controls – What Works

Security Controls – What Works
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,

Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Network security policy: best practices

Network security policy: best practices
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Information Security Training for Management Complying with the HIPAA Security Law.

Information Security Training for Management Complying with the HIPAA Security Law.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Test Organization and Management

Test Organization and Management
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Security Architecture

Security Architecture

Similar presentations

Ads by Google