Presentation is loading. Please wait.

Presentation is loading. Please wait.

Team 2 – understand vulnerabilities

Published byDwight Alexander Modified over 6 years ago

Similar presentations

Presentation on theme: "Team 2 – understand vulnerabilities"— Presentation transcript:

1 Team 2 – understand vulnerabilities
Team 2: Target IT Programs – Legacy and New Development How would you assess current vulnerabilities of your current development projects and legacy programs? How would you do manage risk going forward? The Board of Directors and Senior Leadership want to provide assurances that the breach cannot occur again. What assurances can you provide? What would you want different in your testing and audits?

2 Fazio lacked user training to protect from phishing emails
How would you assess current vulnerabilities of your current development projects and legacy programs? Fazio vendor malware was not robust enough; used free version of Malwarebyte--no real-time protection Fazio lacked user training to protect from phishing s Target did not ensure trusted vendor’s systems were adequately protected Target Security Operations Center (SOC) was evidently not trained well enough to react properly to intrusion detection software (IDS) notifications IDS was set to detect, not take any other action Sensitive customer info was not adequately protected Target did not use/require 2-factor authentication

3 HOW WOULD YOU DO MANAGE RISK GOING FORWARD?
Target ensure/validate all trusted vendors systems are adequately protected before allow access (e.g. use commercial grade IDS) Ensure up-to-date training on phishing s Ensure SOC is trained on responding to IDS detection notifications Incorporate 2-factor authentication Ensure SOC is aware of industry on-going security trends/threats Use “white listing”

4 Increase security and awareness through the risk management actions
The Board of Directors and Senior Leadership want to provide assurances that the breach cannot occur again. What assurances can you provide Increase security and awareness through the risk management actions

5 What would you want different in your testing and audits?
Ensure that adequate security processes for in-house and 3rd party vendors are baked in Ensure audits are performed in a timely manner Ensure all testing and audit processes are properly followed Ensure vulnerabilities are adequately patched

6 Team 5: Senior Corporate Operations Group
What is the best way to manage the risk of others interfacing with our network and systems? Enclave systems that vendors need access to How should you control others on your network for access and authorization? Enclaving systems White Listing 2-factor authentication What should be required of vendors and sub-contractors to work with your systems Require cyber security training B-2-B agreement How do you ensure proper training and certification of sub-contractors and vendors? Require review of all training documents/process and do not grant access till all requirements are met

Download ppt "Team 2 – understand vulnerabilities"

Similar presentations

All Rights Reserved, Duke Medicine 2007 IT Security Presented by: Trisha Craig and Don Elsner Principal Auditors – IT Audit Duke University 1.

All Rights Reserved, Duke Medicine 2007 IT Security Presented by: Trisha Craig and Don Elsner Principal Auditors – IT Audit Duke University 1.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Information Security Policies and Standards

Information Security Policies and Standards
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Controls for Information Security

Controls for Information Security
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Keogh and Associates Copyright 2003 Sellers, Resellers, Integrators, Consultants What Are Their Roles?? Presenter Colin Keogh Keogh and Associates.

Keogh and Associates Copyright 2003 Sellers, Resellers, Integrators, Consultants What Are Their Roles?? Presenter Colin Keogh Keogh and Associates.
© BITS 2009. BITS and FSSCC R&D Efforts John Carlson Senior Vice President of BITS Panel on Data Breaches in Payments Systems-- Roles and Best Practices.

© BITS BITS and FSSCC R&D Efforts John Carlson Senior Vice President of BITS Panel on Data Breaches in Payments Systems-- Roles and Best Practices.

Similar presentations

Ads by Google