Presentation is loading. Please wait.

Presentation is loading. Please wait.

Executive Director, Education Technology Services

Published byHomer Harmon Modified over 6 years ago

Similar presentations

Presentation on theme: "Executive Director, Education Technology Services"— Presentation transcript:

1 Executive Director, Education Technology Services
William (Bill) Brown is the Executive Director of Education Technology Services at Greenville County Schools. Greenville County Schools is the 44th largest school district in the nation with over 76,000 students and 9,800 employees and is the largest school district in South Carolina. Mr. Brown’s position provides vision and leadership for all technology initiatives in the school district, coordinating and directing the integration of administrative and instructional technology applications. This includes establishment of district technology strategies, organization, and structure to support effective integration of technology into the classroom instructional program and to maximize service delivery to administrative offices. Mr. Brown previously served as Chief Technology Officer and co-founder of Digital-DNS, Inc., a Greenville based Managed Services Provider. Mr. Brown has over 38 years of information technology experience within the manufacturing, healthcare, engineering, financial, education, and service related industries. Mr. Brown is a member of the FBI’s InfraGard program, a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. Mr. Brown is also a member of the South Carolina State Guard and is assigned as a Project NCO, Cybersecurity Section, Headquarters Division in Columbia. Bill Brown Executive Director, Education Technology Services Cybersecurity Briefing SCASBO 2017 Spring Conference

2 Data Breach - It Won’t Happen
IT CAN , IT WILL , IT HAS! Source: Identity Theft Resource Center “In 93% of breaches, attackers take minutes or less to compromise systems.” Source: 2016 Data Breach Investigations Report from Verizon Data breaches can destroy an organization, many small businesses that have a data breach don’t recover from the event. All organizations will experience a data breach which may result in the following tasks to mitigate the breach: A mandatory forensic examination ($20,000-$100,000+) Notification ($80,000+) Credit monitoring for affected individuals PCI compliance fines Liability for fraud charges Card replacement costs External audits Security system upgrades Data breaches can happen to anyone and probably has, even the most protected system with 24x7 monitoring can experience a data breach (example: Federal Office of Personal Management data breach impacts 21.5 million people). Sub-slide #1: On average it takes 13 minutes for an unprotected system to receive its first attack (port scan) and 93% of breaches takes minutes or less to compromise a protected system. Sub-slide #2: As we can see in this chart the type of attack that is the most successful is Hacking/Skimming/Phishing as the number one type of attack. As long as people continue to respond to phishing attacks this type of attack will trend! “There is no castle so strong that it cannot be overthrown by money.” – Cicero The people hacking our systems have deep pockets, work around the clock, and have the skills need to compromise a system or person.

3 Saturday and Sunday attacks, over 3,000+
Sleep much? 1,400 attacks at 5:00AM Cyber attacks happen at all times of the day and night. Many times they happen when skilled cyber analysts are not available. Saturday and Sunday attacks, over 3,000+ Who do you have that can respond and mitigate an attack that occurs say on Sunday morning at 3:00AM? Attacks come at all times and by different methods and some are connected to high volume events like Valentines Day or the anniversary of 911. Even a famous person’s death can generate phishing attacks. There is no calendar when it comes to the day an attack will occur. Having 24/7 monitoring is also not a guarantee that you can stop an event, these events happen in seconds/minutes and are usually over by the time you notice them.

4 Attacks in the K12 sector Attacks in the K-12 sector and delivery of malicious software is a common occurrence which happens 24x7. Greenville County has the ability to acquire data from multiple school districts which utilize the same firewall technology as we do. This is a graph of malicious software attacks across the K-12 sector since August of 2015. Sub-slide #1: As you can see in this graph there were a high number of attacks in December of 2016, over 40,000. February’s attack level was in the 16,000 range across the K-12 sector. Sub-slide #2: Malicious software is being delivered to systems in K-12 using a variety of methods, the most common are SMTP or and Web Browsing. Phishing, Spear Phishing (directed attacks), and Whaling (directed attacks at senior officials) is the largest problem we face today followed by hijacked web sites. One other method that is gaining traction is phone calls. You may get a call from the IRS, FBI, DHS or even vendors like Microsoft and Apple. The calls look legit because they are using area codes within the US generally from the cities where the organization resides. Sub-slide #3: And the source of these attacks, just about every country in the world. And tracking the foreign actor is nearly impossible because they can bounce Internet traffic to any country and use that country as a conduit. Multiple hops are pretty common with the professionals. An actor in China could route their attack through Russia and attack you in the U.S. Initial investigation would indicate the attack is coming from Russia, as an example. Many countries are known for not working together and a trace of an attack would be impossible. Say as an example, routing traffic through Iran, then through Israel before it comes to the U.S. Instructions for routing your traffic is available on the Internet with a step-by-step video on YouTube. “The first step in solving a problem is recognizing there is one” – Will Mcavoy

5 Trends Spora: Malware researchers are keeping close tabs on a new ransomware strain called Spora that offers victims unique payment options and comes with top-notch encryption. Ransomware! Sources: Palo Alto Unit 42, Trend Micro “Ransomware growth will plateau in 2017, but attack methods and targets will diversify”

6 What can we do? Consider implementing an Information Security Management System either NIST 800 or ISO: with top-down management support Consider providing Identity Theft coverage as a standard benefit Encrypt everything; laptops, flash drives, portable storage, cell phones, mobile devices, etc. Change passwords frequently and use complex passwords (never the same for different sites) Awareness, Awareness, Awareness!!!

7 (Video removed because of size) An example of top-down support for an Information Security Management System. Greenville County Schools has adopted the International standard ISO:27001

Download ppt "Executive Director, Education Technology Services"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
IT GOVERNANCE COMMITTEE MEETING February 19, 2008.

IT GOVERNANCE COMMITTEE MEETING February 19, 2008.
© 2008. Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.

© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Protecting Customer Websites and Web Applications Web Application Security.

Protecting Customer Websites and Web Applications Web Application Security.
** Deckplate training for Navy Sailors **.  On Thursday, 9 July, the Office of Personnel Management (OPM) announced a cyber incident exposed the federal.

** Deckplate training for Navy Sailors **.  On Thursday, 9 July, the Office of Personnel Management (OPM) announced a cyber incident exposed the federal.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
Contact Center Security Strategies Karl Walder Director - Solutions Noble Systems.

Contact Center Security Strategies Karl Walder Director - Solutions Noble Systems.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
Cyber Security Nevada Businesses Overview June, 2014.

Cyber Security Nevada Businesses Overview June, 2014.
PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.
The Office of Information Technology Campus Network Upgrade A three year plan facilitating increased reliability, functionality and speed for the UTSA.

The Office of Information Technology Campus Network Upgrade A three year plan facilitating increased reliability, functionality and speed for the UTSA.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
The Changing World of Endpoint Protection

The Changing World of Endpoint Protection
A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

Similar presentations

Ads by Google