Presentation is loading. Please wait.

Presentation is loading. Please wait.

Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.

Published byOliver Lang Modified over 6 years ago

Similar presentations

Presentation on theme: "Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017."— Presentation transcript:

1 Increasing Information and Data Security in Today’s Cybersecurity World
2017 Conference Review 6/6/2017

2 Who is Blue Canopy? Operating at the intersection of mission and technology, Blue Canopy Group is one of the fastest growing Technology Solutions and Cybersecurity Firms in the United States. At Blue Canopy, we are relentless in our pursuit to innovate and help our clients’ problem solve by building solutions as a team. We are headquartered in Reston, Virginia and employ over 600+ highly skilled professionals.

3 Who is Blue Canopy? One of our core competencies is understanding the business and cybersecurity needs within the Financial Industry and the Financial Regulatory Agencies. Blue Canopy is uniquely positioned to provide guidance to both the private and public sector in tackling large scale initiatives such as: 3

4 Blue Canopy Corporate Awards and Recognition

5 Cybersecurity & the Student Aid Industry
Jonathan Edwards is a Cybersecurity Senior Director at Blue Canopy Program Manager for Federal Student Aid’s Cybersecurity Support Program. 5

6 Cybersecurity Landscape Has Changed
Student Aid and Student Loan Organizations are now Major Targets: Social Security Numbers Financial Records Techniques: Phishing Attacks Social Engineering Exploiting Un-Patched Systems Ransomware Hackers gaining sensitive information through Financial application. 6

7 Shift to Cyber Risk Management over Compliance
Federal and Commercial Sector Shifting to focus on Cyber Risks: People, Processes, Technology Security Training and Cyber Knowledge Skills Assessments Incident and Breach Response Understanding Threats (Both Outside and Inside) Vulnerability and Patch Management Security Operations and Continuous Monitoring Application Level Security Modernization through the Cloud 7

8 Cybersecurity Industry Best-Practices
Federal Agencies will be evaluating Contractors/Commercial Vendors on: Incident and Breach Response Understand and Oversight of all IT assets, and data stored, transmitted and processed. Vulnerability and Patch Management Security Operations and Continuous Monitoring Application Level Security Cloud Implementation (Security Framework) Best Practice Requirements: The White House and Department of Homeland Security have mandated that all Federal Agencies be compliant with Information Security Continuous Monitoring (ISCM) and Continuous Diagnostics and Mitigation (CDM) and FedRAMP Cloud Standards. ISCM and CDM align with the SANS Institute CIS Critical Security Controls (Commercial Best Practice), as well. 8

9 What Do New Federal Mandates Mean to Us?
Requirements Driven Down to Commercial Contractors and Vendors: Federal Agencies, like FSA, IRS, FDIC and Treasury, will require their support contractors and service providers to meet the ISCM, CDM and SANS CIS Critical Control Requirements. Incident and Breach Response – How mature is your cybersecurity program to identify and detect breaches, notify the appropriate personnel, respond and mitigate these threats? IT Asset Management and Information Management – Do you know what your IT footprint is and where all your IT assets are? Do you know where all your sensitive data and information are stored, transmitted and processed? Vulnerability & Patch Management – Are all your IT assets continuous assessed for new vulnerabilities and patches? Are you mitigating deficiencies in a timely manner? Security Operations and Continuous Monitoring – Do you have Security Monitoring Support (Internal or External) watching and responding to threats? 9

10 Rise of Ransomware – WannaCry?
Rise of Ransomware in 2017 What is it? Attack based on gaining access to data, systems, or devices and encrypting them “for ransom” so that a victim cannot regain access to them. Easier than data extraction. 638 Million attacks in 2016 (167% rise from 2015) Estimated $1.2 Billion was paid out by victims of attacks 10

11 Rise of Ransomware – WannaCry?
How it Works: Exploits a Microsoft Vulnerability very commonly found on Windows Servers and Machines. Attackers Exploited a Top 3 Cyber Issue facing Businesses: Lack of Enterprise Vulnerability and Patch Management Security Patch was available since March 2017. 230,000 computers in 150 countries were affected. How can we defend against WannaCry? Perform authenticated vulnerability scans on all devices. Patch Monthly or when critical weaknesses are found. If you become a victim of ransomware, do not pay out. 50% or more do not receive their data back. 11

12 How Can We Prepare for the Future?
Commission an Independent Risk Assessment: Evaluate the Organizations Cybersecurity Risk Posture for: #1 Independence is Key Security Training and Skills Incident and Breach Response Program Vulnerability and Patch Management Processes Asset and Information Management Security Operations and Continuous Monitoring Security Policies, Procedures and Guidance Use of Independent Security Assessments Compliance with Best Practices like SANS, NIST ISCM and CDM.

13 How Can We Prepare for the Future?
Cybersecurity Knowledge Skills and Needs Assessment Stronger Security Training Programs – All Levels of the Organization. New Rule: If you use IT systems or interact with personnel who do, you must be trained. Recommend Hiring Training Experts 50+% of Hacks are due to Employees clicking on malicious s and links. Test through simulations at all levels.

14 How Can We Prepare for the Future?
Incident and Breach Response Capabilities Ensure Security Administrators receive Latest Commercial Threat Intelligence to understand what is our there in your sector. Test your organization against current and emerging treats through simulated security incidents. (Recommend Quarterly) Lessons Learned: Take back the results and improve your people/processes/technologies against incidents. If Financial Feasible – Outsource Technical Services (CSIRC and SOC)

15 How Can We Prepare for the Future?
Vulnerability and Patch Management: Invest in latest scanning capabilities. (Not all vendors are equal) Fully credentialed and authenticated scanning. Prioritize vulnerabilities by Critical to Low. Implement dedicated patch cycles based on vendor releases and updates. Perform periodic security testing of applications. (Business and Technical) When critical vulnerabilities are found, respond and remediate. (WannaCry) 15

16 How Can We Prepare for the Future?
Security Operations and Continuous Monitoring People, Processes and Technology are required. Who is monitoring your network? Do I have 24 x 7 coverage against attacks? When threats, vulnerabilities and weaknesses are identified, do we have a continuous process in place to respond? If the answer is “No”, look to outsource support to specialized companies who can provide services. Develop processes to identify, notify, prioritize and respond to risks within your organization. (Continuous Monitoring Program) 16

17 How Can We Prepare for the Future?
Benefits of Leverage the Cloud: Drive Down IT Infrastructure and Specialized Service Costs Dramatically Cloud Service Providers (CSPs) build in Cyber Best Practices Lower Server, Network and Infrastructure Costs Cloud Provider can perform Systems and Security Administrator Functions as a service. Patch and Vulnerability Management can be “built-in” Security-as-a-Service can be implemented within Cloud Hosting. Many CSPs can meet Federal Standards, such as FedRAMP and ISCM without large increases in cost to you. Use Third-Party Assessment Organizations (3PAOs) to help you become compliant and Authorized.

18 Senior Director | Cybersecurity
Jonathan Edwards Senior Director | Cybersecurity 2017 Conference Review

Download ppt "Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017."

Similar presentations

David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.

Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.

Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Did You Hear That Alarm? The impacts of hitting the information security snooze button.

Did You Hear That Alarm? The impacts of hitting the information security snooze button.
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Fraud and Prevention: Lessons from the Fire Service August 24, 2015 1.

Fraud and Prevention: Lessons from the Fire Service August 24,
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
IT Security – Scanning / Vulnerability Assessment David Geick State of Connecticut IT Security.

IT Security – Scanning / Vulnerability Assessment David Geick State of Connecticut IT Security.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Similar presentations

Ads by Google