Presentation is loading. Please wait.

Presentation is loading. Please wait.

Earth’s Mightiest Heroes: Combating the Evils Lurking in Cyberspace

Published byRandell Blake Modified over 6 years ago

Similar presentations

Presentation on theme: "Earth’s Mightiest Heroes: Combating the Evils Lurking in Cyberspace"— Presentation transcript:

1 Earth’s Mightiest Heroes: Combating the Evils Lurking in Cyberspace
September 29, 2016 2016 CACR Summit Kim Milford Joanna Grama REN-ISAC

2 Agenda A little bit about us Higher Ed InfoSec Workforce Demographics
InfoSec Workforce Trends and Changing Needs REN-ISAC

3 Speaker Bio Kim Milford Executive Director, REN-ISAC
Work in IT security, policy, privacy, risk, business continuity planning and compliance since 1996 A wearer of many hats (literally and figuratively) Always looking for the next big innovation and how it impacts risks REN-ISAC

4 REN-ISAC Aid and promote cyber security operational protection and response within the higher education and research (R&E) communities. Within the context of a private community of trusted representatives at member institutions, and in service to the R&E community at-large. Serve as the R&E trusted partner for served networks, the formal ISAC community, and in other commercial, governmental, and private security information sharing relationships. REN-ISAC

5 Speaker Bio Joanna Grama
Director of Cybersecurity and IT GRC Programs at EDUCAUSE Work in IT security, policy, privacy, risk, compliance and legal issues since 2000 Admitted work-a-holic willing to invent fun Social media addict REN-ISAC

6 Visit us at www.educause.edu.
EDUCAUSE helps people who lead, manage, and use technology to make better decisions about Enterprise systems Strategic leadership Teaching and learning Cybersecurity REN-ISAC Visit us at

7 EDUCAUSE Cybersecurity Initiative
Lead by the Higher Education Information Security Council (HEISC); an EDUCAUSE and Internet2 partnership Working Groups Yearly Security Professionals Conference The Information Security Guide (practitioner resource) Mentoring Program Security Discussion List @HEISCouncil The Higher Education Information Security Council (HEISC) supports higher education institutions as they improve information security governance, compliance, data protection, and privacy programs. Learn about HEISC and its programs at REN-ISAC

8 Heroes in the Workforce
REN-ISAC

9 Higher Ed IT Positions in Short Supply
REN-ISAC Today’s Higher Education IT Workforce.

10 CISO Role REN-ISAC Source: Grama, Joanna L., and Leah Lang. CDS Spotlight: Information Security. ECAR, July 3, 2015.

11 (Coming Soon to a Webpage Near You)
2016 CISO Research (Coming Soon to a Webpage Near You) REN-ISAC

12 CISO Survey Research Report, Forthcoming 2016 Q4
Today’s CISO SNEAK PEEK REN-ISAC CISO Survey Research Report, Forthcoming 2016 Q4

13 CISO Survey Research Report, Forthcoming 2016 Q4
Today’s CISO SNEAK PEEK REN-ISAC CISO Survey Research Report, Forthcoming 2016 Q4

14 CISO Survey Research Report, Forthcoming 2016 Q4
Today’s CISO SNEAK PEEK REN-ISAC CISO Survey Research Report, Forthcoming 2016 Q4

15 Top CISO Responsibilities
SNEAK PEEK Information security policies (including development & compliance) Incident management Awareness and training Information security compliance Risk assessment and management Organization of information security At least 90% of CISOs said they are currently responsible for these duties at their institution. REN-ISAC CISO Survey Research Report, Forthcoming 2016 Q4

16 CISO Survey Research Report, Forthcoming 2016 Q4
CISO Reporting Lines SNEAK PEEK REN-ISAC CISO Survey Research Report, Forthcoming 2016 Q4

17 CISO Survey Research Report, Forthcoming 2016 Q4
The Board and the CISO SNEAK PEEK REN-ISAC CISO Survey Research Report, Forthcoming 2016 Q4

18 CISO Survey Research Report, Forthcoming 2016 Q4
CISO Influence Highly influential How influential do you feel you are at your institution? SNEAK PEEK Not at all influential REN-ISAC CISO Survey Research Report, Forthcoming 2016 Q4

19 CISO Survey Research Report, Forthcoming 2016 Q4
The Making of a CISO SNEAK PEEK REN-ISAC CISO Survey Research Report, Forthcoming 2016 Q4

20 Your text here On Guard for Threats! REN-ISAC

21 Data Breaches in Higher Education
REN-ISAC Source: Milford, Kim, and Joanna Grama. This Magic Moment: Reflections on Cybersecurity. EDUCAUSE Review, September, 2015 (updated with complete 2015 data).

22 Threat Trends 80% of the time, the threat actor is external to the organization Time to discover (more than 1 day over 75% of the time) is still way behind time to compromise 99.9% of exploited vulnerabilities were compromised more than a year after the vulnerability was published. Ransomware is a growing attack vector Phishing is now the established initial attack vector for online crime, nearly 50% of users open phishing and click on the link within the first hour Mobile is not a big vector in data breaches REN-ISAC

23 Malicious Actors Target US College and Universities
REN-ISAC

24 Protecting Cyberspace
REN-ISAC

25 Security Practices REN-ISAC
Source: Grama, Joanna L., and Leah Lang. CDS Spotlight: Information Security. ECAR, August 10, 2016.

26 50 percent of U.S. institutions track information security metrics.
Security Preactices 71 percent of U.S. institutions have mandatory information security training for faculty or staff. 78 percent of U.S. institutions have conducted some sort of IT security risk assessment. The most commonly deployed information security systems and technologies are malware protection (92 percent), secure remote access (90 percent), and secure wireless access (85 percent). 50 percent of U.S. institutions track information security metrics. REN-ISAC Source: Grama, Joanna L., and Leah Lang. CDS Spotlight: Information Security. ECAR, August 10, 2016.

27 Central & Fed Identity Mgmt
Security Practices 2 Factor AuthN Data Loss Protection Central & Fed Identity Mgmt Whole Disk Encryption Log Accum & Analysis Vulnerability Scans

28 Origin Stories: The Evolution of Heroes
REN-ISAC

Download ppt "Earth’s Mightiest Heroes: Combating the Evils Lurking in Cyberspace"

Similar presentations

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
HEISC Town Hall Webinar: 2012-2013 Strategic Plan Host: Larry Conrad CIO, UNC-Chapel Hill & HEISC Co-Chair.

HEISC Town Hall Webinar: Strategic Plan Host: Larry Conrad CIO, UNC-Chapel Hill & HEISC Co-Chair.
REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10, 2008 1.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10,
PAGE 1 | Gradient colors 14 149 115 0 121 91 13 137 105 RGBRGB Diagrams 142 230 0 127 205 0 137 222 0 RGBRGB 242 174 107 255 131 0 240 161 82 RGBRGB 166.

PAGE 1 | Gradient colors RGBRGB Diagrams RGBRGB RGBRGB 166.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
EDUCAUSE Update CHECO Fall Meeting Catherine Yang,

EDUCAUSE Update CHECO Fall Meeting Catherine Yang,
Identity, Privacy, and Security: Higher Education Policy and Practice Rodney Petersen Government Relations Officer Director of Cybersecurity Initiative.

Identity, Privacy, and Security: Higher Education Policy and Practice Rodney Petersen Government Relations Officer Director of Cybersecurity Initiative.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
The Here and Now of Higher Ed IT Governance, Risk, and Compliance Efforts Jacqueline Bichsel, PhD Senior Research Analyst EDUCAUSE AIRI, May 8, 2014.

The Here and Now of Higher Ed IT Governance, Risk, and Compliance Efforts Jacqueline Bichsel, PhD Senior Research Analyst EDUCAUSE AIRI, May 8, 2014.
© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.

© 2003, EDUCAUSE/Internet2 Computer and Network Security Task Force Computer Access, Privacy and Security: Legal Obligations and Liabilities Rodney J.
Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.

Enterprise Security. Mark Bruhn, Assoc. VP, Indiana University Jack Suess, VP of IT, UMBC.
Agenda Do You Need to Be Concerned? Information Risk at Nationwide

Agenda Do You Need to Be Concerned? Information Risk at Nationwide
Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Australia Cybercrime Capacity Building Conference 27-28 April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.

Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.
EDUCAUSE 2014 Top Ten IT Issues. Today’s Agenda Introduction to EDUCAUSE IT Issues History & Methodology 2014 Top Ten IT Issues Selected Issues Reviewed.

EDUCAUSE 2014 Top Ten IT Issues. Today’s Agenda Introduction to EDUCAUSE IT Issues History & Methodology 2014 Top Ten IT Issues Selected Issues Reviewed.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher.

NSF Cybersecuity Summit May REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher.
Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:

Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:
CSG Meeting, January 12, 2016. 2016 Top 10 Strategic Technologies.

CSG Meeting, January 12, Top 10 Strategic Technologies.

Similar presentations

Ads by Google