Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity Policies & Procedures ICA

Published byJulius Farmer Modified over 6 years ago

Similar presentations

Presentation on theme: "Cybersecurity Policies & Procedures ICA"— Presentation transcript:

1 Cybersecurity Policies & Procedures ICA
April 2017

2 Q: Who is Responsible for Cybersecurity? Isn’t it just IT’s Problem?

3 Risk Responsibility YOU!
Cyber risk is an imperative for everyone within the enterprise – but ultimate responsibility for overseeing risk rests with top leaders. YOU!

4 Managing Business Risk…..
Boards & Top Managers should ask some basic questions: Do we demonstrate due diligence and effective management of cyber risk? Do we have the right leadership and organizational talent? Have we established an appropriate cyber risk escalation framework?

5 ….Managing Risk What have we done to protect the company against third-party cyber risks? Can we rapidly contain damages and mobilize response resources when a cyber incident occurs? How do we evaluate the effectiveness of our company’s cyber risk program?

6 EVERY DEPARTMENT’s PROBLEM: Functions Most Likely to Be Affected by a Breach
Operations 36% Finances 30% Brand Reputation 26% Customer Retention 26% Regulatory Scrutiny 19% Cisco 2017

7 Cyber Security & Employees
“Things have changed over the past few years…cyber criminals are now focusing increasingly on employees … as the weak link in the security chain” Think HR Not just Management Not just IT Department

8 NIST Cybersecurity Framework
When will we implement all the good ideas from the conference? When we have Time? When we can figure out How? When we can find someone to put it together?

9 Right Here…….Right Now NO MORE EXCUSES: Pull out your Pencils or Pens
Open the Portfolios WE ARE GOING TO WORK!

10 Framework Core [one more time]
IDENTIFY What assets need protection? PROTECT What safeguards are available? DETECT What techniques can identify incidents? RESPOND What techniques can contain impacts of incidents? RECOVER What techniques can restore capabilities?

11 IDENTIFY – Asset Management
Physical devices & systems are inventoried Software platforms & applications are inventoried Communication & data flows are mapped External info systems are catalogued Resources prioritized based on classification, criticality & business value

12 IDENTIFY – Asset Management
Roles & Responsibilities “ETHICS POLICY”

13 IDENTIFY Business Environment
Role in supply chain is identified & communicated Place in critical infrastructure is identified & communicated Priorities for mission, objectives & activities are established and communicated Dependencies & critical functions for delivery of critical services are established Resilience requirements to support delivery of critical serves are established

14 IDENTIFY – Governance Information security policy is established
Information security roles & responsibilities are coordinated and aligned with internal roles & external partners Legal and regulatory requirements regarding cybersecurity including privacy and civil liberties obligations are understood and managed Governance and risk management processes address cybersecurity risks

15 IDENTIFY – Risk Assessment
Asset vulnerabilities are identified and documented Threat and vulnerability information is received from information sharing forums and sources Threats, both internal and external, are identified and documented Potential business impacts and likelihoods are identified Threats, vulnerabilities, likelihoods and impacts are used to determine risk Risk responses are identified & prioritized

16 IDENTIFY – Risk Management Strategy
Risk management processes are established, managed and agreed to by organizational stakeholders Risk tolerance is determined and clearly expressed Determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis

17 PROTECT – Access Control
Identities & credentials are managed for authorized devices and users “PASSWORD PROTECTION POLICY”

18 PROTECT – Access Control
Physical access to assets is managed and protected “ACCEPTABLE USE POLICY”

19 PROTECT – Access Control
Remote access is managed Access permissions are managed, incorporating the principles of least privilege and separation of duties Network integrity is protected, incorporating network segregation where appropriate

20 PROTECT – Awareness & Training
All users are informed & trained Privileged users understand roles & responsibilities Third-party stakeholders [e.g. suppliers, customers, etc.] understand roles & responsibilities Senior executives understand roles & responsibilities

21 PROTECT – Data Security
Data-at-rest is protected Data-in-transit is protected Assets are formally managed throughout removal, transfer and disposition Adequate capacity to ensure availability is maintained Protections against data leaks are implemented Integrity checking mechanisms are used to verify software, firmware and information integrity The development and testing environments are separate from the production environment

22 PROTECT – Information Protection Processes & Procedures
A baseline configuration of information technology/industrial control systems is created and maintained “ POLICY”

23 PROTECT – Information Protection Processes & Procedures
A System Development Life Cycle to manage systems is implemented Configuration change control processes are in place Backups of information are conducted, maintained and tested periodically Policy & regulations regarding the physical operating environment for organizational assets are met

24 PROTECT – Information Protection Processes & Procedures
Data is destroyed according to policy Protection processes are continuously improved Effectiveness of protection technologies is shared with appropriate parties Response plans and recovery plans are in place and managed Response and recovery plans are tested

25 PROTECT – Information Protection Processes & Procedures
Cybersecurity is included in human resources practices [e.g. deprovisioning, personnel screening] “CLEAN DESK POLICY”

26 PROTECT – Information Protection Processes & Procedures
A vulnerability management plan is developed and implemented

27 PROTECT - Maintenance Maintenance and repair of organizational assets is performed and logged in a timely manner, with approved and controlled tools Remote maintenance of organization assets is approved, logged and performed in a manner that prevents unauthorized access

28 DETECT – Anomalies & Events
A baseline of network operations and expected data flows for users and systems is established and managed Detected events are analyzed to understand attack targets and methods Event data are aggregated and correlated from multiple sources and sensors Impact of events is determined Incident alert thresholds re-established

29 DETECT – Security Continuous Monitoring
The network is monitored to detect potential cybersecurity events The physical environment is monitored to detect potential cybersecurity events Personnel activity is monitored to detect potential cybersecurity events Malicious code is detected

30 DETECT – Security Continuous Monitoring
Unauthorized mobile code is detected External service provider activity is monitored to detect potential cybersecurity events Monitoring for unauthorized personnel, connections, devices and software is performed Vulnerability scans are performed

31 DETECT – Detection Process
Roles & responsibilities for detection are well defined to ensure accountability Detection activities comply with all applicable requirements Detection processes are tested Event detection information is communicated to appropriate parties Detection processes are continuously improved

32 RESPOND – Response Planning
Response plan is executed during or after an event “SECURITY RESPONSE PLAN POLICY”

33 RESPOND - Communications
Personnel know their roles and order of operations when a response is needed Events are reported consistent with established criteria Information is shared consistent with response plans Coordination with stakeholders occurs consistent with response plans Voluntary information sharing occurs with external stakeholders to achieve broader cybersecurity situational awareness

34 RESPOND - Analysis Notifications from detection systems are investigated The impact of the incident is understood Forensics are performed Incidents are categorized consistent with response plans

35 RESPOND - Mitigation Incidents are contained Incidents are mitigated
Newly identified vulnerabilities are mitigated or documented as accepted risks

36 RESPOND - Improvements
Response plans incorporate lessons learned Response strategies are updated

37 RECOVER – Recovery Planning
Recovery plan is executed during or after an event “DISASTER RECOVERY PLAN POLICY”

38 RECOVER - Improvements
Recovery plans incorporate lessons learned Recovery strategies are updated

39 RECOVER - Communications
Public relations are managed Reputation after an event is repaired Recovery activities are communicated to internal stakeholders and executive and management teams

40 Emergency Plan What’s Your Plan???? P R A KEY ‘P’
Ops Eng IT Dep HR Dep PRE-EMERGENCY PREPARATION IT Data backup and protection P Generator Maintenance R PREPARATION JUST BEFORE EVENT Verify backup & Protection of IT Data Verify protection of IT Network RESPONSE DURING EVENT Monitor status of systems Manage EOC RECOVERY AFTER EVENT Assess Network Damage & Status Initiate System Repair & Recovery Account for all Personnel A What’s Your Plan???? KEY ‘P’ Perform Task [champion] “A” Assists with Task “R” Resource Support

41 We’ve Got A Good Start “Cyber risk concerns stretch well beyond IT and well beyond the walls of the enterprise – to every partner, to every customer, to every worker, and to every business process.” Deloitte

42 Sources Deloitte Cisco Think HR Unitel Network World US Telecom NIST
SANS Institute

43 If you’d like to continue conversation…..
Judi Ushio GVNW Consulting, Inc.

Download ppt "Cybersecurity Policies & Procedures ICA"

Similar presentations

EMS Checklist (ISO model)

EMS Checklist (ISO model)
Business Continuity Training & Awareness by Sulia Toutai (ANZ)

Business Continuity Training & Awareness by Sulia Toutai (ANZ)
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.

Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Introduction to Network Defense

Introduction to Network Defense
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google