Presentation is loading. Please wait.

Presentation is loading. Please wait.

David J. Carter, CISO Commonwealth Office of Technology

Published byPatience Newman Modified over 5 years ago

Similar presentations

Presentation on theme: "David J. Carter, CISO Commonwealth Office of Technology"— Presentation transcript:

1 David J. Carter, CISO Commonwealth Office of Technology
Cybersecurity Trends David J. Carter, CISO Commonwealth Office of Technology

2 The Information Technology Security Evolution
We are no longer in the business of just looking for bad things, we need to look for good things behaving badly.

3 The Information Technology Security Evolution
The Top Challenges Faced In IT Security Social Engineering Complex Systems Customer Expectations Mobile Workforce Commercialization

4 EMERGING THREATS Social Engineering
Tricking users in to providing information, access, or credentials using fear, curiosity, passions or other manipulation. Malicious Code Injecting code in to a system that can cause ill effects such as a virus, keylogger, backdoor, or other threat. Vulnerability Exploitation Taking advantage of system weaknesses or misconfigurations to gain access to data or otherwise compromise a system.

5 Social Engineering Phishing

6 Social Engineering SPEAR Phishing Social Media Corporate Site
Professional Profiles Public Information

7 Social Engineering – The RISKS
Stolen Credentials Bad actors will use social engineering to steal credentials through phishing to gain access to your systems and send more s. Even the most alert user can fall for these official looking threats. Malicious Code Bad actors will use these campaigns to plant malicious code in your systems that can lead to data loss or operational impact. This may be through attachments or links in the s they send.

8 Social Engineering – The DEFENSE
Your People

9 Social Engineering – The DEFENSE
Some Examples

10 Social Engineering – The DEFENSE
Some Examples

11 Social Engineering – The DEFENSE
Some Examples

12 Malicious Code HoW Does It Get In?

13 MALWARE – The RISKS Stolen Information
Some Malware will steal your information to be sent out to an awaiting hacker on the Internet. Information and System Integrity Some Malware, also known as Ransomware, will encrypt your data and ask that you pay a ransom to get it back. Others will attempt to impact operations such as interfering with control systems. System Access Some Malware will establish what is known as persistence, meaning that it will establish a back door that the hacker can use at will.

14 MALWARE – The DEFENSE Keep Protections Current
Ensure anti-virus and anti-malware protection software is up to date and current on all of your systems. System Patching Ensure that all of your systems are on the current patch releases and most current supported versions of software. Educate Users Ensure that your users are made aware of the risks and code of conduct when using your systems.

15 Vulnerability Exploitation

16 Vulnerability Exploitation

17 Vulnerability Exploitation – The RISKS
Stolen Information A hacker can steal your information to be sent out to an awaiting hacker on the Internet. System Access A hacker can basically own your system directly and/or through that access reach in to your network to do even more harm. This is known as lateral movement.

18 Vulnerability Exploitation – The DEFENSE
Limit Your Exposure Use your defenses and system configurations only to allow those ports and services that are really needed for your systems. System Patching Ensure that all of your systems are on the current patch releases and most current supported versions of software. Monitor and Audit Monitor and audit your systems for anomalous activity.

19 Layered DEFENSEs

20 Layered DEFENSEs

21 The Slide You Have Been Waiting For Questions

22 Contact Information David J. Carter, CISO Commonwealth Office of Technology 669 Chamberlin Ave Frankfort, KY 40601 Phone:

Download ppt "David J. Carter, CISO Commonwealth Office of Technology"

Similar presentations

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Cybercrime: From Kudos to Profit Gerhard Eschelbeck, CTO Sophos.

Cybercrime: From Kudos to Profit Gerhard Eschelbeck, CTO Sophos.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
TARGETED ATTACKS AND THE SMALL BUSINESS Stephen Ferrero Consultant, Xantrion.

TARGETED ATTACKS AND THE SMALL BUSINESS Stephen Ferrero Consultant, Xantrion.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Introduction to Computer Ethics

Introduction to Computer Ethics
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
National Cyber Security Awareness Month October 20, 2011 Cyber Security – Our Shared Responsibility.

National Cyber Security Awareness Month October 20, 2011 Cyber Security – Our Shared Responsibility.
1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.

1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.

GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Topic 5: Basic Security.

Topic 5: Basic Security.
Computer Security By Duncan Hall.

Computer Security By Duncan Hall.
©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.

©2015 HEAT Software. All rights reserved. Proprietary & Confidential. Ransomware: How to Avoid Extortion Matthew Walker – VP Northern Europe.
Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.

Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.

Similar presentations

Ads by Google