Presentation is loading. Please wait.

Presentation is loading. Please wait.

INFORMATION TECHNOLOGY SERVICES Mike Russo, PMP, CISSP, CISA, CFE, CGEIT Director, Information Security and Privacy Office CYBERSECURITY AND PRIVACY Information.

Published byLydia Small Modified over 8 years ago

Similar presentations

Presentation on theme: "INFORMATION TECHNOLOGY SERVICES Mike Russo, PMP, CISSP, CISA, CFE, CGEIT Director, Information Security and Privacy Office CYBERSECURITY AND PRIVACY Information."— Presentation transcript:

1 INFORMATION TECHNOLOGY SERVICES Mike Russo, PMP, CISSP, CISA, CFE, CGEIT Director, Information Security and Privacy Office CYBERSECURITY AND PRIVACY Information Security and Privacy Office

2 INFORMATION TECHNOLOGY SERVICES AGENDA o Threat Landscape o Information Security and Privacy Office o Cyber Risk Information Technology Services | its.fsu.edu | 2

3 INFORMATION TECHNOLOGY SERVICES THREAT LANDSCAPE Information Technology Services | its.fsu.edu | 3

4 INFORMATION TECHNOLOGY SERVICES THE DIGITAL UNIVERSE IS LARGE Like the physical universe, the digital universe is large - by 2020 containing nearly as many digital bits as there are stars in the universe. It is doubling in size every two years, and by 2020 the digital universe – the data we create and copy annually – will reach 44 zettabytes, or 44 trillion gigabytes.

5 INFORMATION TECHNOLOGY SERVICES CYBER INCIDENTS/RECORDS EXPOSED YEARDATA BREACHESRECORDS EXPOSED 2010 95396 Million 20111,241413 Million 20123,220265 Million 20132,345873 Million 20143,0411.1 Billion 2014 311.3 Million Information Technology Services | its.fsu.edu | 5

6 INFORMATION TECHNOLOGY SERVICES CYBERSECURITY STATISTICS o Attackers had access to victims’ environments for 205 days before they were discovered. o Sixty-nine percent of victims learn from a third party that they are compromised. o Attribution is becoming harder as the lines blur between tactics used by cyber criminals and nation- state actors. o Over the last year, threat actors have used stealthy new tactics to move laterally and maintain a presence in victim environments. Information Technology Services | its.fsu.edu | 6

7 INFORMATION TECHNOLOGY SERVICES CYBERSECURITY STATISTICS o $217 is the average cost per lost or stolen record o $225 is the average cost per record in Education o Ponemon Institute – Average cost of a Breach - $3.5 Million – 15% increase over 2013 o The number of data breaches increased 30% in 2014 o 168 mobile vulnerabilities disclosed in 2014, a 32% increase from 2013 o Passwords are still very important but 2016, may well be the first year of multi-factor authentication by default Information Technology Services | its.fsu.edu | 7

8 INFORMATION TECHNOLOGY SERVICES MORE STATISTICS-SPAM o 95-97% of all email is designated as SPAM and blocked at the gateway o 8% increase in targeted attacks via spear-phishing emails in 2014 o 91% of spam contains some form of link. o 74.5% of spam emails were no more than 1 KB in size o 42.59% of phishing attacks targeted global portals that integrate many services accessed from a single account. Information Technology Services | its.fsu.edu | 8

9 INFORMATION TECHNOLOGY SERVICES FLORIDA STATE UNIVERSITY INFORMATION SECURITY AND PRIVACY OFFICE Security Policy Training Risk Management Incident Response Survivability Privacy Policy Training IT Assessment Incident Response Consultation Security Operations

10 INFORMATION TECHNOLOGY SERVICES Information Technology Services | its.fsu.edu | 10 PAYMENT CARD INDUSTRY PROJECT Currently nearing the end of the 2 nd of 3 iterations of meetings with the Direct Support Organizations and business units Draft Self-Assessment Questionnaires' from the DSOs and business units are due on 1 October ITS is building out the IT infrastructure for DSOs and business units that require a secure environment PCI Project to be complete - January 31st

11 INFORMATION TECHNOLOGY SERVICES SECURITY OPERATIONS Information Technology Services | its.fsu.edu | 11

12 INFORMATION TECHNOLOGY SERVICES Information Technology Services | its.fsu.edu | 12 Month Total AlertsResponse % April 201519522.5 % May 20151648.0 % June 201515611.5 % July 20157316.65 % August 20157319.40 % Alert Response Rate

13 INFORMATION TECHNOLOGY SERVICES MOTIVATION BEHIND ATTACKS

14 INFORMATION TECHNOLOGY SERVICES CYBERSECURITY AWARENESS MONTH Information Technology Services | its.fsu.edu | 14

15 INFORMATION TECHNOLOGY SERVICES Information Technology Services | its.fsu.edu | 15

16 INFORMATION TECHNOLOGY SERVICES CYBERSECURITY AWARENESS MONTH October is National Cybersecurity Awareness Month October 20-21 is Florida Government Technology Conference at the Turnbull Center Working with FAMU and TCC to have a unified campaign We provided our design documents to them to re- brand and use for their campaign Laptop give away sponsored by Hewlett Packard Cybersecurity is everyone’s responsibility Information Technology Services | its.fsu.edu | 16

17 INFORMATION TECHNOLOGY SERVICES Information Technology Services | its.fsu.edu | 17 Cyber Pledge By signing this pledge, I agree to: Take personal responsibility and use good cybersecurity practices at school, work and home. Think before clicking links in emails and on websites. Hover over links to see the real URL and never click links or open attachments that look suspicious. Be skeptical of emails that threaten I will lose something. Use strong passwords—including letters, numbers and symbols—and never share them with anyone. Never use a public Wi-Fi network for sensitive browsing, such as banking or shopping. Lock my computer whenever I walk away. Protect my mobile devices with passcodes, anti-virus software and remote wipe. Refrain from posting personal, sensitive or non-public information on social media. Report all university IT security incidents or concerns to help@fsu.edu.

18 INFORMATION TECHNOLOGY SERVICES Information Technology Services | its.fsu.edu | 18 Cyberhero Booths Watch for the cybersecurity booth around campus and take home some cyberhero swag. October 1 | 11-3:30 | Landis Green October 7 | 11-3:30 | Strozier October 15 | 11-3:30 | Integration Statue October 21 | 11-3:30 | Integration Statue October 22 | 11-3:30 | Landis Green October 27 | 11-3:30 | Integration Statue October 30 | 10-2:30 | Landis Green

19 INFORMATION TECHNOLOGY SERVICES o Data protection and privacy –Headlines show cyber risk continues to grow with data breaches grabbing most of the headlines. o Human error –Leaving a laptop at an airport, inadvertently exposed data, misconfigurations, using an unsecured Wi-Fi in the US or while traveling abroad, opening a phishing email or the use of social media. o Business Disruptions –On July 8th the NY Stock exchange was down for four hours on the same day United Airlines had to halt flights, all from a technical glitch. o Cyber Liability –Lawsuits that stem from failing to implement a system of internal controls to protect customer data or information of value to the University. When was the last time you discussed Cyber Risk with members of your organization? Information Technology Services | its.fsu.edu | 19 Cyber Risk

20 INFORMATION TECHNOLOGY SERVICES o Data protection and privacy –Without greater openness and collaboration between major online providers, privacy regulation is likely to follow. o Better Software Design – Much cybercrime relies on the fact software is bug-ridden or contains flaws in its design. o Cyber peace –Organized cyber criminals have realized that it is easier to steal $1 from a million people, than to steal $1m from one person. o Rogue states –Without a common base level of data protection and computer misuse legislation, there will always be territories that provide a safe haven for cyber criminals and hackers Information Technology Services | its.fsu.edu | 20 What keeps us up at night

21 INFORMATION TECHNOLOGY SERVICES QUESTIONS Information Technology Services | its.fsu.edu | 21

Download ppt "INFORMATION TECHNOLOGY SERVICES Mike Russo, PMP, CISSP, CISA, CFE, CGEIT Director, Information Security and Privacy Office CYBERSECURITY AND PRIVACY Information."

Similar presentations

THE MEMBERS GROUP Safeguard Iowa Partnership – Cybersecurity Webinar Series.

THE MEMBERS GROUP Safeguard Iowa Partnership – Cybersecurity Webinar Series.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
Data Security Concerns at Work and at Home STEVE MITZEL IT DIRECTOR ASHLAND SCHOOL DISTRICT #5 – ASHLAND OREGON

Data Security Concerns at Work and at Home STEVE MITZEL IT DIRECTOR ASHLAND SCHOOL DISTRICT #5 – ASHLAND OREGON
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.

INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
Agenda Do You Need to Be Concerned? Information Risk at Nationwide

Agenda Do You Need to Be Concerned? Information Risk at Nationwide
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Information Security and YOU!. Information Assurance Outreach Information Security Online Security Remote Access with Demonstration The Cloud Email Social.

Information Security and YOU!. Information Assurance Outreach Information Security Online Security Remote Access with Demonstration The Cloud Social.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS). SELECT AND USE APPROPRIATE METHODS TO MINIMISE SECURITY RISK TO IT SYSTEMS AND DATA 1.1 I can describe.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS). SELECT AND USE APPROPRIATE METHODS TO MINIMISE SECURITY RISK TO IT SYSTEMS AND DATA 1.1 I can describe.

Similar presentations

Ads by Google