2016 - Cyber Security for the Public Sector
-
Upload
scott-geye-cissp-cisa -
Category
Documents
-
view
207 -
download
3
Transcript of 2016 - Cyber Security for the Public Sector
Scott Geye, CISSP, CISA
Cyber Security for the Public Sector
About Whitley Penn, LLP Why is Cybersecurity Important? 2015-2016 Breach Reports Vulnerabilities Exploits Malware Cybercrime Marketplaces Hacktivism Texas Cybersecurity Framework Cybersecurity Resources
1
Agenda
Scott Geye – CISSP, CISA
Experience • Certified Information Systems Security Professional (CISSP)• Certified Information Systems Auditor (CISA)• 8 years of Information Technology experience focused on networking and information security• Served as an Information Security Analyst for a large university• Participated in the execution of SOC 1 and SOC 2 engagements• Participated in in the execution of SOX 404 engagements and implementations• Performed IT engagements in multiple industries, including technology, manufacturing, public sector, oil and gas,
and healthcare• Advised clients regarding process and control improvement to minimize risk• Provided guidance to clients regarding system evaluation and implementation• Perform IT Risk Assessments and Security Audits
EDUCATIONMasters in Information Technology Service ManagementUniversity of Dallas Bachelors in Management Information Systems (MIS) University of Texas at Arlington
Bio
2
Service Areas:– IT Audits and Consulting – Internal Control and Compliance Reviews– IT and Business Risk Assessments – Internal Audit Services– Vulnerability Assessments and Network Penetration Testing– Business Process Improvement– Enterprise Risk Management Implementation and
Maintenance
3
Whitley Penn, LLP – Risk Advisory Services
Why is Cyber Security Important?
4
The unauthorized access, acquisition, use, or disclosure of sensitive information.
What is a Breach?
5
There are numerous definitions, but most include data “that allow the identification of a person directly or indirectly” or similar language.
Definition of Personal Data
6
2015-2016Information Security Reports
7
Theme #1: The year of collateral damage
Theme #2: Overreaching regulations push research underground
Theme #3: Moving from point fixes to broad impact solutions
Theme #4: Political pressures attempt to decouple privacy and security efforts
Theme #5: The industry didn’t learn anything about patching in 2015
Theme #6: Attackers have shifted their efforts to directly attack applications
Theme #7: The monetization of malware
2015 Themes
HP Enterprise – 2016 Cyber Risk Report8
Breaches By Industry
Verizon – 2016 Data Breach Digest9
Breaches by Environment
2016 Trustwave Global Security Report10
Types of Data Breached
2016 Trustwave Global Security Report11
Method of Compromise
2016 Trustwave Global Security Report12
Method of Detection
2016 Trustwave Global Security Report13
Duration: Intrusion -> Detection -> Containment
2016 Trustwave Global Security Report14
Vulnerabilities
15
16
Top Platforms by Vulnerabilities
HP Enterprise – 2016 Cyber Risk Report17
Vulnerability Marketplace
HP Enterprise – 2016 Cyber Risk Report18
Vulnerability Marketplace
HP Enterprise – 2016 Cyber Risk Report19
Vulnerability Marketplace
HP Enterprise – 2016 Cyber Risk Report20
Exploits
21
2015 – New Exploits
HP Enterprise – 2016 Cyber Risk Report22
2015 – Old Exploits
HP Enterprise – 2016 Cyber Risk Report23
New Exploits by Platform
HP Enterprise – 2016 Cyber Risk Report24
New Exploits by File Type
HP Enterprise – 2016 Cyber Risk Report25
Abusing API Calls
HP Enterprise – 2016 Cyber Risk Report26
Abusing API Calls
HP Enterprise – 2016 Cyber Risk Report27
Malware
28
Growth in Malware
HP Enterprise – 2016 Cyber Risk Report29
Growth in Malware
HP Enterprise – 2016 Cyber Risk Report30
Reporting to Executives
Ponemon Institute – State of Malware Detection & Prevention31
Cybercrime Marketplace
32
Cybercrime Marketplace
33 Dell SecureWorks – 2016 Underground Hacker Markets
Cybercrime Marketplace
34 Dell SecureWorks – 2016 Underground Hacker Markets
Cybercrime Marketplace
Dell SecureWorks – 2016 Underground Hacker Markets35
Cybercrime Marketplace
Dell SecureWorks – 2016 Underground Hacker Markets36
Cybercrime Marketplace
37
Cybercrime Marketplace
Dell SecureWorks – 2016 Underground Hacker Markets38
Hacktivism
39
Hacktivism
40
Who is Anonymous?
Hacktivism (continued)
41
• City of Denver – Website shutdown after police shooting on 4/12/2016. Members of New World Hackers (NWH), a division of Anonymous, launched a Distributed Denial of Service (DDoS) attack against the City’s website. This attack took the City’s website down for the day.
• Cincinnati and Miami Police Departments – Members of these Departments were “Doxed” by Anonymous, and personal details were leaked online.
Security Newspaper – Anonymous Shuts Down City of Denver Website….
Hacktivism (continued)
Identity Theft Resource Center42
Missouri Sheriff’s Association
In retaliation to the arrest of members of the group Anonymous, hackers breached the association’s website and released personal information on 7,000 officers. 76 other law enforcement agencies were also targeted in the attack.
Texas Cybersecurity Framework
43
Texas Cybersecurity Framework
Texas Cyber Security Framework44
Identify– Privacy and Confidentiality– Data Classification– Critical Information Asset Inventory– Enterprise Security Policy, Standards and Guidelines– Control Oversight and Safeguard Assurance– Information Security Risk Management– Security Oversight and Governance– Security Compliance and Regulatory Requirements Management– Cloud Usage and Security– Security Assessment and Authorization / Technology Risk Assessments– External Vendors and Third Party Providers
http://www.dir.state.tx.us/security/policy/Pages/framework.aspx
Texas Cybersecurity Framework (continued)
Texas Cyber Security Framework45
Protect– Enterprise Architecture, Roadmap & Emerging Technology– Secure System Services, Acquisition and Development – Security Awareness and Training– Privacy Awareness and Training– Cryptography– Secure Configuration Management– Change Management– Contingency Planning– Media– Physical Environmental Protection– Personnel Security
– Third-Party Personnel Security
– System Configuration Hardening & Patch Management– Access Control– Account Management– Security Systems Management– Network Access and Perimeter Controls– Internet Content Filtering– Data Loss Prevention– Identification & Authentication – Spam Filtering– Portable & Remote Computing– System Communications Protection
Texas Cybersecurity Framework (continued)
Texas Cyber Security Framework46
Detect– Malware Protection– Vulnerability Assessment – Security Monitoring and Event Analysis
Respond– Cyber-Security Incident Response– Privacy Incident Response
Recover– Disaster Recovery Procedures
Cybersecurity Resources
47
Resources for Local Governments
Cyber Guide for Counties48
Critical Infrastructure Partnership Advisory Council (CIPAC)
“A partnership between government and critical infrastructure owners and operators, which provides a forum to engage in a broad spectrum of critical infrastructure protection activities, like the Cross-Sector Cybersecurity Working Group”
http://www.dhs.gov/critical-infrastructure-partnership-advisory-council
Resources for Local Governments (continued)
Cyber Guide for Counties49
Information Technology Government Coordinating Council (IT-GCC)
“Brings together diverse federal, state, local, and tribal interests to identify and develop collaborative strategies that advance IT critical infrastructure protection. The IT-GCC serves as a counterpart to the IT Sector Coordinating Council (IT-SCC)”
http://www.dhs.gov/critical-infrastructure-sector-partnerships
Resources for Local Governments (continued)
Cyber Guide for Counties50
Multi-State Information Sharing and Analysis Center (MS-ISAC)
“A division of the not-for-profit Center for Internet Security, is a collaborative effort based on a strong partnership with the Department of Homeland Security (DHS) and State, Local, Tribal, and Territorial (SLTT) Cybersecurity Engagement program. The MS-ISAC has been designated by DHS as the key resource for cyber threat prevention, protection, response, and recovery for the Nations SLTT governments. Through its state-of-the-art 24/7 Security Operations Center, the MS-ISAC serves as a central resource for situational awareness and incident response for SLTT governments, at no cost to its members.”
http://msisac.cisecurity.org/
If you would like to leverage the MS-ISAC for malware analysis, computer forensics, network forensics, incident response, or onsite response, contact the 7x24 Security Operations Center at 1-866-787-4722 or [email protected]
Resources for Local Governments (continued)
Cyber Guide for Counties51
Cyber Resilience Review
“Provided by DHS to SLTT governments as a free service and involves a one-day, onsite interview that examines the overall practice, integration and health of an organization’s cybersecurity program.”
https://www.us-cert.gov/ccubedvp/self-service-crr
Resources for Local Governments (continued)
Cyber Guide for Counties52
Exercises
“Directly supports state, local, tribal, and territorial cyber exercise, design, development, and execution. Cyber exercises familiarize SLTT cyber stakeholders with the roles, responsibilities, policies, plans, and procedures related to cyber incidents.”
Resources for Local Governments (continued)
Cyber Guide for Counties53
National Cybersecurity Communications Integration Center (NCCIC)
“A 24x7 cyber monitoring, analysis, incident response, and management center that is the national nexus of cyber and communications incident integration for the federal domain, intelligence networks, law enforcement, the private sector, State, local, tribal, and territorial governments, and international partners.”
https://www.us-cert.gov/nccic
Resources for Local Governments (continued)
Cyber Guide for Counties54
United States Computer Emergency Readiness Team (US-CERT)
“Brings advanced network and digital media analysis expertise to bear on malicious activity targeting our nations networks. US-CERT develops timely and actionable information for distribution to federal departments and agencies, state and local governments, private sector organizations, and international partners. In addition, US-CERT operates the National Cybersecurity Protection System (NCPS), which provides intrusion detection and prevention capabilities to covered federal departments and agencies. The US-CERT’s National Cyber Alert System (NCAS) delivers timely and actionable information and threat productions including alerts, bulletins and tips.”
https://www.us-cert.gov/
Resources for Local Governments (continued)
Cyber Guide for Counties55
Trusted Purchasing Alliance
“Designed to drive down the price of security products by combining state and local government purchases into bulk buys. The alliance works with public agencies to pinpoint the areas of greatest need, and then negotiates with vendors for discounted pricing. Product choices are vetted by a review board stocked with analysts and security experts.”
http://alliance.cisecurity.org/
Resources for Local Governments (continued)
NIST Special Publication 800 Series56
NIST Special Publications (SP):
NIST SP 800 series - Computer Security (December 1990-present):NIST's primary mode of publishing computer/cyber/information security guidelines, recommendations and reference materials.
• This framework can provide the “meat” for the Texas Cybersecurity Framework
Questions
References
• HP Enterprise – 2016 Cyber Risk Report• 2016 Trustwave Global Security Report• Verizon 2016 Data Breach Digest• Ponemon Institute – State of Malware Detection & Prevention• Dell SecureWorks – 2016 Underground Hacker Markets• Security Newspaper – Anonymous Shuts Down City of Denver Website After Another
Fatal Police Shooting• Identity Theft Research Center• Texas Cybersecurity Framework• National Association of Counties (“NACo”) Cyber Guide for Counties• National Institute of Standards and Technology (NIST) Special Publication 800 Series