Scott Geye, CISSP, CISA

Cyber Security for the Public Sector

About Whitley Penn, LLP Why is Cybersecurity Important? 2015-2016 Breach Reports Vulnerabilities Exploits Malware Cybercrime Marketplaces Hacktivism Texas Cybersecurity Framework Cybersecurity Resources

1

Agenda

Scott Geye – CISSP, CISA

Experience • Certified Information Systems Security Professional (CISSP)• Certified Information Systems Auditor (CISA)• 8 years of Information Technology experience focused on networking and information security• Served as an Information Security Analyst for a large university• Participated in the execution of SOC 1 and SOC 2 engagements• Participated in in the execution of SOX 404 engagements and implementations• Performed IT engagements in multiple industries, including technology, manufacturing, public sector, oil and gas,

and healthcare• Advised clients regarding process and control improvement to minimize risk• Provided guidance to clients regarding system evaluation and implementation• Perform IT Risk Assessments and Security Audits

EDUCATIONMasters in Information Technology Service ManagementUniversity of Dallas Bachelors in Management Information Systems (MIS) University of Texas at Arlington

Bio

2

Service Areas:– IT Audits and Consulting – Internal Control and Compliance Reviews– IT and Business Risk Assessments – Internal Audit Services– Vulnerability Assessments and Network Penetration Testing– Business Process Improvement– Enterprise Risk Management Implementation and

Maintenance

3

Whitley Penn, LLP – Risk Advisory Services

Why is Cyber Security Important?

4

The unauthorized access, acquisition, use, or disclosure of sensitive information.

What is a Breach?

5

There are numerous definitions, but most include data “that allow the identification of a person directly or indirectly” or similar language.

Definition of Personal Data

6

2015-2016Information Security Reports

7

Theme #1: The year of collateral damage

Theme #2: Overreaching regulations push research underground

Theme #3: Moving from point fixes to broad impact solutions

Theme #4: Political pressures attempt to decouple privacy and security efforts

Theme #5: The industry didn’t learn anything about patching in 2015

Theme #6: Attackers have shifted their efforts to directly attack applications

Theme #7: The monetization of malware

2015 Themes

HP Enterprise – 2016 Cyber Risk Report8

Breaches By Industry

Verizon – 2016 Data Breach Digest9

Breaches by Environment

2016 Trustwave Global Security Report10

Types of Data Breached

2016 Trustwave Global Security Report11

Method of Compromise

2016 Trustwave Global Security Report12

Method of Detection

2016 Trustwave Global Security Report13

Duration: Intrusion -> Detection -> Containment

2016 Trustwave Global Security Report14

Vulnerabilities

15

16

Top Platforms by Vulnerabilities

HP Enterprise – 2016 Cyber Risk Report17

Vulnerability Marketplace

HP Enterprise – 2016 Cyber Risk Report18

Vulnerability Marketplace

HP Enterprise – 2016 Cyber Risk Report19

Vulnerability Marketplace

HP Enterprise – 2016 Cyber Risk Report20

Exploits

21

2015 – New Exploits

HP Enterprise – 2016 Cyber Risk Report22

2015 – Old Exploits

HP Enterprise – 2016 Cyber Risk Report23

New Exploits by Platform

HP Enterprise – 2016 Cyber Risk Report24

New Exploits by File Type

HP Enterprise – 2016 Cyber Risk Report25

Abusing API Calls

HP Enterprise – 2016 Cyber Risk Report26

Abusing API Calls

HP Enterprise – 2016 Cyber Risk Report27

Malware

28

Growth in Malware

HP Enterprise – 2016 Cyber Risk Report29

Growth in Malware

HP Enterprise – 2016 Cyber Risk Report30

Reporting to Executives

Ponemon Institute – State of Malware Detection & Prevention31

Cybercrime Marketplace

32

Cybercrime Marketplace

33 Dell SecureWorks – 2016 Underground Hacker Markets

Cybercrime Marketplace

34 Dell SecureWorks – 2016 Underground Hacker Markets

Cybercrime Marketplace

Dell SecureWorks – 2016 Underground Hacker Markets35

Cybercrime Marketplace

Dell SecureWorks – 2016 Underground Hacker Markets36

Cybercrime Marketplace

37

Cybercrime Marketplace

Dell SecureWorks – 2016 Underground Hacker Markets38

Hacktivism

39

Hacktivism

40

Who is Anonymous?

Hacktivism (continued)

41

• City of Denver – Website shutdown after police shooting on 4/12/2016. Members of New World Hackers (NWH), a division of Anonymous, launched a Distributed Denial of Service (DDoS) attack against the City’s website. This attack took the City’s website down for the day.

• Cincinnati and Miami Police Departments – Members of these Departments were “Doxed” by Anonymous, and personal details were leaked online.

Security Newspaper – Anonymous Shuts Down City of Denver Website….

Hacktivism (continued)

Identity Theft Resource Center42

Missouri Sheriff’s Association

In retaliation to the arrest of members of the group Anonymous, hackers breached the association’s website and released personal information on 7,000 officers. 76 other law enforcement agencies were also targeted in the attack.

Texas Cybersecurity Framework

43

Texas Cybersecurity Framework

Texas Cyber Security Framework44

Identify– Privacy and Confidentiality– Data Classification– Critical Information Asset Inventory– Enterprise Security Policy, Standards and Guidelines– Control Oversight and Safeguard Assurance– Information Security Risk Management– Security Oversight and Governance– Security Compliance and Regulatory Requirements Management– Cloud Usage and Security– Security Assessment and Authorization / Technology Risk Assessments– External Vendors and Third Party Providers

http://www.dir.state.tx.us/security/policy/Pages/framework.aspx

Texas Cybersecurity Framework (continued)

Texas Cyber Security Framework45

Protect– Enterprise Architecture, Roadmap & Emerging Technology– Secure System Services, Acquisition and Development – Security Awareness and Training– Privacy Awareness and Training– Cryptography– Secure Configuration Management– Change Management– Contingency Planning– Media– Physical Environmental Protection– Personnel Security

– Third-Party Personnel Security

– System Configuration Hardening & Patch Management– Access Control– Account Management– Security Systems Management– Network Access and Perimeter Controls– Internet Content Filtering– Data Loss Prevention– Identification & Authentication – Spam Filtering– Portable & Remote Computing– System Communications Protection

Texas Cybersecurity Framework (continued)

Texas Cyber Security Framework46

Detect– Malware Protection– Vulnerability Assessment – Security Monitoring and Event Analysis

Respond– Cyber-Security Incident Response– Privacy Incident Response

Recover– Disaster Recovery Procedures

Cybersecurity Resources

47

Resources for Local Governments

Cyber Guide for Counties48

Critical Infrastructure Partnership Advisory Council (CIPAC)

“A partnership between government and critical infrastructure owners and operators, which provides a forum to engage in a broad spectrum of critical infrastructure protection activities, like the Cross-Sector Cybersecurity Working Group”

http://www.dhs.gov/critical-infrastructure-partnership-advisory-council

Resources for Local Governments (continued)

Cyber Guide for Counties49

Information Technology Government Coordinating Council (IT-GCC)

“Brings together diverse federal, state, local, and tribal interests to identify and develop collaborative strategies that advance IT critical infrastructure protection. The IT-GCC serves as a counterpart to the IT Sector Coordinating Council (IT-SCC)”

http://www.dhs.gov/critical-infrastructure-sector-partnerships

Resources for Local Governments (continued)

Cyber Guide for Counties50

Multi-State Information Sharing and Analysis Center (MS-ISAC)

“A division of the not-for-profit Center for Internet Security, is a collaborative effort based on a strong partnership with the Department of Homeland Security (DHS) and State, Local, Tribal, and Territorial (SLTT) Cybersecurity Engagement program. The MS-ISAC has been designated by DHS as the key resource for cyber threat prevention, protection, response, and recovery for the Nations SLTT governments. Through its state-of-the-art 24/7 Security Operations Center, the MS-ISAC serves as a central resource for situational awareness and incident response for SLTT governments, at no cost to its members.”

http://msisac.cisecurity.org/

If you would like to leverage the MS-ISAC for malware analysis, computer forensics, network forensics, incident response, or onsite response, contact the 7x24 Security Operations Center at 1-866-787-4722 or soc@msisac.org

Resources for Local Governments (continued)

Cyber Guide for Counties51

Cyber Resilience Review

“Provided by DHS to SLTT governments as a free service and involves a one-day, onsite interview that examines the overall practice, integration and health of an organization’s cybersecurity program.”

https://www.us-cert.gov/ccubedvp/self-service-crr

Resources for Local Governments (continued)

Cyber Guide for Counties52

Exercises

“Directly supports state, local, tribal, and territorial cyber exercise, design, development, and execution. Cyber exercises familiarize SLTT cyber stakeholders with the roles, responsibilities, policies, plans, and procedures related to cyber incidents.”

CEP@dhs.gov

Resources for Local Governments (continued)

Cyber Guide for Counties53

National Cybersecurity Communications Integration Center (NCCIC)

“A 24x7 cyber monitoring, analysis, incident response, and management center that is the national nexus of cyber and communications incident integration for the federal domain, intelligence networks, law enforcement, the private sector, State, local, tribal, and territorial governments, and international partners.”

https://www.us-cert.gov/nccic

Resources for Local Governments (continued)

Cyber Guide for Counties54

United States Computer Emergency Readiness Team (US-CERT)

“Brings advanced network and digital media analysis expertise to bear on malicious activity targeting our nations networks. US-CERT develops timely and actionable information for distribution to federal departments and agencies, state and local governments, private sector organizations, and international partners. In addition, US-CERT operates the National Cybersecurity Protection System (NCPS), which provides intrusion detection and prevention capabilities to covered federal departments and agencies. The US-CERT’s National Cyber Alert System (NCAS) delivers timely and actionable information and threat productions including alerts, bulletins and tips.”

https://www.us-cert.gov/

Resources for Local Governments (continued)

Cyber Guide for Counties55

Trusted Purchasing Alliance

“Designed to drive down the price of security products by combining state and local government purchases into bulk buys. The alliance works with public agencies to pinpoint the areas of greatest need, and then negotiates with vendors for discounted pricing. Product choices are vetted by a review board stocked with analysts and security experts.”

http://alliance.cisecurity.org/

Resources for Local Governments (continued)

NIST Special Publication 800 Series56

NIST Special Publications (SP):

NIST SP 800 series - Computer Security (December 1990-present):NIST's primary mode of publishing computer/cyber/information security guidelines, recommendations and reference materials.

• This framework can provide the “meat” for the Texas Cybersecurity Framework

Questions

References

• HP Enterprise – 2016 Cyber Risk Report• 2016 Trustwave Global Security Report• Verizon 2016 Data Breach Digest• Ponemon Institute – State of Malware Detection & Prevention• Dell SecureWorks – 2016 Underground Hacker Markets• Security Newspaper – Anonymous Shuts Down City of Denver Website After Another

Fatal Police Shooting• Identity Theft Research Center• Texas Cybersecurity Framework• National Association of Counties (“NACo”) Cyber Guide for Counties• National Institute of Standards and Technology (NIST) Special Publication 800 Series