Executive Leadership - Industry Outreach · 2019-05-16 · 16 October 31, 2016 — FS-ISAC...

FFIEC

Executive Leadership of Cybersecurity:

Threat Intelligence and Getting the Most Out of Your FS-ISAC Membership

External Use: General Public 1

FFIEC External Use: General Public 2

• Logistics: – Call-in number: 888-625-5230

– Conference code: 7184 6724#

– https://www.webcaster4.com/Webcast/Page/583/17540

• How we’ll take questions: – Use the Ask Question button in the webinar

• Webinar: – You can choose to listen to the audio

through your PC speakers or dial in through the phone option. Please note: If you experience problems with the PC audio at any time, you can dial in using the number and code above.

– Use the Materials button to access a pdf version of the presentation.

https://www.webcaster4.com/Webcast/Page/583/17540

https://www.webcaster4.com/Webcast/Page/583/17540

FFIEC

Use of these materials by participants, including video and audio recording of this presentation, is strictly prohibited except by written permission of the FFIEC or its members1. The views expressed in this presentation are individual views, intended for informational purposes, and are not formal opinions of, nor binding on, the FFIEC or its members. 1Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, National Credit Union Administration, and State Liaison Committee.

External Use: General Public 3

FFIEC

Chair of the FFIEC’s Task Force on Supervision

- Grace E. Dailey

4

How to Get the Most of FS-ISAC Membership

John Carlson, Chief of Staff, FS-ISAC

FFIEC Webinar

October 31, 2016

5

6 October 31, 2016 — FS-ISAC Confidential. © 2016 FS-ISAC 6

A nonprofit private sector initiative formed in 1999

Designed/developed/owned by financial services industry

Sharing information globally (members in 36 countries w/ a user base in 72

countries)

Members: about 7,000 financial institutions

• 5,000+ Commercial Banks (over 80% of total banks and 90% of assets)

• Major Credit Card Companies

• 90+ Registered Broker Dealers; 50+ Asset Managers

• 500+ Credit Unions

• 100+ Insurance Companies

• 42 Bank Associations

• Financial Associations

MISSION: Share Timely, Relevant, Actionable Cyber

and Physical Security Information & Analysis

October 31, 2016 — FS-ISAC Confidential 7

Information Sharing in the Spotlight

The Cybersecurity Information Sharing Act (CISA) is now law.

• The Cybersecurity Information Sharing Act

(CISA) was enacted on December 18, 2015.

• It encourages the public and private sector

to share voluntarily cybersecurity threat

information.

• Private sector incentives for sharing

covered information:

• Exemption from antitrust laws;

• Liability protection; and

• Exemption from disclosure under the Freedom

of Information Act (FOIA) for information shared

with the federal government.


• Institutionalizes Federal cyber incident response and coordination efforts in the event of a “significant cyber incident”

• Defines significant cyber incident as event(s) “likely to result in demonstrable harm to the national security interests, foreign

relations, or economy of the U.S. or to the public confidence, civil liberties, or public health and safety of the American

people”

Five principles to guide the Federal government during a cyber incident response

Presidential Policy Directive – 41 U.S. Cyber Incident Coordination

Shared responsibility Risk-based response Respecting affected

entities Unity of effort

Enabling restoration and recovery

Federal response activities in three lines and lead agency for each

Threat response

Lead: DOJ acting through the FBI and the National Cyber Investigative Joint

Task Force

Asset response

Lead: DHS acting through the National Cybersecurity & Communication Center

in coordination with relevant SSA

Intelligence support

Lead: Office of the Director of National Intelligence acting through the Cyber Threat Intelligence Integration Center

Three-tier coordination architecture for handling a significant cyber incident

National Policy Level

Institutionalizes Cyber Response Group to coordinate development and implementation of policy and

strategy

National Operational Level

Directs agencies to activate enhanced internal coordination

procedures and to create a Unified Coordination Group

Field Level

Directs lead agencies for each line of effort to coordinate interaction with each other and the affected

entity


FS-ISAC Intelligence Flow

Information Sources Member Communications

FS-ISAC 24/7

Security Operations

Center

• CERTs

• FS Regulators

• Other Intel Agencies

• Law Enforcement

• Cross Sector (other

ISACS)

• Open Sources

(Hundreds)

• iSIGHT Partners Info Sec

• Secunia Vulnerabilities

• Wapack Labs Malware

Forensics

• NC4 Phy Sec Incidents

• MSA Phy Sec Analysis

• Cyber-Threats

• Disaster Response

• Incident Response

• Business Continuity

• Fraud Investigations

• Information Security

• Payments/ Risk

• Physical Security

Alerts

Member Communications


Expanding Range of Services

» Information Sharing

» Analysis

» Threat Monitoring & Crisis Escalation

» Exercises

» Support for regional coalitions

» Automation/“Soltra”

» Conferences/Education/Training

» Best Practices/Advisories

» Global Growth

» Support for other Sectors

» Platform for collaboration w/ other sectors and gov agencies

» Communications

10


The Need for Info Sharing is Increasing

Exploding

Threat

Indicator

“Noise”

Growing

Regulatory

Pressures

Rising

Breach

Costs

Increasing

Attack

Volume,

Complexity

Challenges Addressed by Information Sharing


Better Understand Threats & Adversaries

Hacktivists

• “Anonymous”

response to

WikiLeaks donation

stoppage

• DDoS attacks

• Website defacement

Nation State • Motivations:

espionage, disruption, or destruction

• Targeting Government + private sector

• Attempt to gain economic advantage

Cyber Crime

• Bad actors are

typically concentrated

in a few geographic

areas but utilize a

global hacking

infrastructure

• A complete

service

based

economy

supporting

activities

• Attacks, often

blended threats,

a mix of social

engineering and

technical attack


Circles of Trust

• Clearing House and Exchange Forum (CHEF)

• Payments Risk Council (PRC)

• Payments Processor Information Sharing Council (PPISC)

• Business Resilience Committee (BRC)

• Threat Intelligence Committee (TIC)

• Community Institution Council (CIC)

• NEW Credit Union Council (CUC)

• Insurance Risk Council (IRC)

• Compliance and Audit Council (CAC)

• European Threat & Strategy Committee (ETSC)

• Singapore Threat Intelligence Group (STIG)

• Cyber Intelligence Mail List

• Securities Industry Risk Group (SIRG)

• Asset Managers, Alternative Investors, Broker Dealers

• APAC Threat & Strategy Committee (ATSC)

FS-ISAC

CYBER INTEL ETSC

STIG

BRC

CIC

CUC

CAC TIC

PPISC

CHEF

SIRG

IRC

PRC

TLP Green


Councils, Exercises, and Working Groups

FS-ISAC Business

Continuity Compliance

Fraud

Payments

Info

Security

Physical

Security

Public

Affairs Securities

Cyber-Attack Against

Payment Systems

Business Resiliency

Council

Cyber Intelligence

Tradecraft Training

Community Institution

Council

Compliance Audit

Council

Data Analytics Working

Group

Media Response Team

Payment Risk Council

Security Automation

Working Group

Security Industry Risk

Group


Portal Information

Member Services

FS-ISAC Portal Overview Recording

FS-ISAC Membership Guide September

2016

FS-ISAC Point of Contact Responsibilities

Guide

New Member Orientation Recording for Basic

Core Standard

New Member Orientation Recording for

Premier Gold Platinum

FS-ISAC Webinar - Aid to Processing Shared

Information

Understanding FS-ISAC Alerts and Emails

Community Institution Council

Documents Change Management

Cyber Security

Fraud – Loss Prevention

IT Strategic Plan

Incident Response Documents

Risk Summary Reports

Security Policies

FFIEC CAT FSSCC ACAT

FFIEC CAT(Japanese)

All-Hazards Crisis

Response Playbook


Community Institution Growth

• Community Institutions in the US are

defined as banks and credit unions under

$20 billion in assets

• This subset of the financial industry makes

up FS-ISAC’s largest and most active

council (the Community Institutions Council)

• Within the CIC, Community Institutions

make up 85% of the membership and

Credit Unions make up 15%


Community Institution Council

Top Member Discussion Topics

1. What types of information technology and security solutions are

you using?

2. Requests for policy, programs and processes to address

regulatory guidance, internal audit and employee compliance.

3. Fraud and cyber exploits and emerging trends

4. Requests for information (Operational, vendor solution)


Benefits of Being an FS-ISAC Member

FS-ISAC’s value proposition includes:

Access to services and solutions that support cyber security

initiatives, increasing member shares through loss avoidance;

enhance security reducing the risk of cyber-incidents, and

subsequent financial loss impacting members

Proven practices which align to regulatory requirements while

increasing the maturity of your cyber, vendor management,

information and physical security programs

Access to free educational training programs, which increase

security awareness

Networking and access to trusted community


FS-ISAC Alert Types

ANC:

Announcement

CYT:

Cyber

Threat

CYI: Cyber

Incidents

COI:

Collective

Intelligence

CYV: Cyber

Vulnerability PHT: Physical

Threats

PHI: Physical

Incidents


Processing FS-ISAC Information

FS-ISAC strives to provide relevant and actionable threat and

vulnerability information to thousands of member organizations

worldwide.

Determining which information is of value to your organization is

for you to decide. We want to make sure you get the exact

information you need, when you need it.

Streamline Your Threat Intelligence Feeds

action simplified

Timely

Actionable

Trusted

Intelligence


Alert Types

At a minimum, we recommend selecting and reading the

following alert types daily:

If all you received were alerts in these categories, you would

only get approximately 10 emails per day. If you belong to a

listserver such as the CIC, you have the ability to create filters

to review other alerts and emails at a time you determine best

based on your workload or to delegate them to other personnel

within your institution.

FS-ISAC Alert Types

ANC:

Announcements

CYT:

Cyber Threat

CYI:

Cyber Incidents

COI: Collective

Intelligence

CYV: Cyber

Vulnerability PHT:

Physical Threats

PHI: Physical

Incidents

• Cyber Incidents: CYI

• Collective Intelligence: COI

• Cyber Threats: CYT

• Announcements: ANC


Processing FS-ISAC Information

Log into your Portal Account

and follow steps 1-5 to

enable alerts.

You have the ability to select

a variety of topics based on

your role and needs.

You have the ability to

deselect alerts in your portal

account by reversing the

above process.

Select alert types by clicking

in the appropriate box.

The FS-ISAC

and RE-ISAC

reports provide

a daily recap of

current events.


Criticality and Choice Based Roles

Alert Type Compliance Business

Continuity

Fraud

Payments Info Security

Physical

Security

CYI: Cyber Incidents

CYT: Cyber Threat

PHI: Physical Incidents

PHT: Physical Threats

CYV: Cyber Vuln

COI: Collective

Intelligence

ANC: Announcements

CIS: CISCP Reports

High Medium Low


Executive Summaries by Type

Executive Brief Risk Summary Report

Board of Directors

Executive Mgmt.

Compliance Mgmt.

Bank Security Mgmt.

Business Resiliency Mgmt.

Info Security Mgmt.

Info Technology Mgmt.

High Medium Low


When Receiving Alerts, Remember

Understand the Alert Types

Understanding Criticality & Priority

Choice Based Roles

In order to take full advantage of the Portal

Alerts and Email Mail Lists while maximizing

your daily productivity, consider establishing

rules within your email client.

Member Questions: Contact Member Services,

[email protected], 877.612.2622, prompt 1.

1

2

3

ANC:

Announcement

CYT:

Cyber

Threat

CYI: Cyber

Incidents

COI:

Collective

Intelligence

CYV: Cyber

Vulnerability PHT: Physical

Threats

PHI: Physical

Incidents

mailto:[email protected]


Creating Filters

1. Highlight an email from the CIC list.

2. Select Home-->Rules-->Create Rule

3. Under "When I get email with all of the

selected conditions," check the box next

to "From CIC".

4. Under "Do the following", select "Move

the item to folder."

5. Click "Select folder..."

6. Under "Choose a folder:", either select an

existing folder, or select "New" to create

a new folder.

7. If desired, select "Run this rule now..." to

move existing messages.

8. Select OK to save the rule.


Ransomware Roadshow

Objective:

» Increase awareness of the risk of Ransomware and potential mitigations

Features:

» Included 14 cities across the US in August – October 2016

» Reached more than 2,000 attendees

» Developed and produced cooperatively with three ISACs, Federal Bureau of Investigations, and United States Secret Service

» Included audience participation in exercises

» Introduced the concept of ISACs to the public


Sharing in Action: Monthly Executive Summary

• FS-ISAC publishes a monthly brief

for CEOs and other senior

executives.

• Labeled TLP Green – information

can be shared with employees and

trusted partners.

• Communicates the latest threat

landscape and trends using non-

technical language.

• Promotes a proactive approach to

cyber security.


The AHCR Playbook

serves as the financial

sector’s guide on how to

escalate, coordinate and

communicate information

and actions pertaining to

disruptive cyber and

physical threats & events

that could impact

operations or safety.

All-Hazards Crisis Response Playbook

(AHCRP) FS-ISAC 2016 REVISION


AHCR Exercise Program

Phase 1

Phase 2

Phase 3

Phase 4

Phase 5

Business Impact

& Risk Analysis

Identify Strategic

BCP Alternatives

Design/Develop the

Bus. Continuity Plan

The Business

Contingency Plan

Design Business

Continuity Program

Establish and Achieve Short

- Long Term Objectives

Establish and Achieve

Governance - Compliance

Incident Response

Business Continuity


Looking Ahead

• Expand membership (US and globally)

• Expand services: • Credit Union Council

• Add additional capabilities for secure storage and retrieval of critical customer account data by establishing common technical and operating standards

• Support for Critical Infrastructure FIs

• Conferences, Education and Training

• Increase response readiness and capabilities

• Support for others sectors (e.g., retail, real estate, oil and natural gas, law firms

• Cyber risks are not abating…..

• Physical threats (e.g., hurricanes, mass shootings, acts of terror)

• Financial regulators intensifying focus on cyber

• Increasing government involvement – US Federal Reserve System’s payments modernization initiative,

Executive Orders resulting in NIST Cybersecurity Framework, increased government and private sector information sharing)


FS-ISAC Membership Levels & Fees

Basic Core Standard Premier Gold Platinum

Financial Institutions, Insurance Companies , Publicly Held Securities / Brokerage Firms

Assets:

$1B - $10B

Assets:

$1B - $10B

Assets:

$10B - $20B

Assets:

$20B - $100B

Assets:

$100B - $250B

Assets:

> $250B

Processors, Utilities and

Privately Held Stand Alone

Securities Firms*

Revenue:

< $100M

Revenue:

< $100M

Revenue:

$100M - $1B

Revenue:

$1B - $2.5B

Revenue:

$2.5B - $5B

Revenue:

> $5B

Annual Membership Fees

USD $250 USD $850 USD $5,000 USD $10,000 USD $24,950 USD $49,950

Join online: https://www.fsisac.com/join

[email protected]

877-612-2622, prompt 3

https://www.fsisac.com/join

mailto:[email protected]?subject=FS-ISAC Membership Request


Contact

John Carlson,

Chief of Staff

[email protected]

571.446.3892

New members:

[email protected]

If currently a member and want a

refresh on our services:

[email protected]





FS-ISAC Team

Member Services CIC

BRC

Marketing/Sales

Global Business Services

MRT

IAT

BRM

SIRG

IRC

PRC/PPISC

Other Contacts

Community Institutions Jeffrey Korte [email protected] Business Resiliency Council Susan Rogers [email protected]

Robin Fantin [email protected] Ray Irving [email protected] Andrew Hoerner [email protected]

Member Services Beth Hubbard [email protected]

Payments/Processors Risk Charles Bretz [email protected]

Insurance Risk Council Rick Lacafta [email protected]

Securities Industry Peter Falco [email protected]

IAT Michael O’Donnell [email protected] Business Relationship Management [email protected]












Executive Leadership - Industry Outreach · 2019-05-16 · 16 October 31, 2016 — FS-ISAC...

Documents

Transcript of Executive Leadership - Industry Outreach · 2019-05-16 · 16 October 31, 2016 — FS-ISAC...