IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology...
-
Upload
sharon-parrish -
Category
Documents
-
view
212 -
download
0
Transcript of IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology...
![Page 1: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/1.jpg)
IT Security/Online Loss Prevention
Bill FinnertyAssistant Director of Information TechnologyCumberland County
![Page 2: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/2.jpg)
What is your gender?
Fem
ale
Mal
e
38%
62%
1. Female2. Male
![Page 3: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/3.jpg)
What age group do you fall into?
25
or le
ss
26
to 3
5
36
to 4
5
46
to 5
5
56
or m
ore
0% 0%
14%
64%
21%
1. 25 or less2. 26 to 353. 36 to 454. 46 to 555. 56 or more
![Page 4: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/4.jpg)
What job classification best fits you?
Ele
cted
Offi
ce
Hum
an R
esourc
es
County
Adm
inis
tratio
n
Fin
ance
Crim
inal
Just
ice
Hum
an R
esourc
es IT
Oth
er
0%
8% 8%
0%
15%
0%0%
69%
1. Elected Office2. Human Resources3. County
Administration4. Finance5. Criminal Justice6. Human Resources7. IT8. Other
![Page 5: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/5.jpg)
I am attending this session because
I am
a g
eek
at h
eart
I am
sca
red
out o
f m...
Ther
e w
as n
othin
g el..
I hea
rd th
ere
would b
e...
42%
8%
42%
8%
1. I am a geek at heart
2. I am scared out of my mind
3. There was nothing else that interested me in this time slot
4. I heard there would be free food
![Page 6: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/6.jpg)
I am confident in my organization’s IT security
Stro
ngly A
gree
Agre
e
Neu
tral
Dis
agre
e
Stro
ngly D
isag
ree
54%
31%
0%
8%8%
1. Strongly Agree2. Agree3. Neutral4. Disagree5. Strongly
Disagree
![Page 7: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/7.jpg)
Who is the average hacker?
Age – 16 to 19 Gender – 90% male Residence – 70% United States Spend an average of 57 hours working
on a computer a week Knows c, c++, or perl
![Page 8: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/8.jpg)
1. Albert Gonzalez
2. Cody Reigle
3. Stephen Watt
4. Kevin Mitnick
Who is the hacker?
Alb
ert G
onza
lez
Cody
Reigl
e
Ste
phen W
att
Kev
in M
itnic
k
0%
33%
25%
42%1) 2)
3) 4)
![Page 9: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/9.jpg)
How much would you be willing to pay for a security assessment?
Less than$10k
$10k to $30k $30k to $50k More than$50k
27%
9%9%
55%1. Less than $10k2. $10k to $30k3. $30k to $50k4. More than $50k
![Page 10: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/10.jpg)
Online Fraud 2009
Over $560 million lost in online fraud Zeus botnet is able to over write online bank
reports to cover fraud trail FBI investigates Citibank hack by Russian
organized crime 2010
Zeus botnet adds licensing module and automatic notification via IM
Most exploits sold in online black markets for $5000 or less
![Page 11: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/11.jpg)
Cumberland County Redevelopment Authority Hack September 22, 2009 $479,000 lost Attack mechanism
Clampi Virus Replaced banking website with maintenance
message Used remote session to access the bank
account Used Electronic Fund Transfers to quickly move
money
![Page 12: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/12.jpg)
Breach of Personal Information Notification Act § 2303. Notification of breach
An entity that maintains, stores or manages computerized data that includes personal information shall provide notice of any breach of the security of the system following discovery of the breach of the security of the system to any resident of this Commonwealth whose unencrypted and unredacted personal information was or is reasonably believed to have been accessed and acquired by an unauthorized person … notice shall be made without unreasonable delay
![Page 13: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/13.jpg)
What can we learn from a 3,000 year old Irish fort about IT security?
Defense in depth
The key is to have enough warning and delays to be able to react
![Page 14: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/14.jpg)
Perimeter Security
Firewall Intrusion Prevention Email gateway Web proxy server
![Page 15: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/15.jpg)
Internal Security
Anti-virus, Anti-malware, Anti-spam, etc
Desktop firewall Host based instruction detection Permissions
![Page 16: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/16.jpg)
IT Security Policy Cover what is needed for your environment
Email Internet access Social media Hardware Software Anti-virus, Anti-malware, Anti-spam
Use plain English, these are not for the legal and IT departments
![Page 17: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/17.jpg)
Does your organization regularly present IT security training?
Yes N
o
64%
36%
1. Yes2. No
![Page 18: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/18.jpg)
Security Training
Know your learners Vary the delivery methods
Presentations Video Blogs Contests
Gotcha training
![Page 19: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/19.jpg)
What type of bank(s) does your organization do business with?
Cre
dit Uni
ons
Reg
ional
Nat
ional
0% 0%
100%1. Credit Unions2. Regional3. National
![Page 20: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/20.jpg)
Coordinating with your Business Partners Establish a
relationship with your banks IT security staff
Service level agreements in contracts related to IT security
![Page 21: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/21.jpg)
Resources
Budget Man hours Internal vs. External
![Page 22: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/22.jpg)
Assessing IT Security Readiness
Industry standards ISO 27001 and 27002 NIST Special Publication 800-53A PCI Security Standard
Independent external assessment IT responsibilities Business unit responsibilities
Remediation
![Page 23: IT Security/Online Loss Prevention Bill Finnerty Assistant Director of Information Technology Cumberland County.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649e9d5503460f94b9f08b/html5/thumbnails/23.jpg)
Questions
http://www.govloop.com/profiles/blogs/ccap-administration-conference