Official Informal Briefing Minutes Tuesday, April 19, 2016 ...€¦ · computer without user...

Official Informal Briefing Minutes

Tuesday, April 19, 2016 - 10:30 AM Present: Charlotte J. Nash, Jace Brooks, Lynette Howard, Tommy Hunter, John Heard

1. Information Technology Security Awareness Program Presentation

IT Director Abe Kani and Networks and Telecommunications Manager Tim Tullis presented information on cyber and network security and the County’s new Safety Awareness Program. No Official Action Taken.

INFORMATION TECHNOLOGY

Information Security Awareness Program

Agenda

What are Media saying?

Important Statistics

What is Cybersecurity?

Common Security Threats

Current Security Infrastructure

E-Mail System

Mobile Security Management

Ongoing Activities


What are Media Saying?

80 Million Potentially Impacted By Anthem Security Breach February 5, 2015

What are Tracking Sites Saying?

• 200+ Million records (so far) in 2015

• Targets include all industries and geographies

• Healthcare shows a recent spike in breach activity

• Social engineering has replaced brute force hacking

• Victims include industry leaders with huge budgets


According to a December 2010 analysis of U.S. spending plans, the federal government has allotted over $13 billion annually to cybersecurity over the next five years.

According to FBI, Ransomware is on the rise! Attackers are moving faster but defenses are not! The

top five zero-days of 2014 were actively used by attackers for 295 days before patches were available.

• A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware

There were more than 317 million new pieces of malware created in 2014, meaning nearly one million new threats were released.


In 2014, the media reported a protocol vulnerability of SS7 by which hackers can track the movements of cell phone users from virtually anywhere in the world with a success rate of approximately 70%.

In addition, eavesdropping is possible by using the protocol to forward calls and also facilitate decryption by requesting that each caller’s carrier release a temporary encryption key to unlock the communication after it has been recorded.

Ever Changing Nature of Threats

"The threat is advancing quicker than we can keep up with it. The threat changes faster than our idea of the risk. It's no longer possible to write a large white paper about the risk to a particular system. You would be rewriting the white paper constantly..."

• - Adam Vincent, CTO-public sector at Layer 7 Technologies

What is Cybersecurity?

Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.

A threat is any potential or actual adverse event that can compromise the assets of an enterprise, including both malicious events, such as a denial-of-service (DoS) attack, and unplanned events, such as the failure of a storage device.

Ensuring cybersecurity requires coordinated efforts throughout an information system.

Elements of Cybersecurity

Application Security

The use of software, hardware, and procedural methods to protect applications from external threats.

• Security must be addressed during development as applications become more frequently accessible over networks and are vulnerable to a wide variety of threats.

• Actions taken to ensure application security are sometimes called countermeasures.

• An application firewall limits the execution of files or the handling of data by specific installed programs.

• A router can prevent the IP address of an individual computer from being directly visible on the Internet.

• Other countermeasures include conventional firewalls, encryption/decryption programs, anti-virus programs, spyware detection/removal programs and biometric authentication systems.


Network Security

The process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions within a secure environment. • A network security system typically relies on layers of protection and

consists of multiple components including networking monitoring and security software in addition to hardware and appliances. All components work together to increase the overall security of the computer network.


Disaster Recovery/Business Continuity Planning

A disaster recovery plan, sometimes referred to as a business process contingency plan, describes how an organization is to deal with potential disasters.

• Involves an analysis of business process and continuity needs and may also include a significant focus on disaster prevention.

• Consists of the precautions taken so that the effects of a disaster will be minimized and the organization will be able to either maintain or quickly resume mission-critical functions.


End-user Education Educating employees that they will be targeted, encouraging

them to be vigilant at all times, teaching employees what qualifies as sensitive data, how to identify and avoid threats, acceptable use policies and security policies.

• With the rise in cybercrime as well as the increase in the consumerization of IT, it is more

important than ever to fully educate employees about security attacks and protection.

• Due to the detrimental ramifications, it is vital that end users have a full understanding of the most common ways for threat actors to target them.

• It’s also crucial that end users understand their role and responsibilities in maintaining the organization's compliance with relevant regulations, such as PCI DSS for payment card data or HIPAA for health records.

• In short, educating the work force is critical and is a key requirement of information security standards such as ISO27001.


Malware - Short for “malicious software.” It is specifically designed to gain access or damage a computer without the knowledge of the owner. It comes in a variety of forms.

Adware - Software that is financially supported (or financially supports another program) by displaying ads when you're connected to the Internet.

Spyware - Software that surreptitiously gathers information and transmits it to interested parties. Information gathered includes the Websites visited, browser and system information, and your computer IP address.


Virus (Worm) – A program or piece of code that is loaded onto your

computer without user knowledge. All computer viruses are man-made.

– Viruses can also replicate themselves. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt.

– An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.


Trojan horse (Trojan) – A program in which malicious or harmful code is contained

inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as deleting, blocking, modifying, or copying data. They could disrupt the performance of computer or a network.


Phishing – The attempt to acquire sensitive information such as

usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.

– Phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and will capture and steal any information the user enters on the page.


Ransomware – Hackers exploit vulnerabilities to try and monetize. They

are not interested in exploiting specific sensitive data, but electronically confiscate it to interrupt access and extort payment.

– Computers can became infected when users open e-mail attachments that contain the malware.

– There has been an increasing number of incidents involving so-called “drive-by” ransomware. Users can infect their computers simply by clicking on a compromised website, often lured there by a deceptive e-mail or pop-up window.


Ransomware (Continued) – There is a fairly new ransomware variant, called CryptoWall (and

CryptoWall 2.0, its newer version). This virus encrypts files on a computer’s hard drive and any external or shared drives to which the computer has access.

– It directs the user to a personalized victim ransom page that contains the initial ransom amount (anywhere from $200 to $5,000), detailed instructions about how to purchase Bitcoins, and typically a countdown clock to notify victims how much time they have before the ransom doubles.

– Victims are infected with CryptoWall by clicking on links in malicious e-mails that appear to be from legitimate businesses and through compromised advertisements on popular websites.

Security Landscape

Access Control and Video Surveillance

Managing varying devices

Insuring you are who you

say you are

Keeping the bad guys out and the good guys in

Application development

best practices

What if something does happen?

Think Security, Act

Securely

Physical Security

Gwinnett County Network Facilities

County Network Overview

Current Security Infrastructure

Our Capabilities

An integrated system-of-systems that offers a range of capabilities, including intrusion detection, analytics, intrusion prevention.

A technological foundation that enables ITS to secure and defend the County information technology infrastructure against advanced cyber threats.

Our Capabilities

Network Segmentation Firewalls Intrusion Prevention System Network Access Control System Antivirus Software Internet Filtering Spam and E-Mail Filtering Distributed Denial of Service (DDoS) Patch Management End-Point and Mobile Device Management Secure Cellular Connectivity

Network Segmentation

Email Security and SPAM

SPAM (or email SPAM) is also known as junk email or unsolicited email users receive from a wide range of sources from advertising to messages that contain disguised links that appear to be familiar websites, but in fact lead to virus downloads.

Spammers collect email addresses from websites, customer lists and other viruses.

Message Statistics: Last 30 days – 1,637,035 email messages received 444,571 classified as SPAM 113,588 Email Viruses Detected and Deleted


If suspect messages are received that were not requested by the user or if a message look suspicious, it should be deleted and reported to the Help Desk for blocking.

The Infrastructure Team manages appliances and Mail Security applications to protect messages and systems from the latest virus threats.

Password Expiration Policy

A password expiration policy is in place to protect end-user logon security.

This policy requires the user to change their logon password every 90 days and to include the below criteria:

• Cannot use the same last 10 passwords • Minimum password length 8 characters • Users will be locked out of their workstations and accounts after 5 invalid

logon attempts and will be required to contact the Help Desk for assistance

Complexity in creating the password includes the requirement to match 3 of the 4 below:

• Uppercase Characters (A-Z) • Lowercase Characters (a-z) • Base 10 Digits (0-9) • Non-Alphabetic Characters (! $ # %)

Users are not to provide to another user their password and to not have posted anywhere visible.

AntiVirus Endpoint Protection

AntiVirus security protects all end-user workstations and server systems from these virus threats

A virus can be introduced into the environment via multiple paths as: • Email • Downloads from malicious websites or valid websites that have been hacked • USB thumb drives and external drives • Downloads through personal email via Gmail and Yahoo

Currently under the protection of the AntiVirus application are the following systems • 5,000+ desktops and laptops • 650 server systems

These systems are updated every 2 hours with the latest virus information and monitored by the Infrastructure Team


Mobile Device Security

Securing Mobile Devices

Mobile devices are prized for increased productivity, flexibility and convenience.

Mobile devices and networks have become more sophisticated and ubiquitous.

They present significant challenges for IT administrators charged with managing organization’s data and networks and keeping them secure.

IT must take a long, hard look at the ways these devices access and store corporate data to ensure they don't pose a security risk.

Security experts are finding a growing number of viruses, worms, and Trojan horses that target mobile devices.

It's a matter of risk management to key business assets, processes and confidential information.

Centralize management of mobile devices. Maintain an inventory so that we know who's using what kinds of devices.

Mobile Data Management

MDM tools authenticate the user and apply the right Acceptable Use Policy (AUP).

– Which mobile device makes and models can be enrolled for business use? – What minimum requirements must they satisfy? – Which corporate networks, services, applications and data are they

permitted to access?

MDM tools can implement general mobile security best practices, including app whitelist and blacklist enforcement, by querying each device's hardware and software.

Pushing profiles over the air to devices to hide YouTube, FaceTime or other blacklisted apps.

Mobile Application Management

Relying on users to install and configure business or security apps is risky.

Establishing a platform with which to track app downloads, installation results and ongoing usage.

MAM tools help IT implement best practices by supporting over-the-air app installation and maintenance.

Enterprise application packages, profiles and associated data can be uploaded to an MAM tool and bound to user/device groups.

MAM tool takes responsibility for mapping each user/device to mandatory and optional apps, to be pushed during enrollment and whenever updates become available.

Ongoing Activities to Remain Vigilant

External Penetration Testing

Internal Vulnerability Assessments

Solid Data Back up and Restore

Enterprise Network Security Assessment

Internal Server and Desktop Assessment


Information Security

Awareness Program


Each and every one of us has a part to play in securing our own corner of cyberspace, as well as every device, network, and account we use.

Employees are frequently exposed to sophisticated phishing and ransomware attacks.

More than ever, users are the weak link in network security.

Program Objectives – To keep IT users engaged – To shares information among employees to provide greater understanding of

cybersecurity – To maintain constant communication between IT and end users – To comply with regulatory requirements such as PCI

Program consists of:

– Quarterly themes – Newsletters/Posters – Coming soon presentations at various facilities

Information Technology Services

Official Informal Briefing Minutes Tuesday, April 19, 2016 ...€¦ · computer without user...

Documents

Transcript of Official Informal Briefing Minutes Tuesday, April 19, 2016 ...€¦ · computer without user...