1 / 32

Cybersecurity for Government

Cybersecurity for Government. Presented by: Carly Devlin. TODAY’S PRESENTER. Carly Devlin Managing Director Columbus Office. Agenda. Understanding Cyber Risk Cyber Threats Case Studies Managing Cyber Risk Cybersecurity Tools Questions. Understanding Cyber Risk. What is Cyber Risk.

sgrimes
Télécharger la présentation

Cybersecurity for Government

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cybersecurity for Government Presented by: Carly Devlin

  2. TODAY’S PRESENTER Carly Devlin Managing Director Columbus Office

  3. Agenda • Understanding Cyber Risk • Cyber Threats • Case Studies • Managing Cyber Risk • Cybersecurity Tools • Questions

  4. Understanding Cyber Risk

  5. What is Cyber Risk • Source: The Institute of Risk Management • Failure to mitigate this risk may cause: • Disruption of systems/business processes • Loss of confidential data • Financial loss • Fraudulent reporting and metrics • Damage to reputation

  6. Cybersecurity Industry Facts Source: CSO

  7. Cybersecurity Definitions • Threat: • Circumstance or event with the potential to adversely impact organizational operations, organizational assets, and/or individuals, through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

  8. Cyber Threats

  9. Security Incident Survey 2019 Verizon Data Breach Report: Overall Victims

  10. Security Incident Survey 2019 Verizon Data Breach Report: Public Administration

  11. Our Clients: Most Common Cyber Threats

  12. Threat Horizon and Industry Outlook • Cyber-Espionage is rampant in the public sector • The human factor: Not only phishing (which is an ongoing problem), but misdelivery, erroneous publishing of data, and insider misuse are also concerns • Breaches in the public sector are taking months and years to be discovered (privilege misuse is the most common pattern)

  13. Case Studies

  14. Attack #1 – City of Atlanta

  15. Attack #1 – City of Atlanta Photo: The Atlanta Journal-Constitution

  16. Attack #2 – Colorado Department of Transportation

  17. Attack #3 – Oregon Department of Human Services

  18. Attack #4 – City of Baltimore

  19. Managing Cyber Risk

  20. Managing Cyber Risk Mitigation vs. Elimination of Risk Inherent Risk Controls

  21. Use of a Security Framework • Documented processes used to define policies and procedures around the implementation and ongoing management of information security controls in an enterprise environment.

  22. NIST Cybersecurity Framework (CSF) • Established by: The National Institute of Standards and Technology (NIST) • Designed to: Be a US government-ordered, cybersecurity framework • Overview: Provides a common language with which to address and manage cyber risk in a cost-effective way based on business needs, without additional regulatory requirements.

  23. NIST Cybersecurity Framework (CSF) • Three Parts: • Framework Core • Framework Implementation Tiers • Framework Profiles

  24. CSF Core

  25. CSF – Applying the Framework 1. Prioritize & scope 2. Orient 3. Create a current profile 4. Conduct a risk assessment 5. Create a target profile 6. Determine, analyze & prioritize gaps 7. Implement action plans Repeatable

  26. CIS Top 20 Controls Framework • Established by: The Center for Internet Security • Designed to: Be global standards and recognized best practices for securing IT systems and data against the most pervasive attacks. • Overview: Can be used to quickly establish the protections providing the highest payoff within organizations. Guides you through a series of foundational and advanced cybersecurity actions, where the most common attacks can be eliminated.

  27. CIS Top 20 Controls Framework • Implementation helps defeat over 85% of common attacks

  28. CIS Top 20 Controls Framework • Implementation Groups

  29. ISO/IEC 27001 • Established by: The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) • Designed to: Provide requirements for an information security management system (ISMS) • Overview: Requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of an organization.

  30. ISO/IEC 27001 • Includes people, processes and IT systems by applying a risk management process. It can help small, medium and large businesses in any sector keep information assets secure.

  31. Where Do I Start? • Framework Gap Analysis • IT/Security Audit • Vulnerability Assessment • Strategy Advisory Assistance

  32. QUESTIONS? Carly Devlin Managing Director cdevlin@clarkschaefer.com

More Related