cyber security
play

Cyber Security Mark Danaj City of Fremont ICMA Conference - PowerPoint PPT Presentation

Feb 23, 2024 •381 likes •619 views

Cyber Security Mark Danaj City of Fremont ICMA Conference Presenter Who am I? Why Am I Here? What will I accomplish? What can you learn from this presentation? Cyber Security Why is cyber security important? Who is

  1. Cyber Security Mark Danaj – City of Fremont ICMA Conference Presenter

  2. Who am I? • Why Am I Here? • What will I accomplish? • What can you learn from this presentation?

  3. Cyber Security • Why is cyber security important? • Who is responsible for cyber security? • What is the role of government?

  4. Did you know: More than 90% of successful breaches required only the most basic techniques. 1 • 96% of successful breaches could have been avoided if the victim had put in place • simple or intermediate controls. 1 75% of attacks use publicly known vulnerabilities in commercial software that • could be prevented by regular patching. 1 Outsiders were responsible for most breaches. 1 • 1 James A. Lewis, “Raising the Bar for Cybersecurity,” Center for Strategic & International Studies, February 12, 2013.

  5. Let’s take a closer look…

  6. Planning • Strong Policy and Governance • Data Discovery • Security Procedures • Compliance • Budget

  7. Operational Cyber Security Network Security Team Service Desk Technician (1FTE) • - Answer phones/emails review spam Network Engineer (1 FTE) • - Vulnerability Assessment (1 FTE) - Workstation and Servers - Email monitoring Network Engineer (1 FTE) • - Firewall Monitoring - Modify network/firewall/proxy rules - Wireless security Infrastructure Services Manager (1 FTE) • * Incident Response, Security Architecture, Penetration Tests

  8. Current State of Affairs  Government Sector

  9. What are the Problems? Solutions? • Wireless Access • Zero Day Malware • Mobile Devices • Spear Phishing • Cloud Computing • Hactivists • Social Media

  10. Wireless Access • Problem: – Wired network connections are costly, inconvenient and shrinking drastically. Wireless makes eavesdropping and unauthorized network access easier. • Solution(s): – Cisco Wireless Controller • Intrusion Prevention • Access Control – Authentication Server • Cisco ASA

  11. Mobile Devices • Problem: – Exponential growth drives exponential growth in security risks and data distribution • Solution(s): – Mobile Iron • Mobile Device Management – ForeScout • Access Control

  12. Cloud Computing • Problem: – The cloud is better, cheaper, faster, stronger. – Opportunities for data theft increase. • Solution(s): – Cyber security guidance • ISO 27001 (International Standards Organization) • NIST (National Institute for Standards and Technology) – Server certificates

  13. Social Media • Problem: – A profile or comment on a social media platform can be used to build very targeted attacks or another avenue of attack. • Solution(s): – Palo Alto Networks Firewall • Application Control – WebSense – Cyber Security Policy • Incidental Use / Guidance

  14. Zero Day Malware • Problem: – Software developers cannot patch faster than exploits are discovered • Solution(s): – Palo Alto’s Intrusion/ Detection Engine • Behavioral detection – Sophos

  15. Spear Phishing • Problem: – Persistent adversaries lure unsuspecting users into a cyber trap with relevant sounding (but malicious) emails • Solution(s): – Spam/Anti-virus Gateway * Sophos – Internet content filter * WebSense – User awareness training

  16. Hacktivists (latest criminal element) • Problem: – The act of breaking into computer systems for politically or socially motivated purposes is on the rise. • Solution(s): – Prevention • Palo Alto Firewall • ProofPoint mail gateway – Detection • Palo Alto Networks

  17. Future Initiatives • Two-Factor Authentication • Off-Site Disaster Recovery

  18. Questions/Comments? Additional Information… Mark Danaj – mdanaj@fremont.gov

  20. City of Fremont Cyber Footprint • City of Fremont, CA – ~833 Employees – ~960 computers • Primarily a Windows environment • Support client and web applications • Intranet/Internet access • ~30 Thousand emails received/month o Roughly 60% is spam

  21. The 10,000 foot view… http://www.nasa.gov/vision/earth/lookingatearth/NIGHTLIGHTS.html

  22. Attacked From Afar China's Cyber Thievery Is National Policy And Must Be Challenged January 27, 2012 (Mike McConnell, Michael Chertoff and William Lynn) “ Evidence indicates that China intends to help build its economy by intellectual-property theft rather than by innovation and investment in research and development (two strong suits of the U.S. economy). The nature of the Chinese economy offers a powerful motive to do so.” Source: Wall Street Journal, January 27, 2012, page A15

  23. Attacked From Within

Recommend

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, MidAtlantic Region National Cyber Security Division (NCSD) Office of Cybersecurity and Communications

443 views • 20 slides
Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs ! 3 properties ... Confidentiality (including personal data) Integrity Availability 2 -Sminaire LIRIMA: Cyber security: current

876 views • 64 slides
2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor, Region VII Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD) FOUO / UNCLASS Cyber Security

333 views • 12 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview 1. What is at risk? 2. Global industry trends 3. BDO/AusCERT survey 4. Recent cyber case studies 5. Cyber risk mitigation strategies Page

481 views • 35 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence Service 05-10-2015 05-10-2015 Who are we? Centre for Cyber Security In respect of the Rule of Law and Privacy Cyber is a priority (Gov.

455 views • 18 slides
Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 Agenda for today Part I Latest security news Security vulnerabilities in Java

2.02k views • 185 slides
Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line DeepSec 2014, Vienna, 21 November 2014 NATO UNCLASSIFIED Cyber Security In NATO NATO in a nutshell: Collective defence Interoperable

666 views • 42 slides
Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector What I am Company utilities in the UK going to Water UK good practice cover NIS Directive Dr Jim Marshall, Senior Policy Advisor,

231 views • 4 slides
Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK

Cyber Security February - 2016 Agenda Overview of Cyber Crime The top cyber threats to UK businesses and how to remain safe What help is available Further reading Setting the scene 21.2bn The cost of fraud to the

304 views • 19 slides
CI P Cyber Security Update CI P Cyber Security Update John Lim John Lim Consolidated Edison Co.

CI P Cyber Security Update CI P Cyber Security Update John Lim John Lim Consolidated Edison Co.

CI P Cyber Security Update CI P Cyber Security Update John Lim John Lim Consolidated Edison Co. of New York, Inc. December 1, 2010 1 Disclaim er Materials presented or discussed here are the presenters own and do not necessarily

451 views • 15 slides
1 5 6 Cyber Security and Cyber Space During these last years, the most important effect of the

1 5 6 Cyber Security and Cyber Space During these last years, the most important effect of the

1 5 6 Cyber Security and Cyber Space During these last years, the most important effect of the evolution of IT environments has been the origin of Cyber Space as a result for the Internet use by all subjects in the world, that is Individual

1.17k views • 67 slides
Review Process A. DAVID MCKINNON, PH.D. Cyber Security Group, National Security Directorate

Review Process A. DAVID MCKINNON, PH.D. Cyber Security Group, National Security Directorate

SGIG Cyber Security Program Review Process A. DAVID MCKINNON, PH.D. Cyber Security Group, National Security Directorate TCIPG Industry Workshop 2014 November 14, 2014 PNNL-SA-106570 1 SGIG Cyber Security Program Overview Smart Grid

675 views • 10 slides
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019)

FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.) Overview Current Landscape

560 views • 23 slides
AI and Cyber Warfare Ernesto Damiani 12-09-2019 ku.ac.ae KU Cyber-Physical Systems Center

AI and Cyber Warfare Ernesto Damiani 12-09-2019 ku.ac.ae KU Cyber-Physical Systems Center

AI and Cyber Warfare Ernesto Damiani 12-09-2019 ku.ac.ae KU Cyber-Physical Systems Center (C2PS) SECURITY OF THE GLOBAL ICT INFRASTRUCTURE Network and Communications Security Business Process Security and Privacy Security and

667 views • 15 slides
Designing, Building and Managing a Cyber Security Program Based on the NIST Cybersecurity

Designing, Building and Managing a Cyber Security Program Based on the NIST Cybersecurity

Designing, Building and Managing a Cyber Security Program Based on the NIST Cybersecurity Framework (NIST CSF) A Business Case Agenda and Objectives The Digital Innovation Economy The Cyber Security Problem The Cyber Security Solution

260 views • 22 slides
Cyber/Information Cyber/Information Security Cyber/Information Cyber/Information Security

Cyber/Information Cyber/Information Security Cyber/Information Cyber/Information Security

Cyber/Information Cyber/Information Security Cyber/Information Cyber/Information Security Security Insurance: Security Insurance: Insurance: Insurance: A Montana Perspective A Montana Perspective Presented by: d b Brett E. Dahl,

197 views • 8 slides

More recommend