hi mss cyb e rse c urity co mmunity spo nso r
play

HI MSS Cyb e rse c urity Co mmunity Spo nso r 1 Se c urity F unda - PowerPoint PPT Presentation

Apr 07, 2024 •349 likes •542 views

HI MSS Cyb e rse c urity Co mmunity Spo nso r 1 Se c urity F unda me nta ls b a se d o n the NI ST Cyb e rse c urity F ra me wo rk 01.23.2020 Speaker I ntr oduction Ric k Spatafor e CPHI MS, GI SP, GCI H, HCI SPP Ma na g e r,

  1. HI MSS Cyb e rse c urity Co mmunity Spo nso r 1

  2. Se c urity F unda me nta ls b a se d o n the NI ST Cyb e rse c urity F ra me wo rk 01.23.2020

  3. Speaker I ntr oduction Ric k Spatafor e CPHI MS, GI SP, GCI H, HCI SPP Ma na g e r, Adviso ry Se rvic e s with Se ntine l T e c hno lo g ie s 15 ye a rs He a lthc a re I T 15 ye a rs c yb e rse c urity & c o mplia nc e 25 ye a rs in te c hno lo g y 3

  4. What ar e c ybe r se c ur ity fundame ntals? 4

  5. Se c ur ity Data & Re se ar c h 5

  6. Atta c ks a re o n the rise (2017, 2018, 2019) • 2017-2018 inc lude d a sma ll inc re a se in b re a c he s • Da ta e xpo se d triple d ye a r o ve r ye a r Ra nso mwa re will c o ntinue AI wa s o ne o f the to p pre dic tio ns fo r 2019 • AI is a g a in a to p pre dic tio n fo r 2020 Clo ud mig ra tio n will inc re a se se c urity risk Clo ud se c urity is no t ma ture Se c ur ity Postur e 6

  7. Threats Resources Capabilities Se c ur ity is no t o ne size fits all 7

  8. Cybe r Kill Chain - Anatomy of an Attac k Re c onnaissanc e – r e se ar c h, ide ntify and se le c t tar ge ts c ommon use of we b site s, soc ial me dia, e ve nt listings, por t sc ans We aponization – pair ing ac c e ss to malwar e with de live r able payload (e .g. Adobe PDF , Mic r osoft Offic e F ile s) De live r y – tr ansmission of we apon to tar ge t (e .g. via e mail, attac hme nts, we bsite s, USB or othe r physic al me dia E xploitation – Onc e de live r e d, the we apon’s c ode is tr igge r e d e xploiting vulne r able applic ations or syste ms Installation – Onc e de live r e d the we apon’s c ode is tr igge r e d, e xploiting vulne r able applic ations or syste ms Command & Contr ol – Outside se r ve r c ommunic ate s with the we apons pr oviding ac c e ss inside the tar ge t’s ne twor k Ac tions on Obje c tive s – Attac ke r wor ks to ac hie ve the obje c tive of the intr usion – e xfiltr ation, data de str uc tion, or intr usion of anothe r tar ge t 8

  9. NIST Cybe r Se c ur ity F r ame wor k IDE NT IF Y PROT E CT DE T E CT RE SPOND RE COVE R Asse t Ma na g e me nt Id e ntity Ma na g e me nt Ano ma lie s a nd E ve nts Re spo nse Pla nning Re c o ve ry Pla nning Busine ss E nviro nme nt Ac c e ss Co ntro l Se c urity Co ntinuo us Co mmunic a tio ns Impro ve me nts Go ve rna nc e Awa re ne ss & T ra ining Mo nito ring Ana lysis Co mmunic a tio ns Risk Asse ssme nt Da ta Se c urity De te c tio n Pro c e ss Mitig a tio n Risk Ma na g e me nt Pro c e ss & Pro c e d ure s Impro ve me nts Supply Cha in Risk Ma inte na nc e Ma na g e me nt Pro te c tive T e c hno lo g y 9

  10. NIST CSF : Ide ntify Identify Asset Management ID.AM-1 ID.AM-1 : Physical devices and systems within the organization are inventoried ID.AM-2 ID.AM-2: Software platforms and applications within the organization are inventoried ID.AM-3 ID.AM-3 : Organizational communication and data flows are mapped 10

  11. NIST CSF : Ide ntify 11

  12. Protect Identity Management, Authentication and Access Control PR.AC-1 PR.AC-1: Identities and credentials are managed for authorized devices and users PR.AC-4: Access permissions are managed, incorporating the principles of least privilege PR.AC-4 and separation of duties PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) PR.AC-7 commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks) (1.1) NIST CSF : Prote c t Dig ita l E nro llme nt & Authe ntic a tio n & F e de ra tio n & I de ntity I de ntity L ife c yc le Asse rtio n Guide line s Pro o fing Ma na g e me nt 12

  13. Password: x Password: Locu$t0% Passphrase: I like to vacation in Hawaii! 13

  14. NIST CSF : Prote c t 14

  15. NIST CSF : Prote c t Information Protection, Processes & Procedures PR.IP-1: A baseline configuration of information technology/industrial control systems is PR.IP-1 created and maintained (e.g. concept of least functionality) PR.IP-2 PR.IP-2: A System Development Life Cycle to manage systems is implemented PR.IP-12 PR.IP-12: A vulnerability management plan is developed and implemented PR.PT-3: The principle of least functionality is incorporated by configuring systems to PR.PT-3 provide only essential capabilities (1.1) 15

  16. Protect Information Protection, Processes & Procedures PR.IP-12 PR.IP-12: A vulnerability management plan is developed and implemented Detect Security Continuous Monitoring NIST CSF : DE.CM-8 DE.CM-8: Vulnerability scans are performed Prote c t & De te c t 16

  17. NIST Cybe r se c ur ity F r ame wor k 17

  18. Q&A C o n ta c t In fo rm a tio n : Ric k Spa ta fore Ma na g e r, Advisory Se rvic e s Se ntine l T e c hnolog ie s Offic e : 630.786.8062 rspa ta fore @se ntine l.c om 18

Recommend

Qua il L a ke s Co mmunity Pa re nt/ Co mmunity Pre se nta tio n Oc to b e r 16, 2019 L a ke

Qua il L a ke s Co mmunity Pa re nt/ Co mmunity Pre se nta tio n Oc to b e r 16, 2019 L a ke

New E lementar y Sc hool Qua il L a ke s Co mmunity Pa re nt/ Co mmunity Pre se nta tio n Oc to b e r 16, 2019 L a ke vie w Asse mb ly / Qua il L a ke s 2 E le me nta ry Sc ho o l* Visio n Qua il L a ke s sub -divisio n wa s de

508 views • 18 slides
Ho spita ls & Co mmunity Be ne fit Bring ing he a lth c a pa c ity to the c o mmunity thro

Ho spita ls & Co mmunity Be ne fit Bring ing he a lth c a pa c ity to the c o mmunity thro

9/ 22/ 2015 Ho spita ls & Co mmunity Be ne fit Bring ing he a lth c a pa c ity to the c o mmunity thro ug h pa rtne rships, c o a litio ns a nd ho spita l T he Co mmunity Be ne fit Pro g ra ms o f Me rc y He a lth c o mmunity b e ne

283 views • 17 slides
SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen

SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen

SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen Operations Support Manager Western Area Power Administration Sub Substation Ne station Netwo twork rk Sec Security urity Tyler Stinson

627 views • 13 slides
F UL L E R MI DDL E SCHOOL F E ASI BI L I T Y ST UDY Co mmunity F o rum 5 June

F UL L E R MI DDL E SCHOOL F E ASI BI L I T Y ST UDY Co mmunity F o rum 5 June

F UL L E R MI DDL E SCHOOL F E ASI BI L I T Y ST UDY Co mmunity F o rum 5 June 11, 2018 PROJECT MANAGEMENT SMMA Ag e nda Brie f Re c a p fro m Co mmunity Me e ting s 1- 4 1. I ntro duc tio ns 2. Sc o pe , Pro c e ss, a nd Sc

450 views • 43 slides
Sa Safe fety ty an and S d Sec ecurity urity Pr Proj oject ect Upd pdat ate Ralph

Sa Safe fety ty an and S d Sec ecurity urity Pr Proj oject ect Upd pdat ate Ralph

Sa Safe fety ty an and S d Sec ecurity urity Pr Proj oject ect Upd pdat ate Ralph McKinney Chief Safety and Security Officer Saf afety ety an and S d Sec ecur urity ity Req equi uire remen ments ts fo for Ma Majo jor r

255 views • 12 slides
Cl Clien ient-side side sec ecurity urity ri risk sks s esp. . HTML TML injection

Cl Clien ient-side side sec ecurity urity ri risk sks s esp. . HTML TML injection

Web b Securi urity ty Cl Clien ient-side side sec ecurity urity ri risk sks s esp. . HTML TML injection jection and nd XSS SS (Cross oss Si Site te Sc Scripting ipting) 1 Last week malicious input brow owser ser web

844 views • 67 slides
Challe nge s and o ppo r tunitie s T ar a Bar auskas, E xe c utive Dir e c tor Co mmunity

Challe nge s and o ppo r tunitie s T ar a Bar auskas, E xe c utive Dir e c tor Co mmunity

Affor dable housing pr oduc tion in Santa Monic a Challe nge s and o ppo r tunitie s T ar a Bar auskas, E xe c utive Dir e c tor Co mmunity Co rp o f Sa nta Mo nic a Co mmunity Co rpo ra tio n o f Sa nta Mo nic a E sta b lishe

405 views • 16 slides
We I nne r Co nne c t Yo u With Yo ur Co mmunity Who We Are : At I nne r-So l, I

We I nne r Co nne c t Yo u With Yo ur Co mmunity Who We Are : At I nne r-So l, I

We I nne r Co nne c t Yo u With Yo ur Co mmunity Who We Are : At I nne r-So l, I nc . we c a re a b o ut the E nviro nme nt, the E a rth a nd its pe o ple . Our missio n is to pro vide e ffic ie nt so la r e ne rg y a nd re

350 views • 16 slides
Sc hool Site Sc hool Site Sa fe ty a nd Sa fe ty a nd Se c urity Se c urity Crime Pre ve

Sc hool Site Sc hool Site Sa fe ty a nd Sa fe ty a nd Se c urity Se c urity Crime Pre ve

Sc hool Site Sc hool Site Sa fe ty a nd Sa fe ty a nd Se c urity Se c urity Crime Pre ve ntio n T Crime Pre ve ntio n T hro ug h E hro ug h E nviro nme nta l De sig n nviro nme nta l De sig n a nd Othe r Sa fe ty Me a sure Co nside ra

566 views • 40 slides
Co mmunity E ne rg y, Co o pe ra tive s a nd the Ge ne ra tio n o f L o c a l E ne rg y L o

Co mmunity E ne rg y, Co o pe ra tive s a nd the Ge ne ra tio n o f L o c a l E ne rg y L o

Co mmunity E ne rg y, Co o pe ra tive s a nd the Ge ne ra tio n o f L o c a l E ne rg y L o re le i Ha nso n, Atha b a sc a Unive rsity/ E ne rg y F uture s L a b / AB Gre e n E c o no my Ne two rk/ City o f E dmo nto n T ra nsitio

560 views • 40 slides
Spa c e Se c urity Susta ina bility zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA L e a

Spa c e Se c urity Susta ina bility zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA L e a

Spa c e Se c urity Susta ina bility zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA L e a ding the Wa y! Mo o re sto wn c o ntinue s to b e a t the to p o f the c ha rts Ac a de mic s, Athle tic s, the F ine a nd Pe rfo

115 views • 9 slides
Da ta Priva c y a nd Se c urity Ba sic s fo r E ve ry Busine sse s Se pte mb e r 11, 2013 Ag e

Da ta Priva c y a nd Se c urity Ba sic s fo r E ve ry Busine sse s Se pte mb e r 11, 2013 Ag e

Ba c k to Sc ho o l: Da ta Priva c y a nd Se c urity Ba sic s fo r E ve ry Busine sse s Se pte mb e r 11, 2013 Ag e nda Ove rvie w Co ntra c t Co nside ra tio ns Pa yme nts & Co lle c tio ns Me rg e rs & Ac q

373 views • 34 slides
F UL L E R MI DDL E SCHOOL F E ASI BI L I T Y ST UDY Co mmunity Wo rksho p # 1 No

F UL L E R MI DDL E SCHOOL F E ASI BI L I T Y ST UDY Co mmunity Wo rksho p # 1 No

F UL L E R MI DDL E SCHOOL F E ASI BI L I T Y ST UDY Co mmunity Wo rksho p # 1 No ve mb e r 13, 2017 PROJECT MANAGEMENT SMMA Ag e nda 1. I ntro duc tio ns 2. F e a sib ility Study Sc o pe 3. MSBA Pro c e ss a nd Sc he dule

360 views • 35 slides
2016 Syste m Se c urity Upda te Surviving a nd Sta ying sa fe in a c o nne c te d wo rld.

2016 Syste m Se c urity Upda te Surviving a nd Sta ying sa fe in a c o nne c te d wo rld.

2016 Syste m Se c urity Upda te Surviving a nd Sta ying sa fe in a c o nne c te d wo rld. Jim Hutc hins So uth So und I T Olympia , WA 866.827.9889 T o da y Curre nt T hre a ts Pre ve ntio n Mitig a tio n Re c o ve ry

514 views • 24 slides
Multiple Sc le ro sis At Ho me Ac c e ss (MAHA): Ca re I nto Co mmunity K AT HL E E N

Multiple Sc le ro sis At Ho me Ac c e ss (MAHA): Ca re I nto Co mmunity K AT HL E E N

Multiple Sc le ro sis At Ho me Ac c e ss (MAHA): Ca re I nto Co mmunity K AT HL E E N HE AL E Y ARNP, PHD ASSI ST ANT PROF E SSOR, MUL T I PL E SCL E ROSI S PROGRAM DE PART ME NT OF NE UROL OGI CAL SCI E NCE

353 views • 11 slides
Me rg e r with Co mmunity Ba nk F e b rua ry 26, 2018 c b b a nk.c o m F o rwa rd L o o king

Me rg e r with Co mmunity Ba nk F e b rua ry 26, 2018 c b b a nk.c o m F o rwa rd L o o king

Me rg e r with Co mmunity Ba nk F e b rua ry 26, 2018 c b b a nk.c o m F o rwa rd L o o king Sta te me nts Certain matters set forth herein (including the exhibits hereto) constitute forward-looking statements within the meaning of the

732 views • 25 slides
Public Sa fe ty a nd Se c urity a round Sa skPowe r Da ms Par tne r s F OR the Saskatc he wan

Public Sa fe ty a nd Se c urity a round Sa skPowe r Da ms Par tne r s F OR the Saskatc he wan

Public Sa fe ty a nd Se c urity a round Sa skPowe r Da ms Par tne r s F OR the Saskatc he wan Rive r Basin and Canadian Wate r Re sour c e s Assoc iation Saskatc he wan Br anc h 2018 Confe r e nc e T he Damme d Rive r s! Oc tobe

285 views • 24 slides
~ o ~v~:~~,i:~,:~urity Elltlrnicslturity indfifiproan ~~ United V Technologies Air

~ o ~v~:~~,i:~,:~urity Elltlrnicslturity indfifiproan ~~ United V Technologies Air

~ o ~v~:~~,i:~,:~urity Elltlrnicslturity indfifiproan ~~ United V Technologies Air conditning. hea~nii, Aircrit\iindspacesyslimsiind Indr.rrillrliliOfsyslems A United iiniiiniiiirllindu!ilriiiprucl V Technologies Operations in 180+

263 views • 4 slides
Co mme nts o n Asse ssme nt Co nso rtia T e st Se c urity Pre se ntatio ns Steve Ferrara

Co mme nts o n Asse ssme nt Co nso rtia T e st Se c urity Pre se ntatio ns Steve Ferrara

Co mme nts o n Asse ssme nt Co nso rtia T e st Se c urity Pre se ntatio ns Steve Ferrara Presented in J. Steedle (Organizer), Test Security for Common Core Consortia Assessments , a session in the National Conference on Student Assessment June

356 views • 16 slides
Virg inia Co mmunity Ca pita l So c ia l I mpa c t Teri Lovelace, Esq. Chief Impact Officer

Virg inia Co mmunity Ca pita l So c ia l I mpa c t Teri Lovelace, Esq. Chief Impact Officer

Virg inia Co mmunity Ca pita l So c ia l I mpa c t Teri Lovelace, Esq. Chief Impact Officer March 31, 2016 Struc ture VCC no npro fit b a nk ho lding c o mpa ny CCB fo r pro fit sta te c ha rte re d c o mmunity de ve lo pme nt b

531 views • 50 slides
4 Ve ra nda h Pla c e Ro o fto p Additio n Co b b le Hill, Bro o klyn Co mmunity Bo a rd # 306

4 Ve ra nda h Pla c e Ro o fto p Additio n Co b b le Hill, Bro o klyn Co mmunity Bo a rd # 306

4 Ve ra nda h Pla c e Ro o fto p Additio n Co b b le Hill, Bro o klyn Co mmunity Bo a rd # 306 Pre se nta tio n 04.25.2016 david cunningham architecture planning Mary B Dierickx Historic Preservation Consulting 543 union street 1C brooklyn

850 views • 29 slides
Sa Safer er Si Six IP IPv6 v6 Se Security urity in a Nut utsh shel ell Joha hann nna

Sa Safer er Si Six IP IPv6 v6 Se Security urity in a Nut utsh shel ell Joha hann nna

Sa Safer er Si Six IP IPv6 v6 Se Security urity in a Nut utsh shel ell Joha hann nna a Ull llrich ich I think there is a world market for maybe five computers Thomas Watson Reasons nicholsoncartoons.com.au connect.de

551 views • 33 slides
E a st Midto wn Gre e nwa y a st 53 rd 61 st Stre e t E Co mmunity Bo a rd 8 | Pro je c t I

E a st Midto wn Gre e nwa y a st 53 rd 61 st Stre e t E Co mmunity Bo a rd 8 | Pro je c t I

E a st Midto wn Gre e nwa y a st 53 rd 61 st Stre e t E Co mmunity Bo a rd 8 | Pro je c t I ntro duc tio n No ve mb e r 16, 2017 Ag e nda Ove rvie w - De ve lo pme nt o f the E a st Midto wn Wa te rfro nt E spla na de Curre

957 views • 36 slides
T he Arse na l o n the Cha rle s We st Ga ra g e Pro je c t Co mmunity Me e ting No ve mb e

T he Arse na l o n the Cha rle s We st Ga ra g e Pro je c t Co mmunity Me e ting No ve mb e

T he Arse na l o n the Cha rle s We st Ga ra g e Pro je c t Co mmunity Me e ting No ve mb e r 17, 2016 Ag e nda 1. Pro je c t Summa ry Pro je c t Ove rvie w Pro je c t T e a m Me mb e rs Ab o ut C.E . F lo yd Co mpa ny

247 views • 20 slides

More recommend