information technology security
play

Information Technology Security Presentation to Joint Legislative - PowerPoint PPT Presentation

Jan 27, 2023 •231 likes •353 views

Information Technology Security Presentation to Joint Legislative Committee on Information Technology Oversight Chip Moore State Chief Information Security Officer Office of Information Technology Services December 13, 2012 Introduction

  1. Information Technology Security Presentation to Joint Legislative Committee on Information Technology Oversight Chip Moore State Chief Information Security Officer Office of Information Technology Services December 13, 2012

  2. Introduction • Security adage: there are two kinds of organizations – Those that have been hacked – Those that don’t know they’ve been hacked • Attempts to steal or compromise data are constant, and hackers will probably get into your systems • Key issue is what have you done to protect your data and minimize the damage 2

  3. Outline • Threats – Entry points – Types of threats • Current themes in IT security • IT security in state government • Opportunities for improvement • Questions 3

  4. Cyber infrastructure • Internet Connections – Three (3) • Wide Area Network Connections ~3,700 • Exposed Servers (Web, Mail, Mainframe, Agency Applications >1,000) • PCs and laptops (~64,000) •Core Applications (Windows, Office, Adobe, anti-virus) •E-mail (Threats: Spam, fake email, viruses and spyware) •Web (Threats: Malicious web pages) State’s backbone network and POPs (Points of Presence) 4

  5. Threats and Motivations • Organized crime – motive is profit • Hacktivists – motive is to make a point, political motive, embarrassment of an organization • State sponsored hackers - government belief that you may be able to destabilize an economy • Black hat – pride, bragging rights • Script kiddies - people looking to say they are successful security professionals 5

  6. Techniques • Fake electronic mail • Unknown software vulnerabilities • Hacking including web defacements • Interruptions to Internet service that would limit citizens’ ability to conduct state business • Viruses • Social engineering 6

  7. Challenges • Protecting data when it is everywhere – Ever-changing technology, tablets and smartphones, have made data mobile • Workforce demanding to use personal devices for work • Human behavior – Policies, rules and regulations will not stop people from acting without thinking • Insider threats • Password management • Timely removal of confidential data at the end of its usefulness • Business demands for data sharing 7

  8. Themes in IT security • National Association of State Chief Information Officers (NASCIO) call to action issued last month – Enterprise approach • Fewer silos = better security • Enforce standards • Minimize entries to network • Approach reduces operational costs 8

  9. What are we doing? • Technical security controls – antivirus, firewalls, intrusion detection and monitoring, encryption of devices and some data • Training and Awareness – provide monthly training newsletters to executive branch agencies • ITS has mandatory annual training for all employees • Information sharing - relationships with Homeland Security and the FBI to receive and provide information for ongoing investigations • Audits – we have audits performed by the State Auditor, the federal government and private industry for regulatory compliance. • Annually provide and update security standards based on international security standards. • Preparing for a third party vulnerability assessment and limited penetration testing 9

  10. Areas for Improvement • Additional funding for – More outside vulnerability and penetration testing – Additional security controls purchased at the enterprise level – Data Loss Prevention • Encryption, other technical approaches • Start with most critical data • As first step, agencies should evaluate their data and programs to determine sensitivity and risk of exposure • Employee Security Training and Awareness – More training and newsletters; timely notifications of significant, current threats

  11. Cost vs. risk • IT security, like any security, is a matter of cost vs. risk – How much willing to spend to achieve what level of security • Cost of a breach is also significant – Lost credibility and trust – Cost of notifying citizens, as required by law – Cost of protecting citizens against identity theft after a breach

  12. Questions? Chip Moore Chief Information Security Officer (919) 754-6300 charles.moore@nc.gov http://www.esrmo.scio.nc.gov/ 12

Recommend

Security Awareness Rick Whitmore Information Technology Security Office security.ku.edu

Security Awareness Rick Whitmore Information Technology Security Office security.ku.edu

Security Awareness Rick Whitmore Information Technology Security Office security.ku.edu Everyone has a role in securing their part of cyberspace, including the devices and networks they use. Todays Topics Impact on Universities

936 views • 59 slides
SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security

SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security

SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security Training FISSEA Conference March 19, 2014 Pat Toth Penny Klein Computer Security Division Systegra Information Technology Laboratory NATIONAL

750 views • 40 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD Information Security in a Wireless World Basic

554 views • 30 slides
Database-enabled web technology Security Instructor: C a gr C oltekin

Database-enabled web technology Security Instructor: C a gr C oltekin

Database-enabled web technology Security Instructor: C a gr C oltekin c.coltekin@rug.nl Information science/Informatiekunde Fall 2011/12 Security in Web applications Web, Databases & Security http://xkcd.com/327/ C . C

952 views • 47 slides
Security models Bj orn Victor Security models p.1/14 Harrison-Ruzzo-Ullman (HRU)

Security models Bj orn Victor Security models p.1/14 Harrison-Ruzzo-Ullman (HRU)

Information Technology Security models Bj orn Victor Security models p.1/14 Harrison-Ruzzo-Ullman (HRU) Information Technology Subjects S , objects O , access matrix M , access rights A : enforcement: read, write, execute, append,. .

371 views • 14 slides
American Bar Association Section of Science and Technology Law Information Security Committee

American Bar Association Section of Science and Technology Law Information Security Committee

American Bar Association Section of Science and Technology Law Information Security Committee 2013 Fall ISC Meeting and Presentation (with special participation by the Homeland Security Committee, the Cloud Computing Committee & the Public

57 views • 3 slides
Musings on IOT Tim Grance Jeff Voas Computer Security Division Information Technology

Musings on IOT Tim Grance Jeff Voas Computer Security Division Information Technology

Musings on IOT Tim Grance Jeff Voas Computer Security Division Information Technology Laboratory National Institute of Standards and Technology 2015 Agenda Four Horsemen of the Apocalypse, Cloud , Mobile , Big Data , Social What is

579 views • 40 slides
Information Technology and National Security Gary W. Strong National Science Foundation NSF has

Information Technology and National Security Gary W. Strong National Science Foundation NSF has

Information Technology and National Security Gary W. Strong National Science Foundation NSF has a broad, cross- cutting research agenda that includes national security. Interagency Cooperation on National Security Research Culture

311 views • 10 slides
WELCOME Welcome to Security Awareness Month Hosted by the Office of Information Technology

WELCOME Welcome to Security Awareness Month Hosted by the Office of Information Technology

WELCOME Welcome to Security Awareness Month Hosted by the Office of Information Technology October 2018 1 What is Prevent, Plan, and Prepare National We live in a world that is more connected than ever before. The Internet touches Cyber

785 views • 42 slides
NIST Information Technology Laboratory (ITL) The Cyber Maryland Showcase Security Automation

NIST Information Technology Laboratory (ITL) The Cyber Maryland Showcase Security Automation

NIST Information Technology Laboratory (ITL) The Cyber Maryland Showcase Security Automation Guidance Tower of Babel Documents Too much Alerts & Web Sites proprietary, Advisories incompatible information Costly

93 views • 8 slides
Security Issues in Mobile Agents E C Vijil School of Information Technology vijil@it.iitb.ac.in

Security Issues in Mobile Agents E C Vijil School of Information Technology vijil@it.iitb.ac.in

Security Issues in Mobile Agents E C Vijil School of Information Technology vijil@it.iitb.ac.in 16 January 2002 Security Issues in Mobile Agents 1 Overview of the Talk The Mobile Agent Paradigm Security Threats and Counter Measures

587 views • 24 slides
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Digital Signatures and Authentication Protocols ISS Dr. Ayman Abdel-Hamid 1

582 views • 27 slides
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Chapter 1 ISS Dr. Ayman Abdel-Hamid 1 Outline Attacks, services and

736 views • 24 slides
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Key Distribution in Symmetric Encryption ISS Dr. Ayman Abdel-Hamid 1 Outline

510 views • 12 slides
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Arab Academy for Science & Technology and Maritime Transport Chapter 11 p Message

251 views • 23 slides
Combinatorial Security Testing: Combinatorial Testing Meets Information Security Dimitris E.

Combinatorial Security Testing: Combinatorial Testing Meets Information Security Dimitris E.

Combinatorial Security Testing: Combinatorial Testing Meets Information Security Dimitris E. Simos SBA Research Applied & Computational Mathematics Division Seminar Series National Institute of Standards and Technology (NIST) Gaithersburg,

675 views • 50 slides
Cyber Security SLAIT CONSULTING.com SLAIT Consulting an ePlus Technology, Inc. Company Ivan Gil,

Cyber Security SLAIT CONSULTING.com SLAIT Consulting an ePlus Technology, Inc. Company Ivan Gil,

College and University Auditors of Virginia Conference May 2019 SLAIT Consulting Cyber Security SLAIT CONSULTING.com SLAIT Consulting an ePlus Technology, Inc. Company Ivan Gil, Sr. Information Security Consultant Sr. Information Security

479 views • 15 slides
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Chapter 9 Public-Key Cryptography and RSA ISS Dr. Ayman Abdel-Hamid 1

5.21k views • 19 slides
INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Training Plan Information Security &

INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Training Plan Information Security &

INFORMATION TECHNOLOGY SERVICES INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Training Plan Information Security & Privacy Office June 8, 2017 Information Security and Privacy Plan Goal 2: Training and Outreach People are the

384 views • 13 slides
Industry Information Live Beskyt produktiviteten med Industrial Security

Industry Information Live Beskyt produktiviteten med Industrial Security

Industry Information Live Beskyt produktiviteten med Industrial Security www.siemens.dk/di-webinarer Dagens vrter Morten Kromann Technology Specialist Lars Peter Hansen Per Christiansen Technology Specialist Manager Q&A Jesper

905 views • 73 slides
So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security

So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security

So You Want to Be an Information Security Officer? Presented by: Art Bakke Information Security Officer Background Personal Starion Bank Arts Goals Highlight the typical responsibilities of an Information Security Officer from

778 views • 22 slides
INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC

Leading a Secured Digital Life. INFORMATION SECURITY AWARENESS Information Security Education & Awareness Team C-DAC Hyderabad keeping yourself and your family safe in a tech driven world Ministry of Electronics & Information

510 views • 11 slides
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Firewalls ISS Dr. Ayman Abdel Hamid 1 Outline Firewalls Types

455 views • 21 slides

More recommend