national council of county association executives kristin
play

National Council of County Association Executives Kristin Judge - PowerPoint PPT Presentation

National Council of County Association Executives Kristin Judge Executive Director Trusted Purchasing Alliance Center for I nternet Security William F . Pelgrin CIS President & CEO MS-ISAC Chair Center for Internet Security CIS


  1. National Council of County Association Executives Kristin Judge Executive Director Trusted Purchasing Alliance Center for I nternet Security William F . Pelgrin CIS President & CEO MS-ISAC Chair

  2. Center for Internet Security CIS Trusted Security MS-ISAC Purchasing Benchmarks Alliance

  3. We Are All Digitally Connected!

  4. Cyber Security Challenges • Hacktivism • Mobile Devices • Social Netw orking • I nsider Threats & Hum an Error • Phishing • Old infrastructure

  5. Hacktivism

  6. Hacktivism “Attacking corporations, governments, organizations and individuals…to make a point” Sophos 2012 Hacktivist groups have attacked: • Private corporations • Federal Government • City.gov sites • Law enforcement groups

  7. Mobile Devices

  8. Mobile Device Deployment Will Continue to Increase Smart phones will surpass computers as web users' preferred vehicle for surfing the Internet

  9. Smartphones -- Blackberries Security Risks -- Too Many Individuals Still… – don’t use encryption, passwords, time-out settings or any other security protection – store their sensitive corporate information on smartphones – lose one of these devices at some point

  10. Leaving your laptop or PDA unattended can lead to big problem s… More than 1 0 ,0 0 0 laptops are reported lost every w eek at 3 6 of the largest U.S. airports, and 6 5 percent of those laptops are not reclaim ed. Ponemon Institute

  11. Social Netw orks

  12. Threats • 30,000 new malicious URLs every day…approximatel y one every three seconds Sophos Security Threat Report 2012 95% of comments to blogs, chat rooms and message boards are spam or contain malicious links. Websense

  13. Danger In TinyURL Links...

  14. Risk is growing Cyber attacks on social networks are up 70% Sophos, 2010 Just 19% of government agencies ban social media sites at work, down from 55% in 2010 Sophos, 2012

  15. I nsider Threat and Hum an Error

  16. Insider Threats are Real… Can be intentional or accidental • WikiLeaks – Hundreds of thousands of confidential documents leaked by military employee • Inadvertent posting of the Social Security numbers and birth dates of 22,000 government retirees on a state procurement website • Disgruntled city employee tampers with city network to deny access to top administrators

  17. Human Error example– bad passwords! tomshardware.com

  18. Phishing

  19. Phishing scams entice email recipients into clicking on a link or attachment w hich is malicious. WELL WRITTEN APPEARS CREDIBLE ENTICING OR SHOCKING SUBJECT APPARENT TRUSTED SOURCE

  20. Old I nfrastructure

  21.  Old hardware and software that is beyond the end of its support life  No longer supported by the vendors  Using them after end of life places your organization at great risk since any security vulnerability will NOT be fixed, making it easy for hackers to launch a successful cyber attack

  22. How Can You Be More Secure? • Create and follow organizational information security policies • Use strong passwords (minimum 8 characters and include upper and lower case, numbers and special characters) • Don’t click on links in emails • Don’t open attachments from unknown sources • Protect your mobile devices

  23. The MS-ISAC is here to help!

  24. MS-ISAC Member AK MS-ISAC MS-ISAC Member Member MS-ISAC MS-ISAC MS-ISAC Member Member MS-ISAC MS-ISAC Member Member Member MS-ISAC MS-ISAC MS-ISAC MS-ISAC Member Member MS-ISAC MS-ISAC Member Member MS-ISAC MS-ISAC Member Member MS-ISAC Member Member Member MS-ISAC MS-ISAC MS-ISAC Member Member Member MS-ISAC MS-ISAC MS-ISAC MS-ISAC Member Member MS-ISAC Member Member Member MS-ISAC MS-ISAC MS-ISAC MS-ISAC Member Member Member MS-ISAC MS-ISAC MS-ISAC Member Member Member Member MS-ISAC MS-ISAC MS-ISAC MS-ISAC Member Member Member Member MS-ISAC Member MS-ISAC MS-ISAC Member Member MS-ISAC MS-ISAC Member MS-ISAC Member Member MS-ISAC MS-ISAC MS-ISAC Member Member MS-ISAC MS-ISAC Member Member Member MS-ISAC Member MS-ISAC Member MS-ISAC HI Member MS-ISAC Member Am erican Sam oa A Trusted Model for Collaboration and Cooperation across All States, Local Governments and Several U.S. Territories—Built on over 8 years of Centralized Outreach, Awareness and Bidirectional Information Sharing.

  25. MS-ISAC Security Operations Center 24x7x365 Operations Monitoring Situational Awareness Incident Response Advisory & Analysis Services

  26. Multi-State Information Sharing and Analysis Center Products and Services • 24/7 Cyber Security Analysis • National Webcast Initiative Center • National Cyber Security • Cyber Security Alerts and Awareness Month Advisories • Monthly Conference Calls; • Public and Secure MS-ISAC Annual Meeting Websites • Ensuring collaboration with • Participation in cyber all necessary parties exercises • Common cyber alert level map

  27. MS-I SAC Public W ebsite

  28. Advisories & Daily Tips

  29. Monthly New sletters The MS-ISAC distributes the newsletters in a template form so they can be re- branded and distributed broadly throughout states and local governments

  30. Cyber Security Guides

  31. Cyber Security Awareness Toolkit

  32. Multi-State I nform ation Sharing and Analysis Center We’re Here To Help!! Kristin Judge Kristin.judge@cisecurity.org 518-368-8824 Cyber Security is our Shared Responsibility w w w .cisecurity.org

Recommend


More recommend