ncua it exam focus
play

NCUA IT Exam Focus By Tom Schauer, Principal CliftonLarsonAllen My - PowerPoint PPT Presentation

Nov 01, 2023 •31 likes •491 views

NCUA IT Exam Focus By Tom Schauer, Principal CliftonLarsonAllen My Background and Experience Computer Science Degree - Puget Sound Information Security Professional for 30 years Consultant: Ernst & Young, Deloitte, Guardent

  1. NCUA IT Exam Focus By Tom Schauer, Principal CliftonLarsonAllen

  2. My Background and Experience • Computer Science Degree - Puget Sound • Information Security Professional for 30 years • Consultant: Ernst & Young, Deloitte, Guardent (Verisign) • Started TrustCC in 2000 - IT Security and Compliance • Grew to about 20 people • Technically superior, devoted, trusted! • Joined CliftonLarsonAllen in September of 2015 2

  3. My personal security philosophy … • “When you and a friend are being chased by a bear, it is not necessary to out run the bear, it is only necessary to out run your friend.” • Effective security May Be nothing more than being more secure than the target down the road? • Absolute security is unattainable. 3

  4. In the world of networked computers every sociopath is your neighbor.

  5. Opportunistic vs Targeted

  9. Example:

  11. 11

  13. Attack Sophistication 13

  14. 4:01PM 4PM HACKER • Notates Total Debits • Notates Total Credits • Notates Total # Batches ACH Windows File Share CORE Banking System In-house ACH Originations are most susceptible to this attack vector. Outsourced ACH could 4:05 to 5:00PM also be susceptible. ACH FedLine Upload File to The FED • Confirms Total Debits • Confirms Total Credits • Confirms Total # Batches The FED

  15. Why is ACH Susceptible? • ACH File Format created in 1970s and does not include ANY modern security mechanisms. • Typical ACH process utilizes Windows File Share as temporary file location. • With Windows having 92% of the market share, hackers are most proficient hacking Windows. … 65% to 100% success.

  16. Secure Computer? • “The only secure computer is one surrounded by concrete and in the bottom of the ocean. We are not seeking absolute security, we are seeking enough security… and ‘enough’ is a moving target!” • Password length was 4, then 8, now 14+ • Passwords were reused, now unique per use 1 6

  17. In Response… • NCUA has declared Cybersecurity as the number one priority for 2015 and 2016 • FFIEC issues Cybersecurity Assessment Tool in 2015 • Starting June 2016, Exams will have new Cybersecurity procedures 17

  18. Historical Guidance • 2001 GLBA inspired 12CFR Part 748 • 2005 12CFR Part 748 Appendix B • 2006 FFIEC Information Security Guide • Miscellaneous Letters to Credit Unions • 2015 FFIEC Cybersecurity (CAT)

  19. FFIEC CAT Tool • 2015 Guidance, originally notated as voluntary. “Voluntary” removed Aug 2015 • Starting June 2016, examers expect some form of cybersecurity risk assessment that is similarly capable as FFIEC Tool • Inherent Risk Component • Controls Maturity Component

  20. FFIEC CAT Tool • Inherent risk model must scale to financial institutions of all sizes

  21. FFIEC CAT Tool Maturity model is based upon self reporting and does not have a validation component. Just a risk assessment.

  22. FFIEC CAT Tool

  23. FSISAC CAT Tool

  24. Polling Question How many have completed the FFIEC CAT using some form of the guidance? a) Completed b) Not Completed

  25. A Risk Assessment a Day Keeps the Examiner at Bay

  26. Risk Assessments • Convenient method of documenting regular risk management analysis and decisions. • Differentiate between required and risk assessment as a management tool. • Have a simple form … – Topic – Characterization of Inherent Risk – Risk Mitigation and Controls – Characterization of Residual Risks – Conclusion and Plans for Action

  27. Polling Question How many use a risk assessment form/process of some kind to regularly document risk management analysis and decisions? a) Use Documented Form/Process b) Do Not Used Documented Form/Process

  28. Risk Assess: Attack Targets • NCUA Aires File • Other Core extracts • Marketing extracts • Wire Transfers • ACH Originations

  29. Risk Assess: Ransomware • Ransomware and other common attack vectors delivered through social engineering.

  30. Breach Detection • Indicators of Compromise – The creation or modification of an administrator account – Any activity which seems to disable antivirus, logging or firewall controls – Outbound data transfers – Unknown Hosts attached to the network – Unauthorized or Unknown Software installed on a known host – Consecutive invalid password attempts on multiple user IDs from the same IP – Consecutive access denied events on a single account on multiple hosts from the same IP – Attempts to access disabled accounts

  31. Polling Question How many believe their process will detect and alert to these indicators of compromise? a) All, and our testing proves it! b) All, but we’ve not validated/tested. c) Some, testing shows gaps. d) Some, but testing needed. e) Oh boy, we are in trouble.

  32. Breach Preparedness and Testing • Cybersecurity Insurance – Who is covered, when are they covered, how? • Incident Response Plan • Notice Obligations (12CFR Part 748 Appendix B) • Plan Testing – Covert Pen Testing (True Breach Simulation) – Table Top Scenario Testing

  33. Using Standards … “Engage a large, nationwide IT auditing firm — with extensive experience performing IT governance audits for a range of industries —to perform an “ISO Based Information Security Assessment” leveraging a methodology rooted in industry standards and best practices (ISO 27002, 27015)."

  34. Examiner Skills • RISOs – generally very well qualified, full time • SMEs – less experienced, part time • Skilled – Understand role, operationally savvy • Over Achiever – Expectations beyond authority • Under Achiever – Checklist reviews

  35. Polling Question What was the skill of your most recent IT examiner? a) Skilled b) Over Achiever c) Under Achiever

  36. Standards to consider … • Great tools for measuring progress towards goal • In addition to the FFIEC CAT – SANS / CIS Twenty Critical Security Controls – ISO 27001/27001 – NIST 800-53A and others – COBIT

  37. Polling Question Are you measuring your security program against a specific standard? a) No b) Yes, SANS/CIS Twenty Critical c) Yes, NIST d) Yes, ISO e) Yes, Other or Several of the Above

  38. Covert Breach Testing Security Assessments performed with IT knowledge and collaboration can be the most thorough and effective tests but they fail to evaluate breach detection and response capabilities.

  39. Vulnerability Management • Supplement / Support Patch Management • Credentialed Vulnerability Scans • Remediation and Reconciliation • Reporting

  40. Frequency of Testing • Risk Assessment • Penetration Testing • Vulnerability Assessment • General Controls Review • Social Engineering • True Breach Simulation

  41. Password Management • Passwords are clearly the weakest link in the security chain. • Equip users to select strong passwords. – Length increasing … 14 – Stronger requirements for Admins – Distinct Admin/User accounts w unique PWs – Password Wallets?

  42. Board Reporting • Regular – consider monthly, quarterly • All elements: – Information Security Program and status – - IT and InfoSec Policies – - Security Breaches or attempted breaches – - IT Strategic Plan – - Information Security Risk Assessment – - Business Continuity Plan and Testing Results – - Incident Response Plan – - Results from Vendor Management Reviews – - Insurance coverage for IT risks

  43. • “The threat has reached the point that, given enough time, motivation, and funding, a determined adversary will likely be able to penetrate any system accessible from the Internet.” • Joseph M Demarest, Assistant Director, Cyber Division FBI, before the Senate Judiciary Committee, May 8, 2013 43

  44. This is your security program! Time Motivation Funding Profit Time Profit Motivation Funding 44

  45. And … • Business Continuity Planning • Vendor Management • Information Security Policies

  46. Any Questions? tom.schauer@claconnect.com 253-468-9750 CliftonLarsonAllen

Recommend

EXAM PROCESS Focus Trends and Practices April 24, 2013 Bill Shirley, Supervisory Examiner St

EXAM PROCESS Focus Trends and Practices April 24, 2013 Bill Shirley, Supervisory Examiner St

Bill Shirley, Supervisory Examiner St Louis Office/Austin Region EXAM PROCESS Focus Trends and Practices April 24, 2013 Bill Shirley, Supervisory Examiner St Louis Office/Austin Region Todays Presenters Jim Capps, NCUA Principal Examiner

641 views • 33 slides
Final Exam Tuesday December 10, 9-12am Closed book exam Cover Chapters 1-6 of the

Final Exam Tuesday December 10, 9-12am Closed book exam Cover Chapters 1-6 of the

Final Exam Tuesday December 10, 9-12am Closed book exam Cover Chapters 1-6 of the textbook. Might also include a question on quantifier rank or the Ehrenfeucht-Fra ss e game (see Oct 29 slides). Greater focus on Chapter 3.3

619 views • 35 slides
2014 Exam Initiatives/Focus Areas Disclaimer The Securities and Exchange Commission, as a

2014 Exam Initiatives/Focus Areas Disclaimer The Securities and Exchange Commission, as a

2014 Exam Initiatives/Focus Areas Disclaimer The Securities and Exchange Commission, as a matter of policy, disclaims responsibility for any private publication or statement by any of its employees. The views expressed herein are those of

316 views • 8 slides
NCUA Share Insurance Coverage: Expectations and Disclosures January 25, 2012 January 25, 2012

NCUA Share Insurance Coverage: Expectations and Disclosures January 25, 2012 January 25, 2012

NCUA Share Insurance Coverage: Expectations and Disclosures January 25, 2012 January 25, 2012 2:00 p.m. 4:00 p.m. EST Presented by: Steve Van Beek, Esq., NCCO JiJi Bahhur, Esq. National Association of Federal Credit Unions National

535 views • 49 slides
Exam Review 2 Exam Overview Final Exam Friday,

Exam Review 2 Exam Overview Final Exam Friday,

Computer Systems and Networks ECPE 170 Jeff Shafer University of the Pacific Exam Review 2 Exam Overview Final Exam Friday,

963 views • 64 slides
1111 + 1101 (3 pts) You are given a certain 32-bit binary number. Explain how to tell if this

1111 + 1101 (3 pts) You are given a certain 32-bit binary number. Explain how to tell if this

The 12 week exam will cover everything assigned or discussed in class from: 1. Chapter 3 2. Chapter 4 3. Chapter 5 4. Any extra material in the lecture notes 5. Earlier material not focus of this exam, but may need basic info (e.g. to write MIPS

454 views • 7 slides
AP EXAM E V E R Y T H I N G Y O U N E E D T O K N O W A B O U T T H E WH A T WE ' LL COVER TOD A Y

AP EXAM E V E R Y T H I N G Y O U N E E D T O K N O W A B O U T T H E WH A T WE ' LL COVER TOD A Y

AP EXAM E V E R Y T H I N G Y O U N E E D T O K N O W A B O U T T H E WH A T WE ' LL COVER TOD A Y AP Exam Basics AP Bulletin Accommodations Requests Changes to 2019-20 AP Exam Registration A P EX A M B A SICS Exams determine level of

372 views • 26 slides
NCUA Board of Directors Policies Which Ones Truly Require Action? April 30, 2014 E. Andrew

NCUA Board of Directors Policies Which Ones Truly Require Action? April 30, 2014 E. Andrew

NCUA Board of Directors Policies Which Ones Truly Require Action? April 30, 2014 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 1 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510

973 views • 40 slides
14 Allocation Dirichlet Latent Lecture : Taheri Sara Scribes : Chu 4am Exam Man Tue

14 Allocation Dirichlet Latent Lecture : Taheri Sara Scribes : Chu 4am Exam Man Tue

14 Allocation Dirichlet Latent Lecture : Taheri Sara Scribes : Chu 4am Exam Man Tue 12 : Midterm Exam focus Open Format book understanding on : , IEM ) Everything 8 Lecture Content to up ' . ( VBEM 9810 lectures

440 views • 21 slides
Section 1 Practice Test IELTS Exam Training Courses and Members Academy Section 1: Focus on...

Section 1 Practice Test IELTS Exam Training Courses and Members Academy Section 1: Focus on...

Section 1 Practice Test IELTS Exam Training Courses and Members Academy Section 1: Focus on... Instructions Numbers - times and money Names - spelling Tricks 3 Lets look at the test - the introduction Before you open your

624 views • 38 slides
Dirichet Allocation Latent Lecture 11 : Jordan Yuan Andrea Scribes : , , Exam Next

Dirichet Allocation Latent Lecture 11 : Jordan Yuan Andrea Scribes : , , Exam Next

Dirichet Allocation Latent Lecture 11 : Jordan Yuan Andrea Scribes : , , Exam Next Feb ) ( week Wed 28 : on ) ( Due Homework Man Fri next was : Midterm Exam focus Open Format book understanding on : , 1 Gandhy

353 views • 19 slides
Exam 2 Average: 77% Career Issues Please see your TAs to see the exam and compare your

Exam 2 Average: 77% Career Issues Please see your TAs to see the exam and compare your

Exam 2 Average: 77% Career Issues Please see your TAs to see the exam and compare your answers for any details. COGS 105, Week 12 Part 2: Industry Dont forget : You can come to office hours before exam to discuss all materials.

442 views • 7 slides
Quicksort Sorting Lower Bound Exam Exam Exam Exam 2 2 tomorrow evening 2 2 tomorrow

Quicksort Sorting Lower Bound Exam Exam Exam Exam 2 2 tomorrow evening 2 2 tomorrow

5/7/2012 Quicksort Sorting Lower Bound Exam Exam Exam Exam 2 2 tomorrow evening 2 2 tomorrow evening tomorrow evening tomorrow evening Topics were listed in Day 24 slides Some WA9 problems are good reinforcement of exam

362 views • 9 slides
Exam4 Information and Guidance General Topics General Exam Information Exam types

Exam4 Information and Guidance General Topics General Exam Information Exam types

Exam4 Information and Guidance General Topics General Exam Information Exam types Exam modes Exam IDs and anonymous grading Exam Issues during the exam period Using Exam4 Software General Exam Information Office

794 views • 26 slides
7: The Exam CS1021 CS1021 Exam structure Exam consists of 4 questions,

7: The Exam CS1021 CS1021 Exam structure Exam consists of 4 questions,

7: The Exam CS1021 CS1021 Exam structure Exam consists of 4 questions, answer any 3 Each question is in two (roughly) equal parts Questions similar in type to past papers, slight difference in topics. Similar to

382 views • 12 slides
The Bohr Model of Hydrogen Exam Details The exam will be held Wednesday, October 5th from

The Bohr Model of Hydrogen Exam Details The exam will be held Wednesday, October 5th from

The Bohr Model of Hydrogen Exam Details The exam will be held Wednesday, October 5th from 3:354:30pm. I will be away that entire week . Chris will be giving the exam review lecture on Monday. A practice exam has been posted on the

470 views • 13 slides
Exam 2 Review CS461/ECE422 Fall 2009 Exam guidelines Same as for first exam A single page

Exam 2 Review CS461/ECE422 Fall 2009 Exam guidelines Same as for first exam A single page

Exam 2 Review CS461/ECE422 Fall 2009 Exam guidelines Same as for first exam A single page of supplementary notes is allowed 8.5x11. Both sides. Write as small as you like. Closed book No calculator or other widgets.

481 views • 22 slides
PH 646 MPH Comprehensive Exam Coordinator: Sarah Sullivan https://www.nbphe.org CPH Exam

PH 646 MPH Comprehensive Exam Coordinator: Sarah Sullivan https://www.nbphe.org CPH Exam

PH 646 MPH Comprehensive Exam Coordinator: Sarah Sullivan https://www.nbphe.org CPH Exam Information The Certified in Public Health (CPH) exam covers the five core areas of knowledge offered in CEPH accredited schools and programs as

411 views • 7 slides
CSE 154 Review/Exam Tips Exam Kane 110 5:15-6:15 We will be checking IDs Please be there by

CSE 154 Review/Exam Tips Exam Kane 110 5:15-6:15 We will be checking IDs Please be there by

CSE 154 Review/Exam Tips Exam Kane 110 5:15-6:15 We will be checking IDs Please be there by 5:05 Dont worry about use strict General Exam Only shorthand functions are $ and qsa. tips We are not grading on

198 views • 15 slides
Indefinite Loops Date and time of exam Exam location while statements Format of exam

Indefinite Loops Date and time of exam Exam location while statements Format of exam

As you arrive: 1. Start up your computer and plug it in Plus in-class time 2. Check out todays project: working on these concepts AND practicing previous concepts, continued Session11_WhileLoops as homework. Exam 1 preview Indefinite

849 views • 12 slides
Exam 2 Review 2 Exam 2 Similar format as last

Exam 2 Review 2 Exam 2 Similar format as last

Computer Systems and Networks ECPE 170 Jeff Shafer University of the Pacific Exam 2 Review 2 Exam 2 Similar format as last

441 views • 14 slides
Examination Lydia Love DVM DACVAA 2018 Exam Committee Chair September 2018 Exam Format

Examination Lydia Love DVM DACVAA 2018 Exam Committee Chair September 2018 Exam Format

ACVAA Certifying Examination Lydia Love DVM DACVAA 2018 Exam Committee Chair September 2018 Exam Format Exam Committee MCQ Exam Essay Exam Clinical Competency Exam Grading Cut Score Committee Score Reporting

683 views • 39 slides
Announcement New exam dates: Graphs Exam 1 Monday, Oct 6 th Exam 2 Monday,

Announcement New exam dates: Graphs Exam 1 Monday, Oct 6 th Exam 2 Monday,

Announcement New exam dates: Graphs Exam 1 Monday, Oct 6 th Exam 2 Monday, Nov 3 rd Terminology & Implementation Announcement Announcement The ACM is looking for a few good Actuallyso is Google programmers

329 views • 6 slides
Chem 204 1. Exam logis3cs 2. So7 ma8er Exam I

Chem 204 1. Exam logis3cs 2. So7 ma8er Exam I

Chem 204 1. Exam logis3cs 2. So7 ma8er Exam I 7:00-9:00 pm THURSDAY Feb 13 Bring your ID, pen/pencil, calculator No hint sheets,

353 views • 32 slides

More recommend