SlideShare a Scribd company logo

It’s not if but when 20160503

Download as PPTX, PDF
Barry Caplin
Barry Caplin

With new and renewed attacks against our organizations, Incident Response and Management needs to be a core part of your Information Security program. Doing only what’s worked in the past and focusing on “preventing” breaches in not a viable tactic. We need to focus broadly on proactive, detective and responsive measures. We need to provide leadership when things go wrong. Incident Response and Management could be one of the most important parts of a security program because "when" it happens, how we respond to minimize the impact can make a huge different both for the patients/customers and the organization.

Technology
1 of 12
IT’S NOT IF… BUT WHEN CISO Assembly, Dallas, TX bcaplin1@fairview.org bc@bjb.org @bcaplin http://about.me/barrycaplin http://securityandcoffee.blogspot.com Barry Caplin Chief Information Security Official Fairview Health Services
@bcaplin http://about.me/barrycaplin securityandcoffee.blogspot.com
o Not-for-profit established in 1906 o Academic Health System since 1997 partnership with University of Minnesota o >22K employees o >3,300 aligned physicians o Employed, faculty, independent o 7 hospitals/medical centers (>2,500 staffed beds) o 40-plus primary care clinics o 55-plus specialty clinics o 47 senior housing locations o 30-plus retail pharmacies 2014 volumes o 6.39M outpatient encounters o 1.4M clinic visits o 71,049 inpatient admissions o 76,595 surgeries o 9,298 births o 282 blood and marrow transplants o 340 organ transplants o >$4 billion total revenue
got breach? got job?
2015 – Year of the Breach 2014 – Year of the Breach 2013 – Year of the Breach 2016 – Availability? Integrity?
BOARD REPORTING EXAMPLE • Ransomware first appeared in 1989; large growth since 2013 • 2016 Hollywood Presbyterian – first publicized healthcare org to pay • $17K ransom paid • Systems down for over 1 week – ER, OR, imaging, lab, pharmacy • MedStar, MD – 10 hospital network • $3+ days of outages – 4 ERs, all inpatient shut down • 4/7/16, all systems back up • Most attacks are through email attachment or link based • Systems must be taken down to stop spread
BOARD REPORTING EXAMPLE • Estimated >$325M paid in ransoms in 2015 • Some variants charge $100-$500 per workstation • Some are “flat fee” • Often the cost of downtime and recovery is more than the ransom • It’s not “if”, but “when” an attack will happen • There is no “prevention” – Each attack is new and unique • There are “proactive/prevent” responses, and “detect/remediate” approaches • We do pursue both
•Can we prevent? •It’s not If, but When •Is Incident Management the key part of our job? •How we respond makes a difference
•How to start: •Figure out where your “stuff” is •Figure out the risks to your “stuff” •Figure out how you will react if that risk manifests •Write it down – Playbooks •Practice •Know what’s normal - Monitor Incident Response
CISO’s Role •Leadership •Communication – Internal/External • Staff/Exec/Board • Law Enforcement • External Counsel • Media • Regulatory
CISO’s Role •Incident Response/Forensics • Outsource? • Pre-pay? • Retainer? •Cyber Insurance – What is covered? How does it pay? •Tabletop – Exec Breach exercise
Discussion Questions •Can you “defend” you architecture/tech choices? •Can you detect problems, attacks and IoC’s against your enterprise? •Do you have response plans? Have you exercised them? •Do you have communication plans? Have you exercised them? •Does your C-suite have your back? Why?

Recommended

TAGLaw and Lawyers from Around the World Support Ebola Relief Efforts of Doct...
TAGLaw and Lawyers from Around the World Support Ebola Relief Efforts of Doct...TAGLaw and Lawyers from Around the World Support Ebola Relief Efforts of Doct...
TAGLaw and Lawyers from Around the World Support Ebola Relief Efforts of Doct...TAG Alliances
 
It’s not If but When 20160503
It’s not If but When 20160503It’s not If but When 20160503
It’s not If but When 20160503Barry Caplin
 
Security Lifecycle Management
Security Lifecycle ManagementSecurity Lifecycle Management
Security Lifecycle ManagementBarry Caplin
 
Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Barry Caplin
 
CISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusCISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusBarry Caplin
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders
 
Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Barry Caplin
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 

Recommended

TAGLaw and Lawyers from Around the World Support Ebola Relief Efforts of Doct...
TAGLaw and Lawyers from Around the World Support Ebola Relief Efforts of Doct...TAGLaw and Lawyers from Around the World Support Ebola Relief Efforts of Doct...
TAGLaw and Lawyers from Around the World Support Ebola Relief Efforts of Doct...TAG Alliances
 
It’s not If but When 20160503
It’s not If but When 20160503It’s not If but When 20160503
It’s not If but When 20160503Barry Caplin
 
Security Lifecycle Management
Security Lifecycle ManagementSecurity Lifecycle Management
Security Lifecycle ManagementBarry Caplin
 
Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Barry Caplin
 
CISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusCISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusBarry Caplin
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders
 
Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Barry Caplin
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?Barry Caplin
 
Accidental Insider
Accidental InsiderAccidental Insider
Accidental InsiderBarry Caplin
 
Healing healthcare security
Healing healthcare securityHealing healthcare security
Healing healthcare securityBarry Caplin
 
Entrepreneurship Weeks 1&2 Ethan Chazin
Entrepreneurship Weeks 1&2 Ethan ChazinEntrepreneurship Weeks 1&2 Ethan Chazin
Entrepreneurship Weeks 1&2 Ethan ChazinEthan Chazin MBA
 
Understanding Risk Management by Bobby Talbott
Understanding Risk Management by Bobby TalbottUnderstanding Risk Management by Bobby Talbott
Understanding Risk Management by Bobby TalbottPlatform Houston
 
Managing in an uncertain world
Managing in an uncertain worldManaging in an uncertain world
Managing in an uncertain worldTristan Wiggill
 
Your BPD News_Volume 2 Issue 3
Your BPD News_Volume 2 Issue 3Your BPD News_Volume 2 Issue 3
Your BPD News_Volume 2 Issue 3Steve O'Dell
 
Integrative Healthcare
Integrative HealthcareIntegrative Healthcare
Integrative HealthcareIFAH
 
First wave pitch
First wave pitchFirst wave pitch
First wave pitchMonica Stynchula
 
Education Law Conference Manchester - Monday 10 June 2019
Education Law Conference Manchester - Monday 10 June 2019Education Law Conference Manchester - Monday 10 June 2019
Education Law Conference Manchester - Monday 10 June 2019Browne Jacobson LLP
 
May 30th 2015 workshop presentation (slide share sample)
May 30th 2015 workshop presentation (slide share sample)May 30th 2015 workshop presentation (slide share sample)
May 30th 2015 workshop presentation (slide share sample)Mary Norris-Ellis
 
Nicholas Tomsen, MD - DPC Changed the Rules: Reclaim Full-Scope Practice - DP...
Nicholas Tomsen, MD - DPC Changed the Rules: Reclaim Full-Scope Practice - DP...Nicholas Tomsen, MD - DPC Changed the Rules: Reclaim Full-Scope Practice - DP...
Nicholas Tomsen, MD - DPC Changed the Rules: Reclaim Full-Scope Practice - DP...Hint
 
6 Keys to Preventing and Responding to Workplace Violence
6 Keys to Preventing and Responding to Workplace Violence6 Keys to Preventing and Responding to Workplace Violence
6 Keys to Preventing and Responding to Workplace ViolenceCase IQ
 
Mental Health in Information Security: Its Time To Talk
Mental Health in Information Security: Its Time To TalkMental Health in Information Security: Its Time To Talk
Mental Health in Information Security: Its Time To TalkSimon Harvey
 
Occupational Fraud - What Dentists Need to Know
Occupational Fraud - What Dentists Need to KnowOccupational Fraud - What Dentists Need to Know
Occupational Fraud - What Dentists Need to Knowgppcpa
 
2012 777 The Seven Blind Spots in Business and How to Prevent Them
2012 777 The Seven Blind Spots in Business and How to Prevent Them2012 777 The Seven Blind Spots in Business and How to Prevent Them
2012 777 The Seven Blind Spots in Business and How to Prevent ThemSmith Family Business Initiative at Cornell
 
Transforming financeintoavaluableandappreciatedbusinesspartner
Transforming financeintoavaluableandappreciatedbusinesspartnerTransforming financeintoavaluableandappreciatedbusinesspartner
Transforming financeintoavaluableandappreciatedbusinesspartnerThe Pathway Group
 
Ucla hospital
Ucla hospitalUcla hospital
Ucla hospitalmbaMike
 
Safeguarding week 2
Safeguarding week 2Safeguarding week 2
Safeguarding week 2HCEfareham
 
MDYA 360: Improving At-Risk Youth’s Future
MDYA 360: Improving At-Risk Youth’s Future MDYA 360: Improving At-Risk Youth’s Future
MDYA 360: Improving At-Risk Youth’s Future Qualtrics
 
Online Self Defense - Passwords
Online Self Defense - PasswordsOnline Self Defense - Passwords
Online Self Defense - PasswordsBarry Caplin
 
Bullying and Cyberbullying
Bullying and CyberbullyingBullying and Cyberbullying
Bullying and CyberbullyingBarry Caplin
 

More Related Content

Similar to It’s not if but when 20160503

The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?Barry Caplin
 
Accidental Insider
Accidental InsiderAccidental Insider
Accidental InsiderBarry Caplin
 
Healing healthcare security
Healing healthcare securityHealing healthcare security
Healing healthcare securityBarry Caplin
 
Entrepreneurship Weeks 1&2 Ethan Chazin
Entrepreneurship Weeks 1&2 Ethan ChazinEntrepreneurship Weeks 1&2 Ethan Chazin
Entrepreneurship Weeks 1&2 Ethan ChazinEthan Chazin MBA
 
Understanding Risk Management by Bobby Talbott
Understanding Risk Management by Bobby TalbottUnderstanding Risk Management by Bobby Talbott
Understanding Risk Management by Bobby TalbottPlatform Houston
 
Managing in an uncertain world
Managing in an uncertain worldManaging in an uncertain world
Managing in an uncertain worldTristan Wiggill
 
Your BPD News_Volume 2 Issue 3
Your BPD News_Volume 2 Issue 3Your BPD News_Volume 2 Issue 3
Your BPD News_Volume 2 Issue 3Steve O'Dell
 
Integrative Healthcare
Integrative HealthcareIntegrative Healthcare
Integrative HealthcareIFAH
 
Education Law Conference Manchester - Monday 10 June 2019
Education Law Conference Manchester - Monday 10 June 2019Education Law Conference Manchester - Monday 10 June 2019
Education Law Conference Manchester - Monday 10 June 2019Browne Jacobson LLP
 
May 30th 2015 workshop presentation (slide share sample)
May 30th 2015 workshop presentation (slide share sample)May 30th 2015 workshop presentation (slide share sample)
May 30th 2015 workshop presentation (slide share sample)Mary Norris-Ellis
 
Nicholas Tomsen, MD - DPC Changed the Rules: Reclaim Full-Scope Practice - DP...
Nicholas Tomsen, MD - DPC Changed the Rules: Reclaim Full-Scope Practice - DP...Nicholas Tomsen, MD - DPC Changed the Rules: Reclaim Full-Scope Practice - DP...
Nicholas Tomsen, MD - DPC Changed the Rules: Reclaim Full-Scope Practice - DP...Hint
 
6 Keys to Preventing and Responding to Workplace Violence
6 Keys to Preventing and Responding to Workplace Violence6 Keys to Preventing and Responding to Workplace Violence
6 Keys to Preventing and Responding to Workplace ViolenceCase IQ
 
Mental Health in Information Security: Its Time To Talk
Mental Health in Information Security: Its Time To TalkMental Health in Information Security: Its Time To Talk
Mental Health in Information Security: Its Time To TalkSimon Harvey
 
Occupational Fraud - What Dentists Need to Know
Occupational Fraud - What Dentists Need to KnowOccupational Fraud - What Dentists Need to Know
Occupational Fraud - What Dentists Need to Knowgppcpa
 
Transforming financeintoavaluableandappreciatedbusinesspartner
Transforming financeintoavaluableandappreciatedbusinesspartnerTransforming financeintoavaluableandappreciatedbusinesspartner
Transforming financeintoavaluableandappreciatedbusinesspartnerThe Pathway Group
 
Ucla hospital
Ucla hospitalUcla hospital
Ucla hospitalmbaMike
 
Safeguarding week 2
Safeguarding week 2Safeguarding week 2
Safeguarding week 2HCEfareham
 
MDYA 360: Improving At-Risk Youth’s Future
MDYA 360: Improving At-Risk Youth’s Future MDYA 360: Improving At-Risk Youth’s Future
MDYA 360: Improving At-Risk Youth’s Future Qualtrics
 

Similar to It’s not if but when 20160503 (20)

The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?
 
Accidental Insider
Accidental InsiderAccidental Insider
Accidental Insider
 
Healing healthcare security
Healing healthcare securityHealing healthcare security
Healing healthcare security
 
Entrepreneurship Weeks 1&2 Ethan Chazin
Entrepreneurship Weeks 1&2 Ethan ChazinEntrepreneurship Weeks 1&2 Ethan Chazin
Entrepreneurship Weeks 1&2 Ethan Chazin
 
Understanding Risk Management by Bobby Talbott
Understanding Risk Management by Bobby TalbottUnderstanding Risk Management by Bobby Talbott
Understanding Risk Management by Bobby Talbott
 
Managing in an uncertain world
Managing in an uncertain worldManaging in an uncertain world
Managing in an uncertain world
 
Your BPD News_Volume 2 Issue 3
Your BPD News_Volume 2 Issue 3Your BPD News_Volume 2 Issue 3
Your BPD News_Volume 2 Issue 3
 
Integrative Healthcare
Integrative HealthcareIntegrative Healthcare
Integrative Healthcare
 
First wave pitch
First wave pitchFirst wave pitch
First wave pitch
 
Education Law Conference Manchester - Monday 10 June 2019
Education Law Conference Manchester - Monday 10 June 2019Education Law Conference Manchester - Monday 10 June 2019
Education Law Conference Manchester - Monday 10 June 2019
 
May 30th 2015 workshop presentation (slide share sample)
May 30th 2015 workshop presentation (slide share sample)May 30th 2015 workshop presentation (slide share sample)
May 30th 2015 workshop presentation (slide share sample)
 
Nicholas Tomsen, MD - DPC Changed the Rules: Reclaim Full-Scope Practice - DP...
Nicholas Tomsen, MD - DPC Changed the Rules: Reclaim Full-Scope Practice - DP...Nicholas Tomsen, MD - DPC Changed the Rules: Reclaim Full-Scope Practice - DP...
Nicholas Tomsen, MD - DPC Changed the Rules: Reclaim Full-Scope Practice - DP...
 
6 Keys to Preventing and Responding to Workplace Violence
6 Keys to Preventing and Responding to Workplace Violence6 Keys to Preventing and Responding to Workplace Violence
6 Keys to Preventing and Responding to Workplace Violence
 
Mental Health in Information Security: Its Time To Talk
Mental Health in Information Security: Its Time To TalkMental Health in Information Security: Its Time To Talk
Mental Health in Information Security: Its Time To Talk
 
Occupational Fraud - What Dentists Need to Know
Occupational Fraud - What Dentists Need to KnowOccupational Fraud - What Dentists Need to Know
Occupational Fraud - What Dentists Need to Know
 
2012 777 The Seven Blind Spots in Business and How to Prevent Them
2012 777 The Seven Blind Spots in Business and How to Prevent Them2012 777 The Seven Blind Spots in Business and How to Prevent Them
2012 777 The Seven Blind Spots in Business and How to Prevent Them
 
Transforming financeintoavaluableandappreciatedbusinesspartner
Transforming financeintoavaluableandappreciatedbusinesspartnerTransforming financeintoavaluableandappreciatedbusinesspartner
Transforming financeintoavaluableandappreciatedbusinesspartner
 
Ucla hospital
Ucla hospitalUcla hospital
Ucla hospital
 
Safeguarding week 2
Safeguarding week 2Safeguarding week 2
Safeguarding week 2
 
MDYA 360: Improving At-Risk Youth’s Future
MDYA 360: Improving At-Risk Youth’s Future MDYA 360: Improving At-Risk Youth’s Future
MDYA 360: Improving At-Risk Youth’s Future
 

More from Barry Caplin

Online Self Defense - Passwords
Online Self Defense - PasswordsOnline Self Defense - Passwords
Online Self Defense - PasswordsBarry Caplin
 
Bullying and Cyberbullying
Bullying and CyberbullyingBullying and Cyberbullying
Bullying and CyberbullyingBarry Caplin
 
3 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-133 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-13Barry Caplin
 
Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Barry Caplin
 
Embracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityEmbracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityBarry Caplin
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self DefenseBarry Caplin
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveBarry Caplin
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveBarry Caplin
 
Stuff my ciso says
Stuff my ciso saysStuff my ciso says
Stuff my ciso saysBarry Caplin
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?Barry Caplin
 
Toys in the office 11
Toys in the office 11Toys in the office 11
Toys in the office 11Barry Caplin
 
Teens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksTeens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksBarry Caplin
 
Laws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refsLaws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refsBarry Caplin
 
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refsLaws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refsBarry Caplin
 
How to be a Tech-Smart Parent
How to be a Tech-Smart ParentHow to be a Tech-Smart Parent
How to be a Tech-Smart ParentBarry Caplin
 
Internet Safety for Families and Children
Internet Safety for Families and ChildrenInternet Safety for Families and Children
Internet Safety for Families and ChildrenBarry Caplin
 
Elements of an Information Security Awareness Program
Elements of an Information Security Awareness ProgramElements of an Information Security Awareness Program
Elements of an Information Security Awareness ProgramBarry Caplin
 
Risk Management 101
Risk Management 101Risk Management 101
Risk Management 101Barry Caplin
 
Identity Fraud and How to Protect Yourself
Identity Fraud and How to Protect YourselfIdentity Fraud and How to Protect Yourself
Identity Fraud and How to Protect YourselfBarry Caplin
 
How to safely configure your home wireless network
How to safely configure your home wireless networkHow to safely configure your home wireless network
How to safely configure your home wireless networkBarry Caplin
 

More from Barry Caplin (20)

Online Self Defense - Passwords
Online Self Defense - PasswordsOnline Self Defense - Passwords
Online Self Defense - Passwords
 
Bullying and Cyberbullying
Bullying and CyberbullyingBullying and Cyberbullying
Bullying and Cyberbullying
 
3 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-133 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-13
 
Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Tech smart preschool parent 2 13
Tech smart preschool parent 2 13
 
Embracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityEmbracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG Security
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self Defense
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
 
Stuff my ciso says
Stuff my ciso saysStuff my ciso says
Stuff my ciso says
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
 
Toys in the office 11
Toys in the office 11Toys in the office 11
Toys in the office 11
 
Teens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksTeens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social Networks
 
Laws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refsLaws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refs
 
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refsLaws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
 
How to be a Tech-Smart Parent
How to be a Tech-Smart ParentHow to be a Tech-Smart Parent
How to be a Tech-Smart Parent
 
Internet Safety for Families and Children
Internet Safety for Families and ChildrenInternet Safety for Families and Children
Internet Safety for Families and Children
 
Elements of an Information Security Awareness Program
Elements of an Information Security Awareness ProgramElements of an Information Security Awareness Program
Elements of an Information Security Awareness Program
 
Risk Management 101
Risk Management 101Risk Management 101
Risk Management 101
 
Identity Fraud and How to Protect Yourself
Identity Fraud and How to Protect YourselfIdentity Fraud and How to Protect Yourself
Identity Fraud and How to Protect Yourself
 
How to safely configure your home wireless network
How to safely configure your home wireless networkHow to safely configure your home wireless network
How to safely configure your home wireless network
 

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

It’s not if but when 20160503

  • 1. IT’S NOT IF… BUT WHEN CISO Assembly, Dallas, TX bcaplin1@fairview.org bc@bjb.org @bcaplin http://about.me/barrycaplin http://securityandcoffee.blogspot.com Barry Caplin Chief Information Security Official Fairview Health Services
  • 3. o Not-for-profit established in 1906 o Academic Health System since 1997 partnership with University of Minnesota o >22K employees o >3,300 aligned physicians o Employed, faculty, independent o 7 hospitals/medical centers (>2,500 staffed beds) o 40-plus primary care clinics o 55-plus specialty clinics o 47 senior housing locations o 30-plus retail pharmacies 2014 volumes o 6.39M outpatient encounters o 1.4M clinic visits o 71,049 inpatient admissions o 76,595 surgeries o 9,298 births o 282 blood and marrow transplants o 340 organ transplants o >$4 billion total revenue
  • 5. 2015 – Year of the Breach 2014 – Year of the Breach 2013 – Year of the Breach 2016 – Availability? Integrity?
  • 6. BOARD REPORTING EXAMPLE • Ransomware first appeared in 1989; large growth since 2013 • 2016 Hollywood Presbyterian – first publicized healthcare org to pay • $17K ransom paid • Systems down for over 1 week – ER, OR, imaging, lab, pharmacy • MedStar, MD – 10 hospital network • $3+ days of outages – 4 ERs, all inpatient shut down • 4/7/16, all systems back up • Most attacks are through email attachment or link based • Systems must be taken down to stop spread
  • 7. BOARD REPORTING EXAMPLE • Estimated >$325M paid in ransoms in 2015 • Some variants charge $100-$500 per workstation • Some are “flat fee” • Often the cost of downtime and recovery is more than the ransom • It’s not “if”, but “when” an attack will happen • There is no “prevention” – Each attack is new and unique • There are “proactive/prevent” responses, and “detect/remediate” approaches • We do pursue both
  • 8. •Can we prevent? •It’s not If, but When •Is Incident Management the key part of our job? •How we respond makes a difference
  • 9. •How to start: •Figure out where your “stuff” is •Figure out the risks to your “stuff” •Figure out how you will react if that risk manifests •Write it down – Playbooks •Practice •Know what’s normal - Monitor Incident Response
  • 10. CISO’s Role •Leadership •Communication – Internal/External • Staff/Exec/Board • Law Enforcement • External Counsel • Media • Regulatory
  • 11. CISO’s Role •Incident Response/Forensics • Outsource? • Pre-pay? • Retainer? •Cyber Insurance – What is covered? How does it pay? •Tabletop – Exec Breach exercise
  • 12. Discussion Questions •Can you “defend” you architecture/tech choices? •Can you detect problems, attacks and IoC’s against your enterprise? •Do you have response plans? Have you exercised them? •Do you have communication plans? Have you exercised them? •Does your C-suite have your back? Why?

Editor's Notes

  1. Check out my about.me, with links to twitter feed and Security and Coffee blog.