Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DHS Cybersecurity Webinar

820 views

Published on

Director of Industry Engagement and Resilience Kevin Coleman and Cybersecurity and Technology Business Liaison Hala V. Furst will unpack DHS’s cyber toolkit designed specifically for small and medium-sized businesses. You’ll learn best practices for risk management, including how to identify the most common cyber vulnerabilities and how to conduct your own cybersecurity resilience review.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

DHS Cybersecurity Webinar

  1. 1. Office of Cybersecurity & Communications
  2. 2. Cybersecurity and SMBs • SMBs are at risk: • Resource constraints = operations/security tradeoff • Growing target of cyber-attacks • Less likely to have robust security systems • May not possess the same resources or knowledge as larger businesses • May not be able to recover from an attack DHS offers resources, programs, and tools to help SMBs.
  3. 3. SMB Trend Table Trend Description Example Endpoint Security Weaknesses Weak authentication or cryptography that allows malicious actors to infiltrate a network to destroy or disable systems and/or steal data In 2014, at least 600 businesses, including SMB, were targeted by the malicious POS software Backoff User Security Vulnerabilities User failure or malicious conduct among employees and/or contractors In 2013, a single outside contractor provided hackers with an entry point that compromised 70 million Target shoppers Software as a Service (SaaS) Vulnerabilities Large and often unknown vulnerabilities posed by SaaS, including accounting software, cloud storage, web platforms, and email In 2015, a cryptography exploit, known as FREAK, exposed more than 5 million web pages and applications to vulnerabilities that would render them untrusted.
  4. 4. Cybersecurity: Where to Start 1. Understand and Address Common Vulnerabilities • National Vulnerability Database (https://nvd.nist.gov) 2. Determine what Cyber Events you Monitor • Threat, incident, and activity reports • NIST Cybersecurity Framework 3. Conduct a Business Impact Assessment • Critical business functions • Contingency plans 4. Join an Information Sharing and Analysis Organization (ISAO) • http://www.dhs.gov/isao 5. Use DHS Programs and Resources • http://www.us-cert.gov/ccubedvp
  5. 5. Cybersecurity Tips for Leadership Framework Core Function Activity Identify Conduct Needs Assessment Protect Technical Defenses: • Access Controls and Passwords • Encrypted Communications Detect Monitor Systems Respond & Recover • Employee Training and Communications • Policies and Procedures • Business Continuity and Disaster Recovery
  6. 6. Cybersecurity Tools and Resources Over 40 resources currently featured, including the Cyber Resilience Review (CRR) Pages are organized by stakeholder group • Academia; Business; Federal; State, Local, Tribal, and Territorial (SLTT) • New Stakeholder Page: Small and Midsize Business (SMB) Resources are aligned to Framework core function • Identify, Protect, Detect, Respond, Recover www.us-cert.gov/ccubedvp
  7. 7. Cybersecurity Tools and Resources • Cyber Resilience Review (CRR) • No-cost, voluntary assessment to evaluate IT resilience • C3 Voluntary Program Small and Midsize Business (SMB) Toolkit • Understanding the Threat Landscape • Top Resources for SMB • Cybersecurity for Startups • C3 Voluntary Program Outreach & Messaging Kit • SMB Leadership Agenda • Hands-On Resource Guide
  8. 8. Cybersecurity Tools and Resources • Stop.Think.Connect. Resource Guide • Online Resource Guide specifically tailored to SMB • Federal Small Biz Cyber Planner • Helps businesses create custom cybersecurity plans • NACD Cyber-Risk Oversight Handbook • Five steps leadership should consider as they seek to enhance their oversight of cyber risks.
  9. 9. Cybersecurity Tools and Resources • Cyber Information Sharing and Collaboration Program (CISCP) • Enhances cybersecurity collaboration between DHS and critical infrastructure • Leverages government and industry expertise to respond to cybersecurity incidents • Enhanced Cybersecurity Services (ECS) program • Supports voluntary information sharing to protect critical infrastructure systems
  10. 10. 2015 Activities & Initiatives Growing Communities of Interest • Regional event series • Small and Midsized Business Roadshow • Webinar series • Building communities of interest • Partner Program
  11. 11. Building Communities of Interest • Stakeholders sharing regional and/or industry identity • Community support in cybersecurity and risk management • Built around use of NIST Cybersecurity Framework • Independent information sharing • Goal: Self-sustaining networks across the nation
  12. 12. Partner Program • Enhance their cyber resilience • Use the NIST Cybersecurity Framework • Build communities of interest around cybersecurity and risk management • Spread the word about the C³ Voluntary Program and its resources The C³ Voluntary Program will provide Partners assistance so that they can:
  13. 13. How to Get Involved • Take advantage of C3 Voluntary Program resources • Visit the C3 Voluntary Program website at • Familiarize yourself with the Cybersecurity Framework • Download the Cyber Resilience Review (CRR) or contact DHS for an on-site assessment • Download the SMB Toolkit • Join or establish an ISAO: info@hq.dhs.gov • Spread the word across your community • Become a C3 Voluntary Program Partner, coming in 2015. • E-mail CCubedVP@hq.dhs.gov www.us-cert.gov/ccubedvp
  14. 14. #ccubedvp www.us-cert.gov/ccubedvp

×