SlideShare a Scribd company logo

Cybersecurity for IAEM Region 4

Download as PPTX, PDF
Sarah K Miller
Sarah K Miller

Presentation for the International Association of Emergency Managers Region 4 Conference. Note that the live links will only work if you download the presentation and have the WebLive app installed with your version of PowerPoint.

Technology
1 of 30
Cybersecurity Setting the tone for now and the future
Cybersecurity is everyone’s problem  Cybersecurity is NOT just IT’s problem.  IT  Emergency Management  Law Enforcement  And everyone in your organization
The threat  Malicious vs unintentional  Active attacks  Data breaches  Human error  Cyber warfare
Lifecycle
Prevention  What have you done to prepare?  What policies are in place?  What training is in place?  How are the policies enforced?  THINGS YOU MUST HAVE  Emergency Operations Plan  Cybersecurity Policy  Acceptable Use Policy
protection
Mitigation  What steps have you taken?  What steps can you take?  Insurance  Backups  Redundancy  Monitoring  https://haveibeenpwned.com/  Early Reporting  Training
Response  Do you have a response plan?  Does everybody know how to recognize an incident?  Does your staff know what to do if they suspect an incident?  Who do you call for help?
Recovery  What’s your recovery plan?  Beyond just the technology  Who do you call for help?
Sample Incident annex https://1drv.ms/w/s!At2Gwcs7z-oh3Ubt7QNXAZ-HHeM2
References  National Cyber Incident Response Plan, Department of Homeland Security, 2016  Computer Security Incident Handling Guide (Revision 2) National Institute of Standards and Technology, 2012  Washington State Significant Cyber Incident Annex, Washington Military Department – Emergency Management Division, 2015  ISO/IEC 27032 – Information Technology – Security techniques – Guidelines for cybersecurity, International Standards Organization, 2012
Annex Parts  Policies  Sets expectations  Situation/Assumptions  Requires all components to be in place  Concept of Operations  Will require local discussion  Responsibilities  EM/IT/LE  Expect some pushback
Major Cyber Incident Checklist  Action items  Pre-Incident Phase  Response Phase  Recovery/Demob Phase
Common Issues  Most entities lack a comprehensive cybersecurity policy that vests responsibility with every employee.  Those that have policies don’t enforce them  A greater number of incidents occur than are reported in any formal way  Lack of response plans leads to slow recognition, response, recovery.  Lack of individual security leaves entire organization at risk
Human Factor  Vast majority of incidents due to human error  Phishing, social engineering  Enabled by agency and employee use of social media  Careless info access/dissemination  Public spaces  Public wifi  Unlocked computers  Lack of caution
Examples To: Daniel Hahn (danielh@santarosa.fl.gov) From: IAEM Membership (info@iaem.com) Subject: IAEM Unpaid Invoice -------------- Dear IAEM Member: We have recently identified an issue that caused your last IAEM dues invoice to remain unpaid. Please login to our website at your earliest convenience to view your invoice and remit payment (preferably via credit/debit card). If you have any questions, please contact us at 703-538-1795 or reply to this email.
Social Engineering
Social Media  Names  Personal details  Personal details provided by third parties  Account spoofing  Operational details shared
Meet Desai
Meetkumar Hiteshbhai Desai  Investigators traced the calls and discovered they originated from a link posted to Twitter and YouTube. The link was to a site named "Meet Desai" and its domain was hosted out of San Francisco. When the link was clicked, it continually called 911 and would not let the caller hang up.  His page received 151,000 hits  Desai said his intent was to make a non-harmful, yet annoying, bug that was meant to be funny, officials said.
It was not funny  Surprise Police Department notified the Maricopa County Sheriff's Office of more than 100 hang-up 911 calls within a few minutes late Tuesday.  The volume put authorities "in immediate danger of losing service to their switches." The emergency systems for the nearby Peoria Police Department and the Maricopa County Sheriff's Office also received a large number of repeated calls. Agencies in California and Texas were also affected, authorities said.
OCTOBER 10, 2017  Meetkumar Desai, age 19, was sentenced to 3 years supervised probation for carrying out a reckless cyberattack on 911 emergency call systems in Maricopa County.  Authorities will also be able to monitor Desai’s computer while he is on probation.
Other Examples This Photo by Unknown Author is licensed under CC BY-NC-SA
QUESTIONS? Contact me: Sarah Miller, MPA, CEM sarah@skmillerconsulting.com twitter: @scba

Recommended

Mimecast Threat Report
Mimecast Threat ReportMimecast Threat Report
Mimecast Threat ReportChris Hewitt
 
Security Awareness Training Summary
Security Awareness Training SummarySecurity Awareness Training Summary
Security Awareness Training SummarySNP Technologies, Inc.
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boardsPaul McGillicuddy
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingwardell henley
 
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19Citrin Cooperman
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessCBIZ, Inc.
 
Productivity 3.0
Productivity 3.0Productivity 3.0
Productivity 3.0The Lorenzi Group
 

Recommended

Mimecast Threat Report
Mimecast Threat ReportMimecast Threat Report
Mimecast Threat ReportChris Hewitt
 
Security Awareness Training Summary
Security Awareness Training SummarySecurity Awareness Training Summary
Security Awareness Training SummarySNP Technologies, Inc.
 
7 cyber security questions for boards
7 cyber security questions for boards7 cyber security questions for boards
7 cyber security questions for boardsPaul McGillicuddy
 
Best practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingBest practices for_implementing_security_awareness_training
Best practices for_implementing_security_awareness_trainingwardell henley
 
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19Citrin Cooperman
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessCBIZ, Inc.
 
Productivity 3.0
Productivity 3.0Productivity 3.0
Productivity 3.0The Lorenzi Group
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employeesPriscila Bernardes
 
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...Citrin Cooperman
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersSarah K Miller
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksFitCEO, Inc. (FCI)
 
ISACA State of Cyber Security 2017
ISACA State of Cyber Security 2017ISACA State of Cyber Security 2017
ISACA State of Cyber Security 2017ISACA
 
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Citrin Cooperman
 
Comp 107 cep 8
Comp 107 cep 8Comp 107 cep 8
Comp 107 cep 8Bala Ganesh
 
Human error and secure systems - DevOpsDays Ohio 2015
Human error and secure systems - DevOpsDays Ohio 2015Human error and secure systems - DevOpsDays Ohio 2015
Human error and secure systems - DevOpsDays Ohio 2015Dustin Collins
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Quality of Information and Malware by Ashok Panwar
Quality of Information and Malware by Ashok PanwarQuality of Information and Malware by Ashok Panwar
Quality of Information and Malware by Ashok PanwarAshok Panwar
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011Lumension
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness courseAbdul Manaf Vellakodath
 
Organizational Security: When People are Involved
Organizational Security: When People are InvolvedOrganizational Security: When People are Involved
Organizational Security: When People are InvolvedSocial Media Performance Group
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Jason Hong
 
At Your Expense
At Your ExpenseAt Your Expense
At Your ExpenseDan Oblak
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008John Gilligan
 
Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Positive Hack Days
 
Lesson iii-security-and-data-protection
Lesson iii-security-and-data-protectionLesson iii-security-and-data-protection
Lesson iii-security-and-data-protectionHannah323676
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersSarah K Miller
 

More Related Content

What's hot

Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employeesPriscila Bernardes
 
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...Citrin Cooperman
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersSarah K Miller
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksFitCEO, Inc. (FCI)
 
ISACA State of Cyber Security 2017
ISACA State of Cyber Security 2017ISACA State of Cyber Security 2017
ISACA State of Cyber Security 2017ISACA
 
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Citrin Cooperman
 
Human error and secure systems - DevOpsDays Ohio 2015
Human error and secure systems - DevOpsDays Ohio 2015Human error and secure systems - DevOpsDays Ohio 2015
Human error and secure systems - DevOpsDays Ohio 2015Dustin Collins
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Quality of Information and Malware by Ashok Panwar
Quality of Information and Malware by Ashok PanwarQuality of Information and Malware by Ashok Panwar
Quality of Information and Malware by Ashok PanwarAshok Panwar
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011Lumension
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Jason Hong
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Jason Hong
 
At Your Expense
At Your ExpenseAt Your Expense
At Your ExpenseDan Oblak
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008John Gilligan
 
Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Positive Hack Days
 
Lesson iii-security-and-data-protection
Lesson iii-security-and-data-protectionLesson iii-security-and-data-protection
Lesson iii-security-and-data-protectionHannah323676
 

What's hot (20)

Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
 
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
 
ISACA State of Cyber Security 2017
ISACA State of Cyber Security 2017ISACA State of Cyber Security 2017
ISACA State of Cyber Security 2017
 
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
Not-For-Profit Cybersecurity and Privacy Disrupters During COVID-19
 
Comp 107 cep 8
Comp 107 cep 8Comp 107 cep 8
Comp 107 cep 8
 
Human error and secure systems - DevOpsDays Ohio 2015
Human error and secure systems - DevOpsDays Ohio 2015Human error and secure systems - DevOpsDays Ohio 2015
Human error and secure systems - DevOpsDays Ohio 2015
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
Quality of Information and Malware by Ashok Panwar
Quality of Information and Malware by Ashok PanwarQuality of Information and Malware by Ashok Panwar
Quality of Information and Malware by Ashok Panwar
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
 
information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
 
Organizational Security: When People are Involved
Organizational Security: When People are InvolvedOrganizational Security: When People are Involved
Organizational Security: When People are Involved
 
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
Protecting Organizations from Phishing Scams, RSA Webinar on Sep 2010
 
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
Protecting Organizations from Phishing Scams, for RSA Webinar in Sep2010
 
At Your Expense
At Your ExpenseAt Your Expense
At Your Expense
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
 
Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008Consensus Audit Guidelines 2008
Consensus Audit Guidelines 2008
 
Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ?
 
Lesson iii-security-and-data-protection
Lesson iii-security-and-data-protectionLesson iii-security-and-data-protection
Lesson iii-security-and-data-protection
 

Similar to Cybersecurity for IAEM Region 4

11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersSarah K Miller
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
 
Adjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New NormalAdjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New NormalPriyanka Aash
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextBrian Pichman
 
Cyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful BusinessCyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful BusinessFibonalabs
 
Data Security for Nonprofits
Data Security for NonprofitsData Security for Nonprofits
Data Security for NonprofitsNPowerCR
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
I’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take nextI’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take nextBrian Pichman
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Logikcull.com
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference 2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference Rea & Associates
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 

Similar to Cybersecurity for IAEM Region 4 (20)

11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
Adjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New NormalAdjusting Your Security Controls: It’s the New Normal
Adjusting Your Security Controls: It’s the New Normal
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
 
Cyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful BusinessCyber Security: Most Important Aspect of a Successful Business
Cyber Security: Most Important Aspect of a Successful Business
 
cybersecurity-101_4
cybersecurity-101_4cybersecurity-101_4
cybersecurity-101_4
 
Data Security for Nonprofits
Data Security for NonprofitsData Security for Nonprofits
Data Security for Nonprofits
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
I’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take nextI’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take next
 
Nonprofit Cybersecurity Incident Report
Nonprofit Cybersecurity Incident ReportNonprofit Cybersecurity Incident Report
Nonprofit Cybersecurity Incident Report
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference 2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 

More from Sarah K Miller

Cybersecurity for King County Public Educators
Cybersecurity for King County Public EducatorsCybersecurity for King County Public Educators
Cybersecurity for King County Public EducatorsSarah K Miller
 
DEFCON - Ethics of technology in humanitarian and disaster response
DEFCON - Ethics of technology in humanitarian and disaster responseDEFCON - Ethics of technology in humanitarian and disaster response
DEFCON - Ethics of technology in humanitarian and disaster responseSarah K Miller
 
IAEM cybersecurity 101
IAEM cybersecurity 101IAEM cybersecurity 101
IAEM cybersecurity 101Sarah K Miller
 
Utilizing social media to sustain your club - Soroptimist edition
Utilizing social media to sustain your club - Soroptimist editionUtilizing social media to sustain your club - Soroptimist edition
Utilizing social media to sustain your club - Soroptimist editionSarah K Miller
 
Using Social Media for Club Recruiting and Engagement
Using Social Media for Club Recruiting and EngagementUsing Social Media for Club Recruiting and Engagement
Using Social Media for Club Recruiting and EngagementSarah K Miller
 
Using Social Media in an Emergency
Using Social Media in an EmergencyUsing Social Media in an Emergency
Using Social Media in an EmergencySarah K Miller
 
How to use social media in an emergency
How to use social media in an emergencyHow to use social media in an emergency
How to use social media in an emergencySarah K Miller
 
You can get there from here! Professional development through all career stag...
You can get there from here! Professional development through all career stag...You can get there from here! Professional development through all career stag...
You can get there from here! Professional development through all career stag...Sarah K Miller
 
Writing a winning resume
Writing a winning resumeWriting a winning resume
Writing a winning resumeSarah K Miller
 
Utilizing social media to build your program
Utilizing social media to build your programUtilizing social media to build your program
Utilizing social media to build your programSarah K Miller
 
Social media privacy and safety
Social media privacy and safetySocial media privacy and safety
Social media privacy and safetySarah K Miller
 
INWEM Gender and Diversity Survey - 2010
INWEM Gender and Diversity Survey - 2010INWEM Gender and Diversity Survey - 2010
INWEM Gender and Diversity Survey - 2010Sarah K Miller
 
Gaining situational awareness using social media
Gaining situational awareness using social mediaGaining situational awareness using social media
Gaining situational awareness using social mediaSarah K Miller
 
Generational differences in organizations.
Generational differences in organizations. Generational differences in organizations.
Generational differences in organizations. Sarah K Miller
 
Emergency Preparedness: This is no time to gamble.
Emergency Preparedness: This is no time to gamble.Emergency Preparedness: This is no time to gamble.
Emergency Preparedness: This is no time to gamble.Sarah K Miller
 
Recruiting and retaining radio volunteers
Recruiting and retaining radio volunteersRecruiting and retaining radio volunteers
Recruiting and retaining radio volunteersSarah K Miller
 
Overcoming barriers: The Role of Gender in Disaster
Overcoming barriers: The Role of Gender in DisasterOvercoming barriers: The Role of Gender in Disaster
Overcoming barriers: The Role of Gender in DisasterSarah K Miller
 
Interpersonal Communications in the EOC
Interpersonal Communications in the EOCInterpersonal Communications in the EOC
Interpersonal Communications in the EOCSarah K Miller
 

More from Sarah K Miller (20)

Secure your stuff
Secure your stuffSecure your stuff
Secure your stuff
 
Cybersecurity for King County Public Educators
Cybersecurity for King County Public EducatorsCybersecurity for King County Public Educators
Cybersecurity for King County Public Educators
 
DEFCON - Ethics of technology in humanitarian and disaster response
DEFCON - Ethics of technology in humanitarian and disaster responseDEFCON - Ethics of technology in humanitarian and disaster response
DEFCON - Ethics of technology in humanitarian and disaster response
 
IAEM cybersecurity 101
IAEM cybersecurity 101IAEM cybersecurity 101
IAEM cybersecurity 101
 
Utilizing social media to sustain your club - Soroptimist edition
Utilizing social media to sustain your club - Soroptimist editionUtilizing social media to sustain your club - Soroptimist edition
Utilizing social media to sustain your club - Soroptimist edition
 
Using Social Media for Club Recruiting and Engagement
Using Social Media for Club Recruiting and EngagementUsing Social Media for Club Recruiting and Engagement
Using Social Media for Club Recruiting and Engagement
 
Using Social Media in an Emergency
Using Social Media in an EmergencyUsing Social Media in an Emergency
Using Social Media in an Emergency
 
How to use social media in an emergency
How to use social media in an emergencyHow to use social media in an emergency
How to use social media in an emergency
 
You can get there from here! Professional development through all career stag...
You can get there from here! Professional development through all career stag...You can get there from here! Professional development through all career stag...
You can get there from here! Professional development through all career stag...
 
Writing a winning resume
Writing a winning resumeWriting a winning resume
Writing a winning resume
 
ICS and you
ICS and youICS and you
ICS and you
 
Utilizing social media to build your program
Utilizing social media to build your programUtilizing social media to build your program
Utilizing social media to build your program
 
Social media privacy and safety
Social media privacy and safetySocial media privacy and safety
Social media privacy and safety
 
INWEM Gender and Diversity Survey - 2010
INWEM Gender and Diversity Survey - 2010INWEM Gender and Diversity Survey - 2010
INWEM Gender and Diversity Survey - 2010
 
Gaining situational awareness using social media
Gaining situational awareness using social mediaGaining situational awareness using social media
Gaining situational awareness using social media
 
Generational differences in organizations.
Generational differences in organizations. Generational differences in organizations.
Generational differences in organizations.
 
Emergency Preparedness: This is no time to gamble.
Emergency Preparedness: This is no time to gamble.Emergency Preparedness: This is no time to gamble.
Emergency Preparedness: This is no time to gamble.
 
Recruiting and retaining radio volunteers
Recruiting and retaining radio volunteersRecruiting and retaining radio volunteers
Recruiting and retaining radio volunteers
 
Overcoming barriers: The Role of Gender in Disaster
Overcoming barriers: The Role of Gender in DisasterOvercoming barriers: The Role of Gender in Disaster
Overcoming barriers: The Role of Gender in Disaster
 
Interpersonal Communications in the EOC
Interpersonal Communications in the EOCInterpersonal Communications in the EOC
Interpersonal Communications in the EOC
 

Recently uploaded

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 

Recently uploaded (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 

Cybersecurity for IAEM Region 4

  • 1.
  • 2. Cybersecurity Setting the tone for now and the future
  • 3.
  • 4. Cybersecurity is everyone’s problem  Cybersecurity is NOT just IT’s problem.  IT  Emergency Management  Law Enforcement  And everyone in your organization
  • 5. The threat  Malicious vs unintentional  Active attacks  Data breaches  Human error  Cyber warfare
  • 6.
  • 7.
  • 8.
  • 10. Prevention  What have you done to prepare?  What policies are in place?  What training is in place?  How are the policies enforced?  THINGS YOU MUST HAVE  Emergency Operations Plan  Cybersecurity Policy  Acceptable Use Policy
  • 12. Mitigation  What steps have you taken?  What steps can you take?  Insurance  Backups  Redundancy  Monitoring  https://haveibeenpwned.com/  Early Reporting  Training
  • 13. Response  Do you have a response plan?  Does everybody know how to recognize an incident?  Does your staff know what to do if they suspect an incident?  Who do you call for help?
  • 14. Recovery  What’s your recovery plan?  Beyond just the technology  Who do you call for help?
  • 16. References  National Cyber Incident Response Plan, Department of Homeland Security, 2016  Computer Security Incident Handling Guide (Revision 2) National Institute of Standards and Technology, 2012  Washington State Significant Cyber Incident Annex, Washington Military Department – Emergency Management Division, 2015  ISO/IEC 27032 – Information Technology – Security techniques – Guidelines for cybersecurity, International Standards Organization, 2012
  • 17. Annex Parts  Policies  Sets expectations  Situation/Assumptions  Requires all components to be in place  Concept of Operations  Will require local discussion  Responsibilities  EM/IT/LE  Expect some pushback
  • 18. Major Cyber Incident Checklist  Action items  Pre-Incident Phase  Response Phase  Recovery/Demob Phase
  • 19. Common Issues  Most entities lack a comprehensive cybersecurity policy that vests responsibility with every employee.  Those that have policies don’t enforce them  A greater number of incidents occur than are reported in any formal way  Lack of response plans leads to slow recognition, response, recovery.  Lack of individual security leaves entire organization at risk
  • 20. Human Factor  Vast majority of incidents due to human error  Phishing, social engineering  Enabled by agency and employee use of social media  Careless info access/dissemination  Public spaces  Public wifi  Unlocked computers  Lack of caution
  • 21. Examples To: Daniel Hahn (danielh@santarosa.fl.gov) From: IAEM Membership (info@iaem.com) Subject: IAEM Unpaid Invoice -------------- Dear IAEM Member: We have recently identified an issue that caused your last IAEM dues invoice to remain unpaid. Please login to our website at your earliest convenience to view your invoice and remit payment (preferably via credit/debit card). If you have any questions, please contact us at 703-538-1795 or reply to this email.
  • 22.
  • 24. Social Media  Names  Personal details  Personal details provided by third parties  Account spoofing  Operational details shared
  • 26. Meetkumar Hiteshbhai Desai  Investigators traced the calls and discovered they originated from a link posted to Twitter and YouTube. The link was to a site named "Meet Desai" and its domain was hosted out of San Francisco. When the link was clicked, it continually called 911 and would not let the caller hang up.  His page received 151,000 hits  Desai said his intent was to make a non-harmful, yet annoying, bug that was meant to be funny, officials said.
  • 27. It was not funny  Surprise Police Department notified the Maricopa County Sheriff's Office of more than 100 hang-up 911 calls within a few minutes late Tuesday.  The volume put authorities "in immediate danger of losing service to their switches." The emergency systems for the nearby Peoria Police Department and the Maricopa County Sheriff's Office also received a large number of repeated calls. Agencies in California and Texas were also affected, authorities said.
  • 28. OCTOBER 10, 2017  Meetkumar Desai, age 19, was sentenced to 3 years supervised probation for carrying out a reckless cyberattack on 911 emergency call systems in Maricopa County.  Authorities will also be able to monitor Desai’s computer while he is on probation.
  • 29. Other Examples This Photo by Unknown Author is licensed under CC BY-NC-SA
  • 30. QUESTIONS? Contact me: Sarah Miller, MPA, CEM sarah@skmillerconsulting.com twitter: @scba