SlideShare a Scribd company logo

IAEM cybersecurity 101

Download as PPTX, PDF
Sarah K Miller
Sarah K Miller

This document provides an overview of basic cybersecurity threats and preventions for non-IT professionals. It discusses recent cyber incidents, the main cyber threats including phishing and malware, and the human factors that often enable incidents like careless information sharing. It also covers basic prevention methods, including multi-factor authentication, password management, and social media security practices. Response and recovery procedures are discussed as well, emphasizing the importance of having cybersecurity policies, training programs, and incident response plans in place.

Technology
1 of 38
CYBERSECURITY 101 Understanding basic threats and preventions
WHAT WE’LL COVER Not designed for IT professionals! • Recent Incidents • Basic overview • Basic threat landscape • Incident lifecycle • Basic prevention • Response policy template
2018 INCIDENTS
IT’S EVERYONE’S PROBLEM! • Cybersecurity is NOT just IT’s problem. • IT • Emergency Management • Law Enforcement • And everyone in your organization
HUMAN FACTOR • Vast majority of incidents due to human error • Phishing, social engineering • Enabled by agency and employee use of social media • Careless info access/dissemination • Public spaces • Public wifi • Unlocked computers • Lack of caution
THE THREAT
MOST COMMON ENDUSER THREATS • Phishing • Malware (including ransomware) • Social Engineering/Vishing • Social Media Threats • Credential Reuse/poor password management • Unauthorized Physical Access
MOST COMMON SYSTEM LEVEL THREATS • Unpatched software • SQL Injection Attack • Cross Site Scripting (XSS) • Denial-of-Service (Dos) • Session Hijacking/Man-in-the-Middle Attacks
OUTCOMES • Release of protected information • Unauthorized control of systems • Unauthorized access to information • Data loss • Loss of productivity • System shutdowns • Financial theft • Law suits Worst case: Somebody gets hurt or killed. Second worst case: Somebody gets fired.
LIFECYCLE
PREVENTION • What have you done to prepare? • What policies are in place? • What training is in place? • How are the policies enforced? THINGS YOU MUST HAVE • Emergency Operations Plan • Cybersecurity Policy • Acceptable Use Policy
PHISHING EXAMPLE
MALWARE
PROTECTION
SOFTWARE BASED • Virus protection/detection • Malware detection • Firewalls • Check websites/programs at virustotal.com
PASSWORD MANAGEMENT • Never reuse passwords! • Phrases instead of passwords • Include letters/numbers/symbols • Use an encrypted password manager • Available from anywhere • Encrypted end-to-end • Allows sharing with other users (without revealing the actual password) • Review of top contenders at Wirecutter
MULTI-FACTOR AUTHENTICATION • Enable multi-factor authentication whenever possible. • Requires you to do two things to • All popular social media sites allow it. • https://twofactorauth.org/ for list of sites that support two-factor authentication.
PHYSICAL ACCESS
PUBLIC SPACES
SOCIAL MEDIA BASICS • Assume everything you post is public • Don’t share personal info • Use proper privacy settings • Practice strong security • Regularly check security and privacy settings
MORE SOCIAL MEDIA • Don’t share other people’s personal info without permission. • Don’t friend people you don’t know! • Never friend somebody more than once (the 2nd is often a spoofed account) • Limit posts to be viewable by only your friends • Limit post and photo tagging • Remove location services • Limit or remove 3rd party applications
MITIGATION • What steps have you taken? • What steps can you take? • Monitoring • Early Reporting • Training • Insurance • Backups • Redundancy
WHAT’S ALREADY HAPPENED?
EARLY REPORTING • Encourage people to report suspicious emails, texts, phone calls, people, etc. • Don’t punish them for reporting that they may have done something dumb!
POLICIES AND TRAINING • Develop clear, easy to understand policies • Acceptable use of technology • Reporting guidelines • Facility access • TRAIN, TRAIN, TRAIN • Basic cybersecurity training should be provided for every person with access to your facility
RESPONSE • Do you have a response plan? • Does everybody know how to recognize an incident? • Does your staff know what to do if they suspect an incident? • Who do you call for help?
RECOVERY • What’s your recovery plan? • Beyond just the technology • Who do you call for help?
SAMPLE INCIDENT ANNEX https://1drv.ms/w/s!At2Gwcs7z-oh3Ubt7QNXAZ-HHeM2
REFERENCES • National Cyber Incident Response Plan, Department of Homeland Security, 2016 • Computer Security Incident Handling Guide (Revision 2) National Institute of Standards and Technology, 2012 • Washington State Significant Cyber Incident Annex, Washington Military Department – Emergency Management Division, 2015 • ISO/IEC 27032 – Information Technology – Security techniques – Guidelines for cybersecurity, International Standards Organization, 2012
ANNEX PARTS • Policies • Sets expectations • Situation/Assumptions • Requires all components to be in place • Concept of Operations • Will require local discussion • Responsibilities • EM/IT/LE • Expect some pushback
MAJOR CYBER INCIDENT CHECKLIST • Action items • Pre-Incident Phase • Response Phase • Recovery/Demob Phase
COMMON ISSUES • Most organizations lack a comprehensive cybersecurity policy that vests responsibility with every employee. • Those that have policies don’t enforce them • A greater number of incidents occur than are reported in any formal way • Lack of response plans leads to slow recognition, response, recovery. • Lack of individual security leaves entire organization at risk
QUESTIONS? Contact me: Sarah Miller, MPA, CEM Chair, IAEM Emerging Technology Caucus Vice-President, IAEM Region 10 sarah@skmillerconsulting.com twitter: @scba

Recommended

NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
North Texas Chapter of the ISSA
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 
Security and privacy
Security and privacySecurity and privacy
Security and privacy
Mohammed Adam
 
Security and privacy for journalists
Security and privacy for journalistsSecurity and privacy for journalists
Security and privacy for journalists
Jillian York
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
Lisa Young
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors
OWASP EEE
 
Cyber Security –PPT
Cyber Security –PPTCyber Security –PPT
Cyber Security –PPT
Rajat Kumar
 
Information security
Information securityInformation security
Information security
linalona515
 

Recommended

NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
North Texas Chapter of the ISSA
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 
Security and privacy
Security and privacySecurity and privacy
Security and privacy
Mohammed Adam
 
Security and privacy for journalists
Security and privacy for journalistsSecurity and privacy for journalists
Security and privacy for journalists
Jillian York
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
Lisa Young
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors
OWASP EEE
 
Cyber Security –PPT
Cyber Security –PPTCyber Security –PPT
Cyber Security –PPT
Rajat Kumar
 
Information security
Information securityInformation security
Information security
linalona515
 
Cyber Security Predictions 2016
Cyber Security Predictions 2016Cyber Security Predictions 2016
Cyber Security Predictions 2016
Quick Heal Technologies Ltd.
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Edwin A. Opare
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
APNIC
 
Aegis Personal Cybersecurity 101
Aegis Personal Cybersecurity 101Aegis Personal Cybersecurity 101
Aegis Personal Cybersecurity 101
Nick Powers
 
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
Segun Ebenezer Olaniyan
 
Introducing Security Guardian from ExactTrak
Introducing Security Guardian from ExactTrakIntroducing Security Guardian from ExactTrak
Introducing Security Guardian from ExactTrak
Simon Cuthbert
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber Attacks
James Cash
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Burton Lee
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber Security
Priyanka Aash
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
North Texas Chapter of the ISSA
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
centralohioissa
 
Considerations for a secure internet of things for cities and communities
Considerations for a secure internet of things for cities and communitiesConsiderations for a secure internet of things for cities and communities
Considerations for a secure internet of things for cities and communities
Mrinal Wadhwa
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
CODE BLUE
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
CR Group
 
NormShieldBrochure
NormShieldBrochureNormShieldBrochure
NormShieldBrochure
Candan BOLUKBAS
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
APNIC
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five years
SABBY GILL
 
2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions
Lumension
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 

More Related Content

What's hot

Cyber Security Predictions 2016
Cyber Security Predictions 2016Cyber Security Predictions 2016
Cyber Security Predictions 2016
Quick Heal Technologies Ltd.
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Edwin A. Opare
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
APNIC
 
Aegis Personal Cybersecurity 101
Aegis Personal Cybersecurity 101Aegis Personal Cybersecurity 101
Aegis Personal Cybersecurity 101
Nick Powers
 
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
Segun Ebenezer Olaniyan
 
Introducing Security Guardian from ExactTrak
Introducing Security Guardian from ExactTrakIntroducing Security Guardian from ExactTrak
Introducing Security Guardian from ExactTrak
Simon Cuthbert
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber Attacks
James Cash
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Burton Lee
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber Security
Priyanka Aash
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
North Texas Chapter of the ISSA
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
centralohioissa
 
Considerations for a secure internet of things for cities and communities
Considerations for a secure internet of things for cities and communitiesConsiderations for a secure internet of things for cities and communities
Considerations for a secure internet of things for cities and communities
Mrinal Wadhwa
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
CODE BLUE
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
b coatesworth
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
CR Group
 
NormShieldBrochure
NormShieldBrochureNormShieldBrochure
NormShieldBrochure
Candan BOLUKBAS
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
APNIC
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five years
SABBY GILL
 

What's hot (20)

Cyber Security Predictions 2016
Cyber Security Predictions 2016Cyber Security Predictions 2016
Cyber Security Predictions 2016
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Aegis Personal Cybersecurity 101
Aegis Personal Cybersecurity 101Aegis Personal Cybersecurity 101
Aegis Personal Cybersecurity 101
 
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
 
Introducing Security Guardian from ExactTrak
Introducing Security Guardian from ExactTrakIntroducing Security Guardian from ExactTrak
Introducing Security Guardian from ExactTrak
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
 
Reducing the Impact of Cyber Attacks
Reducing the Impact of Cyber AttacksReducing the Impact of Cyber Attacks
Reducing the Impact of Cyber Attacks
 
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
Marcel van der Heijden - SpeedInvest & Aircloak - EU GDPR & Data Privacy Comp...
 
Managing Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber SecurityManaging Next Generation Threats to Cyber Security
Managing Next Generation Threats to Cyber Security
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
 
Ed McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat IntelligenceEd McCabe - Putting the Intelligence back in Threat Intelligence
Ed McCabe - Putting the Intelligence back in Threat Intelligence
 
Considerations for a secure internet of things for cities and communities
Considerations for a secure internet of things for cities and communitiesConsiderations for a secure internet of things for cities and communities
Considerations for a secure internet of things for cities and communities
 
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
Lessons learned from hundreds of cyber espionage breaches by TT and Ashley - ...
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk AdvisoryHow COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
How COVID-19 Changed The Cyber Security Worldwide? — Cyberroot Risk Advisory
 
NormShieldBrochure
NormShieldBrochureNormShieldBrochure
NormShieldBrochure
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRT
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five years
 

Similar to IAEM cybersecurity 101

2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions
Lumension
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
Roshni814224
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
Lancope, Inc.
 
Personal Threat Models
Personal Threat ModelsPersonal Threat Models
Personal Threat Models
Geoffrey Vaughan
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation
dhirujapla
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
Jonathon Coulter
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
bugcrowd
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
Lancope, Inc.
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Napier University
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
Brian Pichman
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & security
Priyab Satoshi
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Graeme Wood
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
Kabul Education University
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
OoXair
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
MansoorAhmed57263
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1
Kabul Education University
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
Binod Rimal
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)
Marta Barrio Marcos
 

Similar to IAEM cybersecurity 101 (20)

2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions2014 Ultimate Buyers Guide to Endpoint Security Solutions
2014 Ultimate Buyers Guide to Endpoint Security Solutions
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
Personal Threat Models
Personal Threat ModelsPersonal Threat Models
Personal Threat Models
 
Information security Presentation
Information security Presentation Information security Presentation
Information security Presentation
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
 
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...[Webinar] Building a Product Security Incident Response Team: Learnings from ...
[Webinar] Building a Product Security Incident Response Team: Learnings from ...
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
 
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian RainsburghEndpoint (big) Data In The Age of Compromise, Ian Rainsburgh
Endpoint (big) Data In The Age of Compromise, Ian Rainsburgh
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & security
 
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
Jd sherry howard a. schmidt cyber crime, cyberspy, cyberwar - taking the le...
 
Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2Cryptography and Network Security # Lecture 2
Cryptography and Network Security # Lecture 2
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdfitsecurityawareness-v1-230413174238-5e7cba3c.pdf
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
 
Cyber security # Lec 1
Cyber security # Lec 1Cyber security # Lec 1
Cyber security # Lec 1
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)
 

More from Sarah K Miller

Secure your stuff
Secure your stuffSecure your stuff
Secure your stuff
Sarah K Miller
 
Cybersecurity for King County Public Educators
Cybersecurity for King County Public EducatorsCybersecurity for King County Public Educators
Cybersecurity for King County Public Educators
Sarah K Miller
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
Sarah K Miller
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
Sarah K Miller
 
DEFCON - Ethics of technology in humanitarian and disaster response
DEFCON - Ethics of technology in humanitarian and disaster responseDEFCON - Ethics of technology in humanitarian and disaster response
DEFCON - Ethics of technology in humanitarian and disaster response
Sarah K Miller
 
Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4
Sarah K Miller
 
Utilizing social media to sustain your club - Soroptimist edition
Utilizing social media to sustain your club - Soroptimist editionUtilizing social media to sustain your club - Soroptimist edition
Utilizing social media to sustain your club - Soroptimist edition
Sarah K Miller
 
Using Social Media for Club Recruiting and Engagement
Using Social Media for Club Recruiting and EngagementUsing Social Media for Club Recruiting and Engagement
Using Social Media for Club Recruiting and Engagement
Sarah K Miller
 
Using Social Media in an Emergency
Using Social Media in an EmergencyUsing Social Media in an Emergency
Using Social Media in an Emergency
Sarah K Miller
 
How to use social media in an emergency
How to use social media in an emergencyHow to use social media in an emergency
How to use social media in an emergency
Sarah K Miller
 
You can get there from here! Professional development through all career stag...
You can get there from here! Professional development through all career stag...You can get there from here! Professional development through all career stag...
You can get there from here! Professional development through all career stag...
Sarah K Miller
 
Writing a winning resume
Writing a winning resumeWriting a winning resume
Writing a winning resume
Sarah K Miller
 
ICS and you
ICS and youICS and you
ICS and you
Sarah K Miller
 
Utilizing social media to build your program
Utilizing social media to build your programUtilizing social media to build your program
Utilizing social media to build your program
Sarah K Miller
 
Social media privacy and safety
Social media privacy and safetySocial media privacy and safety
Social media privacy and safety
Sarah K Miller
 
INWEM Gender and Diversity Survey - 2010
INWEM Gender and Diversity Survey - 2010INWEM Gender and Diversity Survey - 2010
INWEM Gender and Diversity Survey - 2010
Sarah K Miller
 
Gaining situational awareness using social media
Gaining situational awareness using social mediaGaining situational awareness using social media
Gaining situational awareness using social media
Sarah K Miller
 
Generational differences in organizations.
Generational differences in organizations. Generational differences in organizations.
Generational differences in organizations.
Sarah K Miller
 
Emergency Preparedness: This is no time to gamble.
Emergency Preparedness: This is no time to gamble.Emergency Preparedness: This is no time to gamble.
Emergency Preparedness: This is no time to gamble.
Sarah K Miller
 
Recruiting and retaining radio volunteers
Recruiting and retaining radio volunteersRecruiting and retaining radio volunteers
Recruiting and retaining radio volunteers
Sarah K Miller
 

More from Sarah K Miller (20)

Secure your stuff
Secure your stuffSecure your stuff
Secure your stuff
 
Cybersecurity for King County Public Educators
Cybersecurity for King County Public EducatorsCybersecurity for King County Public Educators
Cybersecurity for King County Public Educators
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
 
DEFCON - Ethics of technology in humanitarian and disaster response
DEFCON - Ethics of technology in humanitarian and disaster responseDEFCON - Ethics of technology in humanitarian and disaster response
DEFCON - Ethics of technology in humanitarian and disaster response
 
Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4
 
Utilizing social media to sustain your club - Soroptimist edition
Utilizing social media to sustain your club - Soroptimist editionUtilizing social media to sustain your club - Soroptimist edition
Utilizing social media to sustain your club - Soroptimist edition
 
Using Social Media for Club Recruiting and Engagement
Using Social Media for Club Recruiting and EngagementUsing Social Media for Club Recruiting and Engagement
Using Social Media for Club Recruiting and Engagement
 
Using Social Media in an Emergency
Using Social Media in an EmergencyUsing Social Media in an Emergency
Using Social Media in an Emergency
 
How to use social media in an emergency
How to use social media in an emergencyHow to use social media in an emergency
How to use social media in an emergency
 
You can get there from here! Professional development through all career stag...
You can get there from here! Professional development through all career stag...You can get there from here! Professional development through all career stag...
You can get there from here! Professional development through all career stag...
 
Writing a winning resume
Writing a winning resumeWriting a winning resume
Writing a winning resume
 
ICS and you
ICS and youICS and you
ICS and you
 
Utilizing social media to build your program
Utilizing social media to build your programUtilizing social media to build your program
Utilizing social media to build your program
 
Social media privacy and safety
Social media privacy and safetySocial media privacy and safety
Social media privacy and safety
 
INWEM Gender and Diversity Survey - 2010
INWEM Gender and Diversity Survey - 2010INWEM Gender and Diversity Survey - 2010
INWEM Gender and Diversity Survey - 2010
 
Gaining situational awareness using social media
Gaining situational awareness using social mediaGaining situational awareness using social media
Gaining situational awareness using social media
 
Generational differences in organizations.
Generational differences in organizations. Generational differences in organizations.
Generational differences in organizations.
 
Emergency Preparedness: This is no time to gamble.
Emergency Preparedness: This is no time to gamble.Emergency Preparedness: This is no time to gamble.
Emergency Preparedness: This is no time to gamble.
 
Recruiting and retaining radio volunteers
Recruiting and retaining radio volunteersRecruiting and retaining radio volunteers
Recruiting and retaining radio volunteers
 

Recently uploaded

“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 

Recently uploaded (20)

“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 

IAEM cybersecurity 101

  • 1. CYBERSECURITY 101 Understanding basic threats and preventions
  • 2. WHAT WE’LL COVER Not designed for IT professionals! • Recent Incidents • Basic overview • Basic threat landscape • Incident lifecycle • Basic prevention • Response policy template
  • 3.
  • 5.
  • 6.
  • 7. IT’S EVERYONE’S PROBLEM! • Cybersecurity is NOT just IT’s problem. • IT • Emergency Management • Law Enforcement • And everyone in your organization
  • 8. HUMAN FACTOR • Vast majority of incidents due to human error • Phishing, social engineering • Enabled by agency and employee use of social media • Careless info access/dissemination • Public spaces • Public wifi • Unlocked computers • Lack of caution
  • 10. MOST COMMON ENDUSER THREATS • Phishing • Malware (including ransomware) • Social Engineering/Vishing • Social Media Threats • Credential Reuse/poor password management • Unauthorized Physical Access
  • 11. MOST COMMON SYSTEM LEVEL THREATS • Unpatched software • SQL Injection Attack • Cross Site Scripting (XSS) • Denial-of-Service (Dos) • Session Hijacking/Man-in-the-Middle Attacks
  • 12. OUTCOMES • Release of protected information • Unauthorized control of systems • Unauthorized access to information • Data loss • Loss of productivity • System shutdowns • Financial theft • Law suits Worst case: Somebody gets hurt or killed. Second worst case: Somebody gets fired.
  • 14. PREVENTION • What have you done to prepare? • What policies are in place? • What training is in place? • How are the policies enforced? THINGS YOU MUST HAVE • Emergency Operations Plan • Cybersecurity Policy • Acceptable Use Policy
  • 18. SOFTWARE BASED • Virus protection/detection • Malware detection • Firewalls • Check websites/programs at virustotal.com
  • 19. PASSWORD MANAGEMENT • Never reuse passwords! • Phrases instead of passwords • Include letters/numbers/symbols • Use an encrypted password manager • Available from anywhere • Encrypted end-to-end • Allows sharing with other users (without revealing the actual password) • Review of top contenders at Wirecutter
  • 20.
  • 21. MULTI-FACTOR AUTHENTICATION • Enable multi-factor authentication whenever possible. • Requires you to do two things to • All popular social media sites allow it. • https://twofactorauth.org/ for list of sites that support two-factor authentication.
  • 24. SOCIAL MEDIA BASICS • Assume everything you post is public • Don’t share personal info • Use proper privacy settings • Practice strong security • Regularly check security and privacy settings
  • 25. MORE SOCIAL MEDIA • Don’t share other people’s personal info without permission. • Don’t friend people you don’t know! • Never friend somebody more than once (the 2nd is often a spoofed account) • Limit posts to be viewable by only your friends • Limit post and photo tagging • Remove location services • Limit or remove 3rd party applications
  • 26. MITIGATION • What steps have you taken? • What steps can you take? • Monitoring • Early Reporting • Training • Insurance • Backups • Redundancy
  • 28.
  • 29. EARLY REPORTING • Encourage people to report suspicious emails, texts, phone calls, people, etc. • Don’t punish them for reporting that they may have done something dumb!
  • 30. POLICIES AND TRAINING • Develop clear, easy to understand policies • Acceptable use of technology • Reporting guidelines • Facility access • TRAIN, TRAIN, TRAIN • Basic cybersecurity training should be provided for every person with access to your facility
  • 31. RESPONSE • Do you have a response plan? • Does everybody know how to recognize an incident? • Does your staff know what to do if they suspect an incident? • Who do you call for help?
  • 32. RECOVERY • What’s your recovery plan? • Beyond just the technology • Who do you call for help?
  • 34. REFERENCES • National Cyber Incident Response Plan, Department of Homeland Security, 2016 • Computer Security Incident Handling Guide (Revision 2) National Institute of Standards and Technology, 2012 • Washington State Significant Cyber Incident Annex, Washington Military Department – Emergency Management Division, 2015 • ISO/IEC 27032 – Information Technology – Security techniques – Guidelines for cybersecurity, International Standards Organization, 2012
  • 35. ANNEX PARTS • Policies • Sets expectations • Situation/Assumptions • Requires all components to be in place • Concept of Operations • Will require local discussion • Responsibilities • EM/IT/LE • Expect some pushback
  • 36. MAJOR CYBER INCIDENT CHECKLIST • Action items • Pre-Incident Phase • Response Phase • Recovery/Demob Phase
  • 37. COMMON ISSUES • Most organizations lack a comprehensive cybersecurity policy that vests responsibility with every employee. • Those that have policies don’t enforce them • A greater number of incidents occur than are reported in any formal way • Lack of response plans leads to slow recognition, response, recovery. • Lack of individual security leaves entire organization at risk
  • 38. QUESTIONS? Contact me: Sarah Miller, MPA, CEM Chair, IAEM Emerging Technology Caucus Vice-President, IAEM Region 10 sarah@skmillerconsulting.com twitter: @scba

Editor's Notes

  1. Poll Title: What cybersecurity incidents have you heard about this year? https://www.polleverywhere.com/free_text_polls/trBv6gBzxugkpgg
  2. Poll Title: Has your organization experience any type of cybersecurity incident? https://www.polleverywhere.com/multiple_choice_polls/CRaZDFv70xpKBKr
  3. Malicious vs unintentional Active attacks Data breaches Human error Cyber warfare
  4. Poll Title: Do you use multi-factor (or two factor) authentication on anything? https://www.polleverywhere.com/multiple_choice_polls/5Oizh6IjK4g9tBi
  5. Prevent tailgating and piggybacking Require visible ID Lock computers/phone when not in use Train employees to challenge or report strangers
  6. Using your work computers and phones in public spaces, such as planes. Be mindful of your surroundings Who can hear your conversation, see your laptop screen, read your paperwork, etc.? Be cautious of wifi hotspots Always use your VPN Don’t let your devices connect automatically Don’t leave things behind!
  7. Maiden names Dates of birth Kids/grandkids dates of birth Schools Anything that correlates with any security question you’ve ever answered on- or off-line.
  8. https://haveibeenpwned.com/