Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
This session discusses the top cyber threats for 2020 world-wide, where our presenters will discuss the top security priorities in their states for cybersecurity, followed by a Q/A session at the end of the presentation.
What topics are hot for Chief Security Officers in 2020? Which cyber threats are demanding the most attention for top government cybersecurity leaders? What projects are the U.S. states of Washington and Illinois applying resources to address security priorities? Where next with privacy legislation and implementation of regulations likes the California Consumer Privacy Act (CCPA)?
The webinar covers:
• Top security predictions for 2020 from global security vendors – along with CISO reactions and feedback
• Security trends (in specific areas such as ransomware) seen at the end of 2019 and in the first weeks of 2020
• CISO project priorities from Washington State and the State of Illinois
• Panel discussion of privacy actions and CCPA implementation nationwide
Date: February 19, 2019
Recorded webinar: https://youtu.be/QN35YHEA_4E
How an Integrated Management system helps you comply with new Cyber Laws and ...PECB
When implementing an information security management system (based on ISO/IEC 27001) you need to conduct a risk analysis (based on ISO/IEC 27005) and implement information security controls (based on ISO/IEC 27002). In order to better understand the IT governance framework of the organization, you can refer to service management systems (based on ISO/IEC 20000). Moreover, you have to properly consider security incident management (based on ISO/IEC 27035) and you must ensure that the organization has business continuity and recovery capabilities (based on ISO 22301).
Recorded Webinar: https://youtu.be/aY_envTRGRY
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
Main points covered:
• Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat
• Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses
• Resetting roles and responsibilities regarding cyber security within organizations
• Developing empirical, cost-effective cyber risk assessments to meet the evolving threat
Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on.
Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8
Case Study: The Role of Human Error in Information SecurityPECB
It has become an established fact that the human factor is the most important element to secure in any organization if security is to be maintained. This case study will take real-life examples (with no names used!) and examine some actual security incidents caused by human error and elaborate on the root cause and prevention tips resulting from these events.
Main points covered:
• Incident detection
• Incident reporting
• Incident triage
• Lessons learned
Presenter:
Our presenter for this webinar will be Anthony English, who is one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance. He sits on the Standards Council of Canada (SCC) IT Security Techniques committee (MC/ ISO/IEC/JTC 1/SC 27), the Disaster Recovery Institute Canada (DRIC) Certification Committee, Cloud Security Alliance committee on the security of health care data in the cloud and is an Exam Development Volunteer for ISC2. Anthony has worked in utilities, law enforcement, consulting, education, health care, lottery and gaming, auditing and the financial sector.
Recorded Webinar: https://youtu.be/fWZd_wd3HOk
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
The digital age provides all organisations with opportunities to grow and innovate. But it also brings a new world of risk, especially to our most precious information. The information that’s critical to our future success. All organisations are at risk and cyber resilience is no longer a ‘nice to have’. But many organizations continue to struggle to define what good cyber resilience looks like.
Good starts with a strategy. A strategy built around your business objectives and knowing what the cyber risks are to those objectives. It’s about having the right people, skills, awareness and culture to deliver the strategy. It’s also about understanding that you will never be bullet-proof – to support your prevention and detection activities it’s now as important to know how you will effectively respond and recover to a cyber-attack.
In June 2015 AXELOS Global Best Practice are launching a new Cyber Resilience Best Practice portfolio. This webinar with Nick Wilding, Head of Cyber Resilience at AXELOS, outlines:
- what cyber resilience is and why it is so important to any organisation;
- why all of us are on the cyber front line and how we all have a role to play;
- why cyber resilience best practice is so vital to help define and manage what good looks like in your organisation;
- how you can get involved in the development and launch of this exciting new initiative from AXELOS.
Cybersecurity is difficult. It is a serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk continue to mature and expand on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the emerging challenges as it analyzes the cause-and-effect relationships of factors driving the future of cybersecurity.
Top 2020 Predictions: Cybersecurity Threats, Trends, and the CCPA RegulationPECB
This session discusses the top cyber threats for 2020 world-wide, where our presenters will discuss the top security priorities in their states for cybersecurity, followed by a Q/A session at the end of the presentation.
What topics are hot for Chief Security Officers in 2020? Which cyber threats are demanding the most attention for top government cybersecurity leaders? What projects are the U.S. states of Washington and Illinois applying resources to address security priorities? Where next with privacy legislation and implementation of regulations likes the California Consumer Privacy Act (CCPA)?
The webinar covers:
• Top security predictions for 2020 from global security vendors – along with CISO reactions and feedback
• Security trends (in specific areas such as ransomware) seen at the end of 2019 and in the first weeks of 2020
• CISO project priorities from Washington State and the State of Illinois
• Panel discussion of privacy actions and CCPA implementation nationwide
Date: February 19, 2019
Recorded webinar: https://youtu.be/QN35YHEA_4E
How an Integrated Management system helps you comply with new Cyber Laws and ...PECB
When implementing an information security management system (based on ISO/IEC 27001) you need to conduct a risk analysis (based on ISO/IEC 27005) and implement information security controls (based on ISO/IEC 27002). In order to better understand the IT governance framework of the organization, you can refer to service management systems (based on ISO/IEC 20000). Moreover, you have to properly consider security incident management (based on ISO/IEC 27035) and you must ensure that the organization has business continuity and recovery capabilities (based on ISO 22301).
Recorded Webinar: https://youtu.be/aY_envTRGRY
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...PECB
Main points covered:
• Understanding the inverted economics of cyber security, the incentives for cyber crime and its effect on the growing threat
• Inefficiencies with the traditional approaches to cyber risk assessment and why we are not making more progress in enhancing cyber defenses
• Resetting roles and responsibilities regarding cyber security within organizations
• Developing empirical, cost-effective cyber risk assessments to meet the evolving threat
Our presenter for this webinar is Larry Clinton, the president of the Internet Security Alliance (ISA), a multi-sector association focused on Cybersecurity thought leadership, policy advocacy, and best practices. Mr. Clinton advises both industry and governments around the world. He has twice been listed on the Corporate 100 list of the most influential people in corporate governance. He is the author of The Cyber Risk Handbook for Corporate Boards. PWC has found the use of this Handbook improves cyber budgeting, cyber risk management and helps create a culture of security. The Handbook has been published in the US, Germany, the UK and Latin America. He is currently working on a version for the European Conference of Directors Associations as well as versions for Japan and India. Mr. Clinton also leads ISA, public policy work built around their publication “The Cyber Security Social Contract” which the NATO Center of Cyber Excellence in Estonia asked for a briefing on.
Recorded Webinar: https://www.youtube.com/watch?v=8qVtoqi37X8
Case Study: The Role of Human Error in Information SecurityPECB
It has become an established fact that the human factor is the most important element to secure in any organization if security is to be maintained. This case study will take real-life examples (with no names used!) and examine some actual security incidents caused by human error and elaborate on the root cause and prevention tips resulting from these events.
Main points covered:
• Incident detection
• Incident reporting
• Incident triage
• Lessons learned
Presenter:
Our presenter for this webinar will be Anthony English, who is one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance. He sits on the Standards Council of Canada (SCC) IT Security Techniques committee (MC/ ISO/IEC/JTC 1/SC 27), the Disaster Recovery Institute Canada (DRIC) Certification Committee, Cloud Security Alliance committee on the security of health care data in the cloud and is an Exam Development Volunteer for ISC2. Anthony has worked in utilities, law enforcement, consulting, education, health care, lottery and gaming, auditing and the financial sector.
Recorded Webinar: https://youtu.be/fWZd_wd3HOk
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
The digital age provides all organisations with opportunities to grow and innovate. But it also brings a new world of risk, especially to our most precious information. The information that’s critical to our future success. All organisations are at risk and cyber resilience is no longer a ‘nice to have’. But many organizations continue to struggle to define what good cyber resilience looks like.
Good starts with a strategy. A strategy built around your business objectives and knowing what the cyber risks are to those objectives. It’s about having the right people, skills, awareness and culture to deliver the strategy. It’s also about understanding that you will never be bullet-proof – to support your prevention and detection activities it’s now as important to know how you will effectively respond and recover to a cyber-attack.
In June 2015 AXELOS Global Best Practice are launching a new Cyber Resilience Best Practice portfolio. This webinar with Nick Wilding, Head of Cyber Resilience at AXELOS, outlines:
- what cyber resilience is and why it is so important to any organisation;
- why all of us are on the cyber front line and how we all have a role to play;
- why cyber resilience best practice is so vital to help define and manage what good looks like in your organisation;
- how you can get involved in the development and launch of this exciting new initiative from AXELOS.
Cybersecurity is difficult. It is a serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk continue to mature and expand on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the emerging challenges as it analyzes the cause-and-effect relationships of factors driving the future of cybersecurity.
Using Threat Intelligence to Address Your Growing Digital RiskSurfWatch Labs
Cyber threat intelligence can be used to help organizations to better manage their growing digital risk footprints and drive more effective risk decisions.
With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
This webinar will provide more information on the importance of information security and how you can take security well beyond compliance, an approach on building strong information security, privacy and data governance programs, and the importance of strong data governance in relation to privacy and information security requirements.
The webinar covers
• Information Security
• Importance Of Information Security Today
• Taking Information Security Beyond A Compliance First
• Importance Of Data Governance In Information Security
• Privacy
• Changing And Evolving Privacy Requirements
• Importance Of Data Governance In Privacy
• Data Governance And Data Privacy
• Data Privacy - Data Processing Principles
Presenters:
Moji is a Senior Business Process Analyst working with GemaltoThales, a leading firm in the IT industry. Moji has over fifteen years of experience in leading projects to improve processes, create and implement processes leading to increased revenue generation and eliminate redundancies.
She has a zeal for adding value and increasing revenue for organizations. Moji is very passionate about Data Privacy and its application in business and consumer rights.
Hardeep Mehrotara has 20+ years of senior leadership experience in Information Technology and Cyber Security working for public and private organizations building security programs from the ground up. He has been featured on Canadian television as a cyber expert and provided advice to various communities on implementing cybersecurity strategy, best practices and controls. He has been a co-author on numerous leading industry security control frameworks, technical benchmarks and industry best practice standards.
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/aQcS5-RFIEY
Website link: https://pecb.com/
With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
While traditional cybersecurity defenses focus on prevention, there are many vulnerabilities and potential attacks against weapon systems. While weapon systems are more software dependent and networked than ever before, cybersecurity has not always been prioritized with regards to weapon systems acquisition.
Threat actors have advanced in their sophistication as they are well-resourced and highly skilled, oftentimes gathering detailed knowledge of the systems they want to attack. Ensuring stronger detection methods is imperative, but because these types of threats are very targeted and advanced, agencies need the capability to proactively hunt.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Some 2.4 billion global Internet users—34 percent of
the world’s population—spend increasing amounts
of time online.1 As our online activity expands,
it isn’t just creating new ways to do business. It’s
revolutionizing business. However, like any mass
movement with significant ramifications, the
Internet-enabled life has risks as well as benefits.
Some are willing to accept those risks without much
consideration. Others want to take the time for a
more contemplative response, but events are moving
too quickly for long debate. What we really need is
a Call to Action that addresses the risks demanding
urgent attention.
To balance the benefits of the digital life,
management needs to understand and grapple
with four equally powerful forces:
Democratization – The way customers insist
on interacting via the channels they prefer,
rather than the channels the organization
imposes.
Consumerization – The impact of the many
devices and applications that span work and
play in our digital lives.
Externalization – The ways in which cloud
computing slashes capital expenditure and
shakes up how data moves in and out of
organizations.
Digitization – The exponential connectivity
created when sensors and devices form the
“Internet of Things.” These forces interact in ways
that make eradicating Cyber Risk impossible;
eliminating it in one area simply shifts it to the
others.
However, by following best practices, it is possible
to reduce your organization’s exposure to Cyber
Risk across the board. By addressing the real and
growing risks we face as individuals, businesses, and
governments, we can begin to create an optimal
environment of Cyber Resilience. This Manifesto sets
out a road map for that process.
Webinar: Be Cyber Smart – Stories from the TrenchesWithum
Technology has permeated pretty much every corner of our lives now and hacker techniques are becoming more sophisticated. As a result cybersecurity best practices have expanded, it’s not just about training and awareness anymore.
This presentation provides an overview of lurking threats and best practices to protect your organization from an attack. Experts from Withum and Axos Bank share their expertise on how to avoid risk by sharing stories of what went wrong for other organizations and advising how to ensure the safety of your information.
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
The project title for this task force is “Cyber Security Maturity Model for Organizations”. Some of the
key things that you are going to learn from this presentation is:
The user organizations will learn, how to easily adapt a cyber security maturity assessmentmodel based on the widely accepted frameworks such as NIST CSF and ISO27001:2013
The readers will learn about the core information security domains and how to plan forsecurity activities around those core domains
The readers will learn how to prioritize the security budget and draw out the securitycontrol implementation roadmap for their organization
The readers will learn to apply a risk informed approach to information security for theirorganizations which can be used to educate about and sell security to their CEO’s and board members.
Fidelis Cybersecurity commissioned 360Velocity to conduct an enterprise study on the State of the SOC, including current trends and practices of threat detection and response. Join this webinar to listen to security experts Dr. Chenxi Wang of 360Velocity and Tim Roddy, VP of Cybersecurity Product Strategy at Fidelis examine how to standardize processes for threat detection and response & the case for and how to integrate network sensors and endpoint enforcement
Using Threat Intelligence to Address Your Growing Digital RiskSurfWatch Labs
Cyber threat intelligence can be used to help organizations to better manage their growing digital risk footprints and drive more effective risk decisions.
With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
This webinar will provide more information on the importance of information security and how you can take security well beyond compliance, an approach on building strong information security, privacy and data governance programs, and the importance of strong data governance in relation to privacy and information security requirements.
The webinar covers
• Information Security
• Importance Of Information Security Today
• Taking Information Security Beyond A Compliance First
• Importance Of Data Governance In Information Security
• Privacy
• Changing And Evolving Privacy Requirements
• Importance Of Data Governance In Privacy
• Data Governance And Data Privacy
• Data Privacy - Data Processing Principles
Presenters:
Moji is a Senior Business Process Analyst working with GemaltoThales, a leading firm in the IT industry. Moji has over fifteen years of experience in leading projects to improve processes, create and implement processes leading to increased revenue generation and eliminate redundancies.
She has a zeal for adding value and increasing revenue for organizations. Moji is very passionate about Data Privacy and its application in business and consumer rights.
Hardeep Mehrotara has 20+ years of senior leadership experience in Information Technology and Cyber Security working for public and private organizations building security programs from the ground up. He has been featured on Canadian television as a cyber expert and provided advice to various communities on implementing cybersecurity strategy, best practices and controls. He has been a co-author on numerous leading industry security control frameworks, technical benchmarks and industry best practice standards.
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/aQcS5-RFIEY
Website link: https://pecb.com/
With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
While traditional cybersecurity defenses focus on prevention, there are many vulnerabilities and potential attacks against weapon systems. While weapon systems are more software dependent and networked than ever before, cybersecurity has not always been prioritized with regards to weapon systems acquisition.
Threat actors have advanced in their sophistication as they are well-resourced and highly skilled, oftentimes gathering detailed knowledge of the systems they want to attack. Ensuring stronger detection methods is imperative, but because these types of threats are very targeted and advanced, agencies need the capability to proactively hunt.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Some 2.4 billion global Internet users—34 percent of
the world’s population—spend increasing amounts
of time online.1 As our online activity expands,
it isn’t just creating new ways to do business. It’s
revolutionizing business. However, like any mass
movement with significant ramifications, the
Internet-enabled life has risks as well as benefits.
Some are willing to accept those risks without much
consideration. Others want to take the time for a
more contemplative response, but events are moving
too quickly for long debate. What we really need is
a Call to Action that addresses the risks demanding
urgent attention.
To balance the benefits of the digital life,
management needs to understand and grapple
with four equally powerful forces:
Democratization – The way customers insist
on interacting via the channels they prefer,
rather than the channels the organization
imposes.
Consumerization – The impact of the many
devices and applications that span work and
play in our digital lives.
Externalization – The ways in which cloud
computing slashes capital expenditure and
shakes up how data moves in and out of
organizations.
Digitization – The exponential connectivity
created when sensors and devices form the
“Internet of Things.” These forces interact in ways
that make eradicating Cyber Risk impossible;
eliminating it in one area simply shifts it to the
others.
However, by following best practices, it is possible
to reduce your organization’s exposure to Cyber
Risk across the board. By addressing the real and
growing risks we face as individuals, businesses, and
governments, we can begin to create an optimal
environment of Cyber Resilience. This Manifesto sets
out a road map for that process.
Webinar: Be Cyber Smart – Stories from the TrenchesWithum
Technology has permeated pretty much every corner of our lives now and hacker techniques are becoming more sophisticated. As a result cybersecurity best practices have expanded, it’s not just about training and awareness anymore.
This presentation provides an overview of lurking threats and best practices to protect your organization from an attack. Experts from Withum and Axos Bank share their expertise on how to avoid risk by sharing stories of what went wrong for other organizations and advising how to ensure the safety of your information.
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
Information Security
1.Why the need to think about it?
2.What exactly are we talking about?
3.How do we go about doing something about it?
4.Is there a one-size-fits-all framework?
The project title for this task force is “Cyber Security Maturity Model for Organizations”. Some of the
key things that you are going to learn from this presentation is:
The user organizations will learn, how to easily adapt a cyber security maturity assessmentmodel based on the widely accepted frameworks such as NIST CSF and ISO27001:2013
The readers will learn about the core information security domains and how to plan forsecurity activities around those core domains
The readers will learn how to prioritize the security budget and draw out the securitycontrol implementation roadmap for their organization
The readers will learn to apply a risk informed approach to information security for theirorganizations which can be used to educate about and sell security to their CEO’s and board members.
Fidelis Cybersecurity commissioned 360Velocity to conduct an enterprise study on the State of the SOC, including current trends and practices of threat detection and response. Join this webinar to listen to security experts Dr. Chenxi Wang of 360Velocity and Tim Roddy, VP of Cybersecurity Product Strategy at Fidelis examine how to standardize processes for threat detection and response & the case for and how to integrate network sensors and endpoint enforcement
Vulnerability Management – Opportunities and Challenges!Outpost24
57% percent of companies that has experienced a data breach claimed it was due to an unpatched vulnerability. Vulnerability Management decreases an organizations risk profile significantly.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Cyber-attacks are an alarming threat to all types of businesses & organizations.The risk of a cyber-attack is not just a risk to your company but also to your privacy.Hence, cybersecurity is crucial for every business. Cybersecurity protects critical data from cyber attackers. This includes sensitive data, governmental and industry information, personal information, personally identifiable information (PII), intellectual property, and protected health information (PHI). If you are looking for tools to fight against cyber threats, then Techwave’s tools & technologies with adequate controls will help your organization stay protected.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
El panorama de amenazas en evolución basado en nuestro ISTR (Reporte de Anual de Amenazas en Internet Vol. 24) recientemente publicado, refleja las últimas tendencias y cómo se aplican a Colombia y América Latina. Las principales tendencias de transformación digital, como la nube y la movilidad, junto con los nuevos desafíos de seguridad han cambiado el panorama de ciberseguridad por lo que la estrategia debe enfocarse en términos de riesgos clave, regulaciones y hallazgos sobre la madurez de la seguridad. Recomendaciones para enfocar y mejorar las posturas de ciberseguridad para abordar estas tendencias, incluidos los marcos clave, las tecnologías, los procesos y los cambios culturales son parte integral de los pasos a seguir.
Too Small to Get Hacked? Think Again (Webinar)OnRamp
SMBs are a major target in today’s threat landscape since larger organizations have invested in security measures in the last couple of years. Find out how much your data is worth and the best way to safeguard those assets from our experts.
According to StaySafeOnline.org, attacks on SMBs account for over 70% of data breaches, a figure that is on the rise. Sophisticated digital criminals easily exploit businesses with limited security budgets, outdated security controls, and untrained employees. Not to mention, insider threats are becoming more prevalent. Each security incident costs SMBs a loss of $120k, on average. So what can you do about it?
Data security requires implementing the right technology, people, and processes. Like many SMBs, you may see the value in security, but may not be sure where to start. Join our panel of experts in this educational webinar to find out what steps you can take to protect your business today and its valuable assets. We’ll review current trends in attack methods, how to determine what to protect, and what methods are best suited for your objectives.
Takeaways and Learning Objectives
Find out what threats are most common today and how to prevent them.
Get actionable tips on how to protect your business in the short-term and long-term, despite budget and resource constraints.
Get clarity on data security best practices, including tools, policies, processes and developing a culture of security.
Matthew Rosenquist's 2015 Cybersecurity Predictions presentation to the ISACA Sacramento chapter on Feb 12th outlines the forthcoming challenges the industry is likely to face and how we can be better prepared for it. Peering into the future of cybersecurity provides valuable insights for security professionals. The industry is changing rapidly and attackers seem to always be one step ahead. Organizations must not only address what is ongoing, but also prepare for how cyber-threats will maneuver in the future.
Jason Smith shared cyber security trends from 2018 into the beginning of 2019 at the SCTBA Convention, how the threat actor model has changed, and what businesses should do.
This webinar presents a best-practices framework on assessing your risks, using the National Institute of Standards and Technology (NIST) privacy risk assessment methodology.
Matt Eshleman, Community IT Innovators’ CTO and resident cybersecurity expert, will teach you how to
Understand the cybersecurity threats facing nonprofits
perform a basic assessment using our NIST survey tool
understand the recommendations
budget for risk prevention
engage nonprofit executives in supporting proactive cybersecurity
create an actionable road map with next steps for your organization
Over the last few months, many organizations began to use personal computers and devices for work, quickly set up cloud file sharing platforms, put the entire remote office on Slack or Teams, or moved to using Zoom for conference calls.
Even if we did our best to implement thoughtful security protocols and train new users on new tools, circumstances have made measured approaches to cybersecurity difficult. Your practices are probably out of sync with your security needs.
You know your nonprofit organization is at risk.
But do you know how to manage cybersecurity risk?
Now is the time to better manage risks by reviewing your cybersecurity stance and (re)training your users on security best practices.
It's a Who, What, Where and Why behind cyber risk in today's modern era - how data breaches happen, why they happen, and what you can do to address them.
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
PART II – Cyber Security: the mitigation strategies – how to identify, assess and mitigate cyber risks
The Risk Manager must be responsible, as for others risks, for the quantification aspect of cyber security. It is a necessary step towards understanding and managing the exposure of the company. He/she should act as a facilitator between the Board and the operational department (IT, Finance, Legal and other functions).
A key subject to unlock the cyber insurance development and to support the economic growth the Digital world is bringing to Europe.
C-Suite Snacks Webinar Series : Under Attack - Preparing Your Company in the ...Citrin Cooperman
Sign up for our weekly C-Suite Snacks webinars here: https://www.citrincooperman.com/infocus/c-suite-snacks
Our C-Suite Snacks webinar series provides the middle market with brief, strategic, and tactical business improvement information for 30 minutes every week. Join Citrin Cooperman live every Thursday at noon for snack-sized insights for business executives.
It’s no secret that companies around the world are under attack. Prior to COVID-19, breach rates were on the rise, but now hackers have only become more aggressive in their attempt to steal or hijack your data to try to extort money and do irreparable harm to your company’s reputation.
In this C-Suite Snacks webinar, we covered how to combat these attacks by understanding the risks and preparing to respond.
Key Takeaways:
- An overview of the latest breach statistics and trends
- Knowledge on the methods hackers are using to infiltrate organizations
- Methods to prepare your organization for attack and response
Explore Sarasota Collection's exquisite and long-lasting dining table sets and chairs in Sarasota. Elevate your dining experience with our high-quality collection!
What You're Going to Learn
- How These 4 Leaks Force You To Work Longer And Harder in order to grow your income… improve just one of these and the impact could be life changing.
- How to SHUT DOWN the revolving door of Income Stagnation… you know, where new sales come into your magazine while at the same time existing sponsors exit.
- How to transform your magazine business by fixing the 4 “DON’Ts”...
#1 LEADS Don’t Book
#2 PROSPECTS Don’t Show
#3 PROSPECTS Don’t Buy
#4 CLIENTS Don’t Stay
- How to identify which leak to fix first so you get the biggest bang for your income.
- Get actionable strategies you can use right away to improve your bookings, sales and retention.
Best Crypto Marketing Ideas to Lead Your Project to SuccessIntelisync
In this comprehensive slideshow presentation, we delve into the intricacies of crypto marketing, offering invaluable insights and strategies to propel your project to success in the dynamic cryptocurrency landscape. From understanding market trends to building a robust brand identity, engaging with influencers, and analyzing performance metrics, we cover all aspects essential for effective marketing in the crypto space.
Also Intelisync, our cutting-edge service designed to streamline and optimize your marketing efforts, leveraging data-driven insights and innovative strategies to drive growth and visibility for your project.
With a data-driven approach, transparent communication, and a commitment to excellence, InteliSync is your trusted partner for driving meaningful impact in the fast-paced world of Web3. Contact us today to learn more and embark on a journey to crypto marketing mastery!
Ready to elevate your Web3 project to new heights? Contact InteliSync now and unleash the full potential of your crypto venture!
Best Crypto Marketing Ideas to Lead Your Project to Success
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
1. SBA 8a and Hubzone Certified Company
SBA WOSB and EDWOSB Company
MDOT MBE, DBE, SBE Company
GSA IT 70 Schedule Holder: GS35F329DA
Track 3: Guide to Sustaining A Cyber Workforce
Likia T. Hawkins, CEO/President
2. Outline
Presenter’s Biography
Agenda and Purpose
Message from Small Business Administration
Importance of Sustaining An Informed Cyber Workforce
Threats
Trends
Drivers
Challenges to Maintaining An Informed Cyber Workforce
Challenges
Resources Available to Sustain Your Cyber Workforce
Culture
Operations
Budget
Technology
References
Questions/Comments
2
3. Presenter’s Biography
Ms. Hawkins is an entrepreneur with over
20 years of experience supporting the
Department of Defense and Intelligence Community.
Occupation: CEO and President of Steel Point
Solutions, LLC,
Education: Master of Business Administration (MBA)
with a specialization in Technology Management and
Bachelor of Science in Information Sciences and Systems
Active Industry Certifications: PMI Program Management
Professional (PMP), ISC2 as a Certified Information Systems
Security Professional CISSP) and ISACA Certified Information
Security Manager (CISM).
Government/Corporate Certifications: Certified Systems Design Security Officer
(SDSO), IBM Certified Senior Project Manager, and IBM Certified Consultant
Alma Mater: University of Phoenix and Morgan State University
Spouse: Michael Hawkins
3
4. 4
Agenda and Purpose
Deployment and operation of an effective cyber security
program that enables the continuous secure operations of
mission and business systems requires an educated workforce
equipped with the knowledge and experience required to
detect, identify, mitigate, and respond to threats and/or
incidents. The cyber security presentation focuses on cost-
effective strategies, tools and resources available to small
business to offset the costs of implementing a sustainable
cyber security practice.
Information
Assurance
Symposium Track 3
• Presenter: Likia T.
Hawkins
• Target Audience: Small
Government
Contracting Firms
• Presentation Level:
Introductory
• Length: 1 hour
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
5. Message from Small Business Administration
Cybersecurity Message
from SBA
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
6. 6
Importance of Sustaining An Informed Cyber Workforce
Threats: Demonstrated
intent to harm an asset or
cause it to become available
• Estimated Global Cost of Cyber
Crime Against Businesses is
between $445 - $450 Billion
every year with theft of
intellectual property exceeding
$160 Billion loss to individuals
• 68% of small business reported
being a cybervictim more than
once
• 43% of attacks targeted
businesses with less than 250
employees as of 2015
• 60% of businesses attacked go
out of business
Opportunities
BLUF: Easy target
• Growth of web apps and
mobile platforms
• Careless or intentional
actions by individuals
• Misconfiguration
and control of
network devices
• Security Gap
• Priority given to
operations and higher
priority financial needs
1
Means, Opportunities, and Motives
Means
BLUF: Access to resources
to initiate cyber attack
• Availability of pre-
packaged scripts
• Easy access and
availability of data to
conduct cyber attack
(e.g., bank records,
employee data)
• Access to back door to
large organizations
Motives
BLUF: Vary Among threat
Actors
• Personal/Financial Gain
• Political Gain
• Discrediting Organization
• Sabotage
• Denial or Degradation
• Ideology and Grudge
• Fun
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
7. Importance of Sustaining An Informed Cyber Workforce
2016 Data Breaches and Investigations Research
Source: Verizon’s 2017 Data Breach Investigation Report 4/28/17
7
Trending in Wrong Direction
• Avg Cost of Cybercrime
Incident: $15.4M
• # of Successful Attacks:
Increased 46% in past 4 yrs.
• Recovery Time: Can take up to
46 days for a company to
resolve incident up from 14 days
in 2010
Cyber Security Trends:
Collective view from global
experts on direction of data
breaches and technology
disruption that may impact
particular direction
2
Attack Methods Evolution
• Increased sophistication in
phising and hacking schemes
• Commoditization of Attacks
• Simplification and Ease of Use
Scripts
• Ongoing & Persistent Use of
Small Business As Entry
Points into Large Businesses
Cybercrime Costs Vary
• Smaller orgs experienced higher
proportion of cyber crime costs
related to malware, web-based
attacks and phising/social
engineering
• Larger orgs experienced higher costs
related to denial of services,
malicious insiders, and stolen devices
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
8. Importance of Sustaining An Informed Cyber Workforce
8
Trending in Wrong Direction
• Avg Cost of Cybercrime
Incident: $15.4M
• # of Successful Attacks:
Increased 46% in past 4 yrs.
• Recovery Time: Can take up to
46 days for a company to
resolve incident up from 14 days
in 2010
Cyber Security Trends:
Collective view from global
experts on direction of data
breaches and technology
disruption that may impact
particular direction
2
Attack Methods Evolution
• Increased sophistication in
phising and hacking schemes
• Commoditization of Attacks
• Simplification and Ease of Use
Scripts
• Ongoing & Persistent Use of Small
Business As Entry Points
into Large Businesses
Cybercrime Costs Vary
• Smaller orgs experienced higher
proportion of cyber crime costs
related to malware, web-based
attacks and phising/social
engineering
• Larger orgs experienced higher costs
related to denial of services,
malicious insiders, and stolen devices
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
9. Importance of Sustaining An Informed Cyber Workforce
9
Trending in Wrong Direction
• Avg Cost of Cybercrime
Incident: $15.4M
• # of Successful Attacks:
Increased 46% in past 4 yrs.
• Recovery Time: Can take up to
46 days for a company to
resolve incident up from 14 days
in 2010
Cyber Security Trends:
Collective view from global
experts on direction of data
breaches and technology
disruption that may impact
particular direction
2
Attack Methods Evolution
• Increased sophistication in
phising and hacking schemes
• Commoditization of Attacks
• Simplification and Ease of Use
Scripts
• Ongoing & Persistent Use of
Small Business As Entry Points
into Large Businesses
Cybercrime Costs Vary
• Smaller orgs experienced
higher proportion of cyber crime costs
related to malware, web-based
attacks and phising/social
engineering
• Larger orgs experienced higher costs related to
denial of services, malicious
insiders, and stolen devices
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
10. Importance of Sustaining An Informed Cyber Workforce
10
Trending in Wrong
Direction
• Avg Cost of Cybercrime
Incident Up: $15.4M
• # of Successful Attacks:
Increased: 46% in past 4 yrs.
• Recovery Time Up: Can take
up to 46 days for a company to resolve
incident up from 14 days in 2010
Cyber Security Trends:
Collective view from global
experts on direction of data
breaches and technology
disruption that may impact
particular direction
2
Attack Methods Evolution
• Increased sophistication in
phising and hacking schemes
• Commoditization of Attacks
• Simplification and Ease of Use
Scripts
• Ongoing & Persistent Use of
Small Business As Entry Points
into Large Businesses
Cybercrime Costs Vary
• Smaller orgs experienced higher
proportion of cyber crime costs
related to malware, web-based
attacks and phising/social
engineering
• Larger orgs experienced higher costs
related to denial of services,
malicious insiders, and stolen devices
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
11. Importance of Sustaining An Informed Cyber Workforce
11
Business Drivers: Resource,
process or condition that is vital
for the continued success and
growth of a business
3 1. Comply with Federal and State regulations and laws (e.g, HIPAA, NISPOM)
2. Reduce/minimize operational cybersecurity related costs
3. Reduce/minimize revenue/sales losses
4. Maintain/increase client base
5. Maintain/increase reputation
6. Sustained Cybersecurity Awareness
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
12. Challenges to Maintaining An Informed Cyber Workforce
12
Business Challenges: Tackling
cybersecurity is one of the most
serious economic challenges
confronting businesses of all sizes.
Protection of intellectual
property, business and personal
data requires:
1. Cybersecurity Strategy
2. Executive Commitment
3. Informed and Trained
Resources
4. Standardized Processes
5. Cyber Focused Mindset
4
Culture
OperationsBudget
Technology
• Balance Cyber Needs
• Touch Budget Priorities
• Alignment with
Operational Needs
• Executive Buy-In
• Active Involvement
• Commitment of
Resources
• Business Operation
Integration
• Policies
• Standardize
Processes (e.g.,
mobile plan,
personal laptop
usage)
• Comprehensive
Plan
• Addresses On and
off premise
Control required
to incorporates
Mission Critical
Data
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
13. Challenges to Maintaining An Informed Cyber Workforce
13
Business Challenges: Tackling
cybersecurity is one of the most
serious economic challenges
confronting businesses.
Protection of intellectual
property, business and personal
data requires:
1. Cybersecurity Strategy
2. Executive Commitment
3. Informed and Trained
Resources
4. Standardized Processes
5. Cyber Focused Mindset
4
Executive and director commitment to reporting, allocation of
resources and aligning cybersecurity priorities with business
objectives and how it will be implemented at the strategic, tactical
and operational level
Creation/development and maintenance of plans, policies, and
processes that enables an understanding of how cybersecurity
will be integrated into overarching business operations to
achieve minimal disruption in the event of a cyber attack
Commitment of corporate resources required to fund initiatives
required to protect critical and personal data, and minimizes
disruption
Comprehensive and living plan that aligns technical and physical
controls to critical and personal data, annual audits, roles and
responsibilities, insider threat, and escalation procedures
Culture
Operations
Technology
Budget
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
14. Resources Available to Sustain Your Cyber Workforce
5
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
TakeChargeandAct
• CEO
Engagement
• Prioritize Data
Protection
• Develop
cybersecurity
strategy
• Create Cultural
View as
Cybersecurity as
a Shared
Responsibility
• Treat
cybersecurity as
revenue enabler
not business
expense
MakeEveryoneAccountable
• Set Clear
Expectations
for Your
Employees
related to
protecting
business, client
and personal
data
• Foster
environment
that encourages
honesty and
open dialogue
• Conduct spot
checks
TrainandReinforce
• Make Security
Awareness a
part of new hire
training
• Leverage
educational
resources
• Repeat and
frequency
• Visual Aid
Reinforcement
• Set milestones
and reward
incentives for
exceptional
compliance
CheckYourDefenses
• Adopt Schedule
for testing
operational IT
practices
• Be Willing to
Implement
Vendor Tools
• Audit Controls
• Develop Plan of
Actions and
Milestones
• Measure
progress
• Accountability
14
Culture
Budget
Technology
Operations
A Culture of
Cybersecurity:
Occurs from
within
and is the sum of
your organization’s
commitment and
willingness to:
1. Take Charge
And Act
2. Hold Everyone
Accountable
3. Train &
Reinforce
4. Check Defenses
15. Resources Available to Sustain Your Cyber Workforce
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
Operations
• Conduct semi-annual review of Federal and State Legislation, Laws and
Policies
• Align Cybersecurity Strategic Plan with guidelines and industry standards and
best practices developed by private and public sector
• Create cybersecurity policies that align with risk level and data seeking to
protect
• Includes Data, Mobile, and Personal Laptop , Email, Internet Usage, Social
Media, Risks, Incidents, and Insider Threat policies
• Align with Cybersecurity Plan to Policies, and Policies to Corporate Processes
• Validate performance against plan, policy and processes, and update as needed
15
Culture
Budget
Technology
Operations
Integration of Cybersecurity
into Business Operations
involves:
1. Well defined corporate
cybersecurity plan that
aligns policies and
processes to industry
standards and best
practices
2. Innovative approach to
enhancing security posture
of your systems and data
3. HR practices that educate
employees about cyber
threats while holding them
accountable for complying
with the organization’s
cybersecurity policies
and procedures.
6
16. Resources Available to Sustain Your Cyber Workforce
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
Technology
• Develop IT SW/HW baselines
• Maintain CM Control of SW/HW Baseline
• Keep IT SW & HW baselines current
• Audit IT SW & HW compliance against Policies & Processes
• Develop Plan of Actions & Milestones (POA&M’s)
• Report and monitor POA&M corrective action plan progress
• Assess IT Requirements on semi or annual basis
• Be open and willing to implement vendor tools
• Review cybersecurity controls of vendor to ensure functionality aligns with
cybersecurity plan and processes
16
Culture
Budget
Technology
Operations
Integration of Cybersecurity
into Business Operations
involves:
1. Well defined corporate
cybersecurity plan that
aligns policies and
processes to industry
standards and best
practices
2. Innovative approach to
enhancing security posture
of your systems and data
3. HR practices that educate
employees about cyber
threats while holding them
accountable for complying
with the organization’s
cybersecurity policies
and procedures.
6
17. Resources Available to Sustain Your Cyber Workforce
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
Workforce
• Establish security roles and responsibilities (e.g., clearly identify company data
ownership, employee roles for security oversight, and inherit privileges)
• Add as line item to employees job description
• Integrate into yearly/semi-annual perf. evaluations
• Workforce training principles incorporates topics such as How to Handle
Critical and Personal Data, Self-Reporting and How to Respond to Incidents
• Incorporated into ne hire security briefing
• Spells out penalties for violating policies
• Use Visual Cues to Reinforce Cybersecurity Practices
• Conducted on a semi-annual and annual basis
• Reviewed on an annual basis to ensure topics are relevant and continue to align
with organization’s policies, programs and processes
17
Culture
Budget
Technology
Operations
Integration of Cybersecurity
into Business Operations
involves:
1. Well defined corporate
cybersecurity plan that
aligns policies and
processes to industry
standards and best
practices
2. Innovative approach to
enhancing security posture
of your systems and data
3. HR practices that educate
employees about cyber
threats while holding them
accountable for complying
with the organization’s
cybersecurity policies
and procedures.
6
18. Resources Available to Sustain Your Cyber Workforce
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
Operations
• Business Operations Director or Manager should develop and evaluate on a yearly
basis its cybersecurity budget that aligns the organization’s policies, programs, and
processes
• Should be feasible and realistic
• Aligns to level of risk the organization is willing to accept and type of data it is
seeking to protect
• Sufficient funding to maintain a governance structure
• Includes line item to fund for workforce training, securing the infrastructure, system
testing and evaluation, system upgrades, facility security and perhaps, cybersecurity
insurance
• Presented and approved by Owner, CEO, or Partners
18
Culture
Budget
Technology
Operations
Budget:
Businesses
seeking
to reduce the
likelihood of a cyber
attack should weigh
the decision of adding
budget line items
that provides resources
to integrate
cybersecurity into:
1. Operations
2. Technology
3. Workforce
7
19. Resources Available to Sustain Your Cyber Workforce
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
Technology
• IT Director or Manager should develop and evaluate on a yearly bases its
cybersecurity budget that aligns to the organization’s policies, programs and
processes.
• Should be feasible and realistic
• Based on controls required to protect, defend, respond, and/or mitigate attacks
• Should include funds required to upgrade and/or
1. IT SW
2. IT Hardware
• Include line items that will employ layered defense strategy such as: web filtering
software, antivirus signature protection, proactive malware protection, firewalls,
intrusion detection systems, and border routers, and monitoring
• Presented and approved by COO or Operation’s Director
19
Culture
Budget
Technology
Operations
Budget:
Businesses seeking
to reduce the
likelihood of a cyber
attack should weigh
the decision of adding
budget line items
that provides
resources to integrate
cybersecurity into:
1. Operations
2. Technology
3. Workforce
7
20. Resources Available to Sustain Your Cyber Workforce
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
Workforce
• Human Resource Director or Manager should work with Operations and IT
Director and Manager to develop and evaluate on a yearly bases its cybersecurity
budget that aligns to the organization’s policies, programs and processes.
• Should be feasible and realistic
• Reinforce policies outlined in organization’s employee handbook and client
agreements
• Include line items that will: reinforce and train workforce and perform background
checks and credentialing.
• Presented and approved by COO or Operation’s Director
20
Culture
Budget
Technology
Operations
Budget:
Businesses
seeking
to reduce the
likelihood of a cyber
attack should weigh
the decision of adding
budget line items
that provides resources
to integrate
cybersecurity into:
1. Operations
2. Technology
3. Workforce
7
21. Resources Available to Sustain Your Cyber Workforce
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
Executives&Management
Purpose: Provide senior executives and management personnel with tools and
techniques required to understand, assess, and define the organization’s
cybersecurity policies, programs and processes to protect against threats and
vulnerabilities
Objectives:
1. Support development of cybersecurity policy, program, and processes
2.Ensure you understand the role an effective cybersecurity plan plays in your
business,
3. How to apply government to ensure reduce exposure for your organization and
yourself.
Training Resources:
•SBA Cybersecurity
•Stop. Think. Connect. Small Business Resources
•Security Awareness Visual Aides
21
Culture
Budget
Technology
Operations
Technology:
Reinforcement of
sound cybersecurity
practices requires
reinforcement of
organizations policies,
processes, and tools.
Education should be
Training should be
customized based on
the audience’s role in their
organization at
a high-level this
should include Executives
& Management,
Implementers, and the
Workforce
8
22. Resources Available to Sustain Your Cyber Workforce
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
Implementers
Purpose: Provide implementers with the knowledge, tools and techniques to
properly analyze, assess, select and deploy appropriate technologies required
to enhance security posture and protect organization’s sensitive data.
Objectives:
1.Identify Risks
2.Analyze and Assess Cybersecurity Threats and Vulnerabilities
3.Understand Attack Vectors and Countermeasures
4.Configure & Deploy Countermeasures
5. Assess countermeasures
Training Resources:
• SBA Cybersecurity
• National Cybersecurity and Communications Integration Center
• Compliance Resources on Protecting Sensitive Data
22
Culture
Budget
Technology
Operations
Technology:
Reinforcement of
sound cybersecurity
practices requires
reinforcement of
organizations policies,
processes, and tools.
Education should be
Training should be
customized based on
the audience’s role in their
organization at
a high-level this
should include Executives
& Management,
Implementers, and the
Workforce
8
23. Resources Available to Sustain Your Cyber Workforce
Key
Trends
Industry
Drivers
Threats Challenges
1 2 3 4
Culture Operations TechnologyBudget
7 85 6
Workforce
Purpose: Reinforce and educate on your workforce on the policies, processes,
and program in place to increase the organization’s cybersecurity security posture
Objectives:
1. Educate workforce on cybersecurity policies, program, and processes
2. Offer common language for workforce
3. Increase situational awareness
4. Increase
Training Resources:
• Corporate Employee Handbook
• Corporate Security Awareness Briefing
• SBA Cybersecurity
• Cybersecurity Workforce Framework
• Online Training Vendors (Cybrary.it)
• SANS Cyber Aces Online
23
Culture
Budget
Technology
Operations
Technology:
Reinforcement of
sound cybersecurity
practices requires
reinforcement of
organizations policies,
processes, and tools.
Education should be
Training should be
customized based on
the audience’s role in their
organization at
a high-level this
should include Executives
& Management,
Implementers, and the
Workforce
8
24. References
1. Cybersecurity In the Workplace Is Everybody’s Business, 10/11/16, Homeinsurance.com:
http://www.nasdaq.com/article/cybersecurity-in-the-workplace-is-everybodys-business-cm691804, May 4, 2017
2. Verizon’s 2017 Data Breach Investigation Report 4/28/17, https://insidecybersecurity.com/document/verizons-2017-data-breach-
investigation-report, May 4, 2017
3. Threats, Vulnerabilities and Exploits – oh my!, ICANN, 10 August 15. https://www.icann.org/news/blog/threats-vulnerabilities-and-
exploits-oh-my, May 4, 2017
4. 10 cyber security trends to look out for in 2017, Information Age, http://www.information-age.com/10-cyber-security-trends-look-
2017-123463680/
5. The Top 17 Security Predictions for 2017: Government Technology, January 8, 2017: http://www.govtech.com/blogs/lohrmann-on-
cybersecurity/the-top-17-security-predictions-for-2017.html
6. Tutorial 1: The Impact of Cybercrime on Small Business, https://www.sbir.gov/tutorials/cyber-security/tutorial-1#, May 4, 2017
7. National Conference of State Legislature: http://www.ncsl.org/research/telecommunications-and-information-
technology/cybersecurity-legislation-2016.aspx, May 5, 2017
8. Ponemon.org, 2016 Cost of Cyber Crime Study & the Risk of Business Innovation,
http://www.ponemon.org/local/upload/file/2016%20HPE%20CCC%20GLOBAL%20REPORT%20FINAL%203.pdf, May 5, 2017
9. The new economics of cybercrime by Mahmood Sher-Jan, 2 November 2015 http://www.isaca.org/cyber/cyber-security-
articles/pages/the-new-economics-of-cybercrime.aspx, May 7, 2017
10. Meeting the cybersecurity challenge by James Kaplan, Shantnu Sharma, and Allen Weinberg, http://www.mckinsey.com/business-
functions/digital-mckinsey/our-insights/meeting-the-cybersecurity-challenge, May 7, 2017
11. Ten Cyber security Strategies, FCC,
https://www.uschamber.com/sites/default/files/legacy/issues/defense/files/10_CYBER_Strategies_for_Small_Biz.pdf, May 7, 2017
12. FTC Issues Cybersecurity Guidance for Small Businesses, May 10, 2017, Insider Cybersecurity.com,
https://insidecybersecurity.com/daily-briefs/ftc-issues-cybersecurity-guidance-small-businesses, May 11, 2017
13. Small Business Computer Security Basics, FTC.gov, https://www.ftc.gov/tips-advice/business-center/guidance/small-business-
computer-security-basics, May 11, 2017
14. FCC Cyber Security Planning Guide,FCC,
https://www.dhs.gov/sites/default/files/publications/FCC%20Cybersecurity%20Planning%20Guide_1.pdf, May 11, 2017
15. Small Business Cyber Security Guide, University of Southern Maine, Maine Cyber Security Cluster, Cyber Security Organization,
24