cyber security
play

Cyber Security Mark Danaj City of Fremont ICMA Conference - PowerPoint PPT Presentation

Feb 23, 2024 •381 likes •619 views

Cyber Security Mark Danaj City of Fremont ICMA Conference Presenter Who am I? Why Am I Here? What will I accomplish? What can you learn from this presentation? Cyber Security Why is cyber security important? Who is

  1. Cyber Security Mark Danaj – City of Fremont ICMA Conference Presenter

  2. Who am I? • Why Am I Here? • What will I accomplish? • What can you learn from this presentation?

  3. Cyber Security • Why is cyber security important? • Who is responsible for cyber security? • What is the role of government?

  4. Did you know: More than 90% of successful breaches required only the most basic techniques. 1 • 96% of successful breaches could have been avoided if the victim had put in place • simple or intermediate controls. 1 75% of attacks use publicly known vulnerabilities in commercial software that • could be prevented by regular patching. 1 Outsiders were responsible for most breaches. 1 • 1 James A. Lewis, “Raising the Bar for Cybersecurity,” Center for Strategic & International Studies, February 12, 2013.

  5. Let’s take a closer look…

  6. Planning • Strong Policy and Governance • Data Discovery • Security Procedures • Compliance • Budget

  7. Operational Cyber Security Network Security Team Service Desk Technician (1FTE) • - Answer phones/emails review spam Network Engineer (1 FTE) • - Vulnerability Assessment (1 FTE) - Workstation and Servers - Email monitoring Network Engineer (1 FTE) • - Firewall Monitoring - Modify network/firewall/proxy rules - Wireless security Infrastructure Services Manager (1 FTE) • * Incident Response, Security Architecture, Penetration Tests

  8. Current State of Affairs  Government Sector

  9. What are the Problems? Solutions? • Wireless Access • Zero Day Malware • Mobile Devices • Spear Phishing • Cloud Computing • Hactivists • Social Media

  10. Wireless Access • Problem: – Wired network connections are costly, inconvenient and shrinking drastically. Wireless makes eavesdropping and unauthorized network access easier. • Solution(s): – Cisco Wireless Controller • Intrusion Prevention • Access Control – Authentication Server • Cisco ASA

  11. Mobile Devices • Problem: – Exponential growth drives exponential growth in security risks and data distribution • Solution(s): – Mobile Iron • Mobile Device Management – ForeScout • Access Control

  12. Cloud Computing • Problem: – The cloud is better, cheaper, faster, stronger. – Opportunities for data theft increase. • Solution(s): – Cyber security guidance • ISO 27001 (International Standards Organization) • NIST (National Institute for Standards and Technology) – Server certificates

  13. Social Media • Problem: – A profile or comment on a social media platform can be used to build very targeted attacks or another avenue of attack. • Solution(s): – Palo Alto Networks Firewall • Application Control – WebSense – Cyber Security Policy • Incidental Use / Guidance

  14. Zero Day Malware • Problem: – Software developers cannot patch faster than exploits are discovered • Solution(s): – Palo Alto’s Intrusion/ Detection Engine • Behavioral detection – Sophos

  15. Spear Phishing • Problem: – Persistent adversaries lure unsuspecting users into a cyber trap with relevant sounding (but malicious) emails • Solution(s): – Spam/Anti-virus Gateway * Sophos – Internet content filter * WebSense – User awareness training

  16. Hacktivists (latest criminal element) • Problem: – The act of breaking into computer systems for politically or socially motivated purposes is on the rise. • Solution(s): – Prevention • Palo Alto Firewall • ProofPoint mail gateway – Detection • Palo Alto Networks

  17. Future Initiatives • Two-Factor Authentication • Off-Site Disaster Recovery

  18. Questions/Comments? Additional Information… Mark Danaj – mdanaj@fremont.gov

  20. City of Fremont Cyber Footprint • City of Fremont, CA – ~833 Employees – ~960 computers • Primarily a Windows environment • Support client and web applications • Intranet/Internet access • ~30 Thousand emails received/month o Roughly 60% is spam

  21. The 10,000 foot view… http://www.nasa.gov/vision/earth/lookingatearth/NIGHTLIGHTS.html

  22. Attacked From Afar China's Cyber Thievery Is National Policy And Must Be Challenged January 27, 2012 (Mike McConnell, Michael Chertoff and William Lynn) “ Evidence indicates that China intends to help build its economy by intellectual-property theft rather than by innovation and investment in research and development (two strong suits of the U.S. economy). The nature of the Chinese economy offers a powerful motive to do so.” Source: Wall Street Journal, January 27, 2012, page A15

  23. Attacked From Within

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, MidAtlantic Region National Cyber Security Division (NCSD) Office of Cybersecurity and Communications

443 views • 20 slides
Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs ! 3 properties ... Confidentiality (including personal data) Integrity Availability 2 -Sminaire LIRIMA: Cyber security: current

876 views • 64 slides
2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor, Region VII Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD) FOUO / UNCLASS Cyber Security

333 views • 12 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview 1. What is at risk? 2. Global industry trends 3. BDO/AusCERT survey 4. Recent cyber case studies 5. Cyber risk mitigation strategies Page

481 views • 35 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence Service 05-10-2015 05-10-2015 Who are we? Centre for Cyber Security In respect of the Rule of Law and Privacy Cyber is a priority (Gov.

455 views • 18 slides
Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 Agenda for today Part I Latest security news Security vulnerabilities in Java

2.02k views • 185 slides
Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line DeepSec 2014, Vienna, 21 November 2014 NATO UNCLASSIFIED Cyber Security In NATO NATO in a nutshell: Collective defence Interoperable

666 views • 42 slides
Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector What I am Company utilities in the UK going to Water UK good practice cover NIS Directive Dr Jim Marshall, Senior Policy Advisor,

231 views • 4 slides
www.SNSTIPS.com Safe Computing / Networking Practices Computer should be placed in a common area

www.SNSTIPS.com Safe Computing / Networking Practices Computer should be placed in a common area

Parents Resource texted.ca netlingo.com thedoorsnotlocked.ca www.SNSTIPS.com Safe Computing / Networking Practices Computer should be placed in a common area in the home with easy access to everyone Facebook Settings 1) Secure ALL Your

88 views • 6 slides
Privately-held company founded in 1998 US Headquarters in New Jersey Global offices in USA,

Privately-held company founded in 1998 US Headquarters in New Jersey Global offices in USA,

Privately-held company founded in 1998 US Headquarters in New Jersey Global offices in USA, UK, China, India, Romania, Turkey, Japan and Ukraine 1400 employees (900 developers) Worldwide leader in SSL Security Internet Security

530 views • 35 slides
WORDPRESS Lesson 10.01 Administration Administration Maintaining your WordPress site is easy,

WORDPRESS Lesson 10.01 Administration Administration Maintaining your WordPress site is easy,

WORDPRESS Lesson 10.01 Administration Administration Maintaining your WordPress site is easy, and doesnt require a lot of time. In the next several slides, well discuss the various chores that are important in maintaining an error free

239 views • 10 slides
AT&T Small Business Survey Septembe 2007 September 2007 Objectives AT&Ts Small

AT&T Small Business Survey Septembe 2007 September 2007 Objectives AT&Ts Small

AT&T Small Business Survey Septembe 2007 September 2007 Objectives AT&Ts Small Business Group and AT&T Advertising and Publishing co-sponsored research to: Publishing co sponsored research to: Generate media coverage and

417 views • 39 slides
Welcome! Phishing And Ways To Combat It Phishing and ways to combat it Lance Bailey Systems

Welcome! Phishing And Ways To Combat It Phishing and ways to combat it Lance Bailey Systems

Conference 2018 Conference 2018 Welcome! Phishing And Ways To Combat It Phishing and ways to combat it Lance Bailey Systems Coordinator Genome Sciences Centre Don Devenney Information Technology Analyst Royal Roads University 2

222 views • 21 slides
FACT Fraud Awareness for Commercial Targets Practical Advice on How to Protect Your Business or

FACT Fraud Awareness for Commercial Targets Practical Advice on How to Protect Your Business or

FACT Fraud Awareness for Commercial Targets Practical Advice on How to Protect Your Business or Not-for-profit Organization Against Fraud FACT: What is Fraud Fraud Awareness Awareness for Commercial Targets Commercial Targets? The FACT

621 views • 22 slides
26 October 2012 The Manager Companies ASX Limited 20 Bridge Street Sydney NSW 2000 (16 pages

26 October 2012 The Manager Companies ASX Limited 20 Bridge Street Sydney NSW 2000 (16 pages

Level 2, 66 Hunter Street Sydney NSW 2000 Tel: (61-2) 9300 3344 Fax: (61-2) 9221 6333 E-mail: pnightingale@biotron.com.au Website: www.biotron.com.au 26 October 2012 The Manager Companies ASX Limited 20 Bridge Street Sydney NSW 2000

385 views • 16 slides
SD-WAN Today and Tomorrow Balancing Lower Cost & Greater Agility Against the Perceived

SD-WAN Today and Tomorrow Balancing Lower Cost & Greater Agility Against the Perceived

SD-WAN Today and Tomorrow Balancing Lower Cost & Greater Agility Against the Perceived Risks of the Public Internet by Joel Stradling, Research Director, Global Managed and Hosted IT Services June 5, 2017 The Evolution of Enterprise IT

133 views • 12 slides

More recommend