hi mss cyb e rse c urity co mmunity spo nso r
play

HI MSS Cyb e rse c urity Co mmunity Spo nso r 1 Se c urity F unda - PowerPoint PPT Presentation

Apr 07, 2024 •349 likes •542 views

HI MSS Cyb e rse c urity Co mmunity Spo nso r 1 Se c urity F unda me nta ls b a se d o n the NI ST Cyb e rse c urity F ra me wo rk 01.23.2020 Speaker I ntr oduction Ric k Spatafor e CPHI MS, GI SP, GCI H, HCI SPP Ma na g e r,

  1. HI MSS Cyb e rse c urity Co mmunity Spo nso r 1

  2. Se c urity F unda me nta ls b a se d o n the NI ST Cyb e rse c urity F ra me wo rk 01.23.2020

  3. Speaker I ntr oduction Ric k Spatafor e CPHI MS, GI SP, GCI H, HCI SPP Ma na g e r, Adviso ry Se rvic e s with Se ntine l T e c hno lo g ie s 15 ye a rs He a lthc a re I T 15 ye a rs c yb e rse c urity & c o mplia nc e 25 ye a rs in te c hno lo g y 3

  4. What ar e c ybe r se c ur ity fundame ntals? 4

  5. Se c ur ity Data & Re se ar c h 5

  6. Atta c ks a re o n the rise (2017, 2018, 2019) • 2017-2018 inc lude d a sma ll inc re a se in b re a c he s • Da ta e xpo se d triple d ye a r o ve r ye a r Ra nso mwa re will c o ntinue AI wa s o ne o f the to p pre dic tio ns fo r 2019 • AI is a g a in a to p pre dic tio n fo r 2020 Clo ud mig ra tio n will inc re a se se c urity risk Clo ud se c urity is no t ma ture Se c ur ity Postur e 6

  7. Threats Resources Capabilities Se c ur ity is no t o ne size fits all 7

  8. Cybe r Kill Chain - Anatomy of an Attac k Re c onnaissanc e – r e se ar c h, ide ntify and se le c t tar ge ts c ommon use of we b site s, soc ial me dia, e ve nt listings, por t sc ans We aponization – pair ing ac c e ss to malwar e with de live r able payload (e .g. Adobe PDF , Mic r osoft Offic e F ile s) De live r y – tr ansmission of we apon to tar ge t (e .g. via e mail, attac hme nts, we bsite s, USB or othe r physic al me dia E xploitation – Onc e de live r e d, the we apon’s c ode is tr igge r e d e xploiting vulne r able applic ations or syste ms Installation – Onc e de live r e d the we apon’s c ode is tr igge r e d, e xploiting vulne r able applic ations or syste ms Command & Contr ol – Outside se r ve r c ommunic ate s with the we apons pr oviding ac c e ss inside the tar ge t’s ne twor k Ac tions on Obje c tive s – Attac ke r wor ks to ac hie ve the obje c tive of the intr usion – e xfiltr ation, data de str uc tion, or intr usion of anothe r tar ge t 8

  9. NIST Cybe r Se c ur ity F r ame wor k IDE NT IF Y PROT E CT DE T E CT RE SPOND RE COVE R Asse t Ma na g e me nt Id e ntity Ma na g e me nt Ano ma lie s a nd E ve nts Re spo nse Pla nning Re c o ve ry Pla nning Busine ss E nviro nme nt Ac c e ss Co ntro l Se c urity Co ntinuo us Co mmunic a tio ns Impro ve me nts Go ve rna nc e Awa re ne ss & T ra ining Mo nito ring Ana lysis Co mmunic a tio ns Risk Asse ssme nt Da ta Se c urity De te c tio n Pro c e ss Mitig a tio n Risk Ma na g e me nt Pro c e ss & Pro c e d ure s Impro ve me nts Supply Cha in Risk Ma inte na nc e Ma na g e me nt Pro te c tive T e c hno lo g y 9

  10. NIST CSF : Ide ntify Identify Asset Management ID.AM-1 ID.AM-1 : Physical devices and systems within the organization are inventoried ID.AM-2 ID.AM-2: Software platforms and applications within the organization are inventoried ID.AM-3 ID.AM-3 : Organizational communication and data flows are mapped 10

  11. NIST CSF : Ide ntify 11

  12. Protect Identity Management, Authentication and Access Control PR.AC-1 PR.AC-1: Identities and credentials are managed for authorized devices and users PR.AC-4: Access permissions are managed, incorporating the principles of least privilege PR.AC-4 and separation of duties PR.AC-7: Users, devices, and other assets are authenticated (e.g., single-factor, multi-factor) PR.AC-7 commensurate with the risk of the transaction (e.g., individuals’ security and privacy risks and other organizational risks) (1.1) NIST CSF : Prote c t Dig ita l E nro llme nt & Authe ntic a tio n & F e de ra tio n & I de ntity I de ntity L ife c yc le Asse rtio n Guide line s Pro o fing Ma na g e me nt 12

  13. Password: x Password: Locu$t0% Passphrase: I like to vacation in Hawaii! 13

  14. NIST CSF : Prote c t 14

  15. NIST CSF : Prote c t Information Protection, Processes & Procedures PR.IP-1: A baseline configuration of information technology/industrial control systems is PR.IP-1 created and maintained (e.g. concept of least functionality) PR.IP-2 PR.IP-2: A System Development Life Cycle to manage systems is implemented PR.IP-12 PR.IP-12: A vulnerability management plan is developed and implemented PR.PT-3: The principle of least functionality is incorporated by configuring systems to PR.PT-3 provide only essential capabilities (1.1) 15

  16. Protect Information Protection, Processes & Procedures PR.IP-12 PR.IP-12: A vulnerability management plan is developed and implemented Detect Security Continuous Monitoring NIST CSF : DE.CM-8 DE.CM-8: Vulnerability scans are performed Prote c t & De te c t 16

  17. NIST Cybe r se c ur ity F r ame wor k 17

  18. Q&A C o n ta c t In fo rm a tio n : Ric k Spa ta fore Ma na g e r, Advisory Se rvic e s Se ntine l T e c hnolog ie s Offic e : 630.786.8062 rspa ta fore @se ntine l.c om 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Qua il L a ke s Co mmunity Pa re nt/ Co mmunity Pre se nta tio n Oc to b e r 16, 2019 L a ke

Qua il L a ke s Co mmunity Pa re nt/ Co mmunity Pre se nta tio n Oc to b e r 16, 2019 L a ke

New E lementar y Sc hool Qua il L a ke s Co mmunity Pa re nt/ Co mmunity Pre se nta tio n Oc to b e r 16, 2019 L a ke vie w Asse mb ly / Qua il L a ke s 2 E le me nta ry Sc ho o l* Visio n Qua il L a ke s sub -divisio n wa s de

508 views • 18 slides
Ho spita ls & Co mmunity Be ne fit Bring ing he a lth c a pa c ity to the c o mmunity thro

Ho spita ls & Co mmunity Be ne fit Bring ing he a lth c a pa c ity to the c o mmunity thro

9/ 22/ 2015 Ho spita ls & Co mmunity Be ne fit Bring ing he a lth c a pa c ity to the c o mmunity thro ug h pa rtne rships, c o a litio ns a nd ho spita l T he Co mmunity Be ne fit Pro g ra ms o f Me rc y He a lth c o mmunity b e ne

283 views • 17 slides
SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen

SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen

SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen Operations Support Manager Western Area Power Administration Sub Substation Ne station Netwo twork rk Sec Security urity Tyler Stinson

627 views • 13 slides
F UL L E R MI DDL E SCHOOL F E ASI BI L I T Y ST UDY Co mmunity F o rum 5 June

F UL L E R MI DDL E SCHOOL F E ASI BI L I T Y ST UDY Co mmunity F o rum 5 June

F UL L E R MI DDL E SCHOOL F E ASI BI L I T Y ST UDY Co mmunity F o rum 5 June 11, 2018 PROJECT MANAGEMENT SMMA Ag e nda Brie f Re c a p fro m Co mmunity Me e ting s 1- 4 1. I ntro duc tio ns 2. Sc o pe , Pro c e ss, a nd Sc

450 views • 43 slides
Sa Safe fety ty an and S d Sec ecurity urity Pr Proj oject ect Upd pdat ate Ralph

Sa Safe fety ty an and S d Sec ecurity urity Pr Proj oject ect Upd pdat ate Ralph

Sa Safe fety ty an and S d Sec ecurity urity Pr Proj oject ect Upd pdat ate Ralph McKinney Chief Safety and Security Officer Saf afety ety an and S d Sec ecur urity ity Req equi uire remen ments ts fo for Ma Majo jor r

255 views • 12 slides
Cl Clien ient-side side sec ecurity urity ri risk sks s esp. . HTML TML injection

Cl Clien ient-side side sec ecurity urity ri risk sks s esp. . HTML TML injection

Web b Securi urity ty Cl Clien ient-side side sec ecurity urity ri risk sks s esp. . HTML TML injection jection and nd XSS SS (Cross oss Si Site te Sc Scripting ipting) 1 Last week malicious input brow owser ser web

844 views • 67 slides
Challe nge s and o ppo r tunitie s T ar a Bar auskas, E xe c utive Dir e c tor Co mmunity

Challe nge s and o ppo r tunitie s T ar a Bar auskas, E xe c utive Dir e c tor Co mmunity

Affor dable housing pr oduc tion in Santa Monic a Challe nge s and o ppo r tunitie s T ar a Bar auskas, E xe c utive Dir e c tor Co mmunity Co rp o f Sa nta Mo nic a Co mmunity Co rpo ra tio n o f Sa nta Mo nic a E sta b lishe

405 views • 16 slides
We I nne r Co nne c t Yo u With Yo ur Co mmunity Who We Are : At I nne r-So l, I

We I nne r Co nne c t Yo u With Yo ur Co mmunity Who We Are : At I nne r-So l, I

We I nne r Co nne c t Yo u With Yo ur Co mmunity Who We Are : At I nne r-So l, I nc . we c a re a b o ut the E nviro nme nt, the E a rth a nd its pe o ple . Our missio n is to pro vide e ffic ie nt so la r e ne rg y a nd re

350 views • 16 slides
Sc hool Site Sc hool Site Sa fe ty a nd Sa fe ty a nd Se c urity Se c urity Crime Pre ve

Sc hool Site Sc hool Site Sa fe ty a nd Sa fe ty a nd Se c urity Se c urity Crime Pre ve

Sc hool Site Sc hool Site Sa fe ty a nd Sa fe ty a nd Se c urity Se c urity Crime Pre ve ntio n T Crime Pre ve ntio n T hro ug h E hro ug h E nviro nme nta l De sig n nviro nme nta l De sig n a nd Othe r Sa fe ty Me a sure Co nside ra

566 views • 40 slides
Co mmunity E ne rg y, Co o pe ra tive s a nd the Ge ne ra tio n o f L o c a l E ne rg y L o

Co mmunity E ne rg y, Co o pe ra tive s a nd the Ge ne ra tio n o f L o c a l E ne rg y L o

Co mmunity E ne rg y, Co o pe ra tive s a nd the Ge ne ra tio n o f L o c a l E ne rg y L o re le i Ha nso n, Atha b a sc a Unive rsity/ E ne rg y F uture s L a b / AB Gre e n E c o no my Ne two rk/ City o f E dmo nto n T ra nsitio

560 views • 40 slides
Spa c e Se c urity Susta ina bility zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA L e a

Spa c e Se c urity Susta ina bility zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA L e a

Spa c e Se c urity Susta ina bility zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA L e a ding the Wa y! Mo o re sto wn c o ntinue s to b e a t the to p o f the c ha rts Ac a de mic s, Athle tic s, the F ine a nd Pe rfo

115 views • 9 slides
Da ta Priva c y a nd Se c urity Ba sic s fo r E ve ry Busine sse s Se pte mb e r 11, 2013 Ag e

Da ta Priva c y a nd Se c urity Ba sic s fo r E ve ry Busine sse s Se pte mb e r 11, 2013 Ag e

Ba c k to Sc ho o l: Da ta Priva c y a nd Se c urity Ba sic s fo r E ve ry Busine sse s Se pte mb e r 11, 2013 Ag e nda Ove rvie w Co ntra c t Co nside ra tio ns Pa yme nts & Co lle c tio ns Me rg e rs & Ac q

373 views • 34 slides
F UL L E R MI DDL E SCHOOL F E ASI BI L I T Y ST UDY Co mmunity Wo rksho p # 1 No

F UL L E R MI DDL E SCHOOL F E ASI BI L I T Y ST UDY Co mmunity Wo rksho p # 1 No

F UL L E R MI DDL E SCHOOL F E ASI BI L I T Y ST UDY Co mmunity Wo rksho p # 1 No ve mb e r 13, 2017 PROJECT MANAGEMENT SMMA Ag e nda 1. I ntro duc tio ns 2. F e a sib ility Study Sc o pe 3. MSBA Pro c e ss a nd Sc he dule

360 views • 35 slides
2016 Syste m Se c urity Upda te Surviving a nd Sta ying sa fe in a c o nne c te d wo rld.

2016 Syste m Se c urity Upda te Surviving a nd Sta ying sa fe in a c o nne c te d wo rld.

2016 Syste m Se c urity Upda te Surviving a nd Sta ying sa fe in a c o nne c te d wo rld. Jim Hutc hins So uth So und I T Olympia , WA 866.827.9889 T o da y Curre nt T hre a ts Pre ve ntio n Mitig a tio n Re c o ve ry

514 views • 24 slides
Multiple Sc le ro sis At Ho me Ac c e ss (MAHA): Ca re I nto Co mmunity K AT HL E E N

Multiple Sc le ro sis At Ho me Ac c e ss (MAHA): Ca re I nto Co mmunity K AT HL E E N

Multiple Sc le ro sis At Ho me Ac c e ss (MAHA): Ca re I nto Co mmunity K AT HL E E N HE AL E Y ARNP, PHD ASSI ST ANT PROF E SSOR, MUL T I PL E SCL E ROSI S PROGRAM DE PART ME NT OF NE UROL OGI CAL SCI E NCE

353 views • 11 slides
Me rg e r with Co mmunity Ba nk F e b rua ry 26, 2018 c b b a nk.c o m F o rwa rd L o o king

Me rg e r with Co mmunity Ba nk F e b rua ry 26, 2018 c b b a nk.c o m F o rwa rd L o o king

Me rg e r with Co mmunity Ba nk F e b rua ry 26, 2018 c b b a nk.c o m F o rwa rd L o o king Sta te me nts Certain matters set forth herein (including the exhibits hereto) constitute forward-looking statements within the meaning of the

732 views • 25 slides
Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal

Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal

Constraints in Role-Based Access Control Jason Crampton Information Security Group, Royal Holloway University of London jason.crampton@rhul.ac.uk www.isg.rhul.ac.uk/~jason Outline Introduction Separation of duty Role-based

482 views • 14 slides
Access Control Enforcement Access Control Enforcement for Conversation- -based based for

Access Control Enforcement Access Control Enforcement for Conversation- -based based for

The Cyber Center The Cyber Center Access Control Enforcement Access Control Enforcement for Conversation- -based based for Conversation Web Services Web Services Massimo Mecella * Mourad Ouzzani Univ. Roma LA SAPIENZA, Italy Purdue

375 views • 26 slides
Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1

Operating System Security CS 111 Operating Systems Peter Reiher Lecture 17 CS 111 Page 1 Fall 2015 Outline Basic concepts in computer security Design principles for security Important security tools for operating systems

1.15k views • 64 slides
CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco

CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco

CS 683 - Security and Privacy Fall 2019 Instructor: Karim Eldefrawy University of San Francisco http://www.cs.usfca.edu/~keldefrawy/teaching /fall2019/cs683/cs683_main.htm 1 Le Lecture 14 14 Access Control 2 Recall: Secu curity Service

943 views • 33 slides
computation may someday be organized as a public utility John McCarthy, 1960 2

computation may someday be organized as a public utility John McCarthy, 1960 2

Security and Cloud Computing computation may someday be organized as a public utility John McCarthy, 1960 2 How did we get here? Security and Cloud Computing 3 What Is Cloud Computing? On-demand self-service Add or

603 views • 27 slides
CS 4803 Before we begin, some design principles Computer and Network Security Alexandra

CS 4803 Before we begin, some design principles Computer and Network Security Alexandra

Access to general objects Memory protection is only one example Need a way to protect more general objects CS 4803 Before we begin, some design principles Computer and Network Security Alexandra (Sasha) Boldyreva More on access

837 views • 7 slides
Identity & Access Management in an Academic Environment Webinar May 17, 2018 Johan Lidros

Identity & Access Management in an Academic Environment Webinar May 17, 2018 Johan Lidros

Identity & Access Management in an Academic Environment Webinar May 17, 2018 Johan Lidros CISA, CISM, CGEIT, CRISC, HITRUST CCSFP, ITIL-F President Eminere Group 2 3 4 5 Presenter Johan Lidros, Founder and President of Eminere

901 views • 58 slides
Internet Identity and Access Control Dr Ken Klingenstein, Director, Middleware and Security,

Internet Identity and Access Control Dr Ken Klingenstein, Director, Middleware and Security,

Internet Identity and Access Control Dr Ken Klingenstein, Director, Middleware and Security, Internet2 Topics Whats happening/ impacts See lunch talk The Research Angle Researchers as users Security Researchers New

499 views • 10 slides

More recommend