information technology security
play

Information Technology Security Presentation to Joint Legislative - PowerPoint PPT Presentation

Jan 27, 2023 •231 likes •353 views

Information Technology Security Presentation to Joint Legislative Committee on Information Technology Oversight Chip Moore State Chief Information Security Officer Office of Information Technology Services December 13, 2012 Introduction

  1. Information Technology Security Presentation to Joint Legislative Committee on Information Technology Oversight Chip Moore State Chief Information Security Officer Office of Information Technology Services December 13, 2012

  2. Introduction • Security adage: there are two kinds of organizations – Those that have been hacked – Those that don’t know they’ve been hacked • Attempts to steal or compromise data are constant, and hackers will probably get into your systems • Key issue is what have you done to protect your data and minimize the damage 2

  3. Outline • Threats – Entry points – Types of threats • Current themes in IT security • IT security in state government • Opportunities for improvement • Questions 3

  4. Cyber infrastructure • Internet Connections – Three (3) • Wide Area Network Connections ~3,700 • Exposed Servers (Web, Mail, Mainframe, Agency Applications >1,000) • PCs and laptops (~64,000) •Core Applications (Windows, Office, Adobe, anti-virus) •E-mail (Threats: Spam, fake email, viruses and spyware) •Web (Threats: Malicious web pages) State’s backbone network and POPs (Points of Presence) 4

  5. Threats and Motivations • Organized crime – motive is profit • Hacktivists – motive is to make a point, political motive, embarrassment of an organization • State sponsored hackers - government belief that you may be able to destabilize an economy • Black hat – pride, bragging rights • Script kiddies - people looking to say they are successful security professionals 5

  6. Techniques • Fake electronic mail • Unknown software vulnerabilities • Hacking including web defacements • Interruptions to Internet service that would limit citizens’ ability to conduct state business • Viruses • Social engineering 6

  7. Challenges • Protecting data when it is everywhere – Ever-changing technology, tablets and smartphones, have made data mobile • Workforce demanding to use personal devices for work • Human behavior – Policies, rules and regulations will not stop people from acting without thinking • Insider threats • Password management • Timely removal of confidential data at the end of its usefulness • Business demands for data sharing 7

  8. Themes in IT security • National Association of State Chief Information Officers (NASCIO) call to action issued last month – Enterprise approach • Fewer silos = better security • Enforce standards • Minimize entries to network • Approach reduces operational costs 8

  9. What are we doing? • Technical security controls – antivirus, firewalls, intrusion detection and monitoring, encryption of devices and some data • Training and Awareness – provide monthly training newsletters to executive branch agencies • ITS has mandatory annual training for all employees • Information sharing - relationships with Homeland Security and the FBI to receive and provide information for ongoing investigations • Audits – we have audits performed by the State Auditor, the federal government and private industry for regulatory compliance. • Annually provide and update security standards based on international security standards. • Preparing for a third party vulnerability assessment and limited penetration testing 9

  10. Areas for Improvement • Additional funding for – More outside vulnerability and penetration testing – Additional security controls purchased at the enterprise level – Data Loss Prevention • Encryption, other technical approaches • Start with most critical data • As first step, agencies should evaluate their data and programs to determine sensitivity and risk of exposure • Employee Security Training and Awareness – More training and newsletters; timely notifications of significant, current threats

  11. Cost vs. risk • IT security, like any security, is a matter of cost vs. risk – How much willing to spend to achieve what level of security • Cost of a breach is also significant – Lost credibility and trust – Cost of notifying citizens, as required by law – Cost of protecting citizens against identity theft after a breach

  12. Questions? Chip Moore Chief Information Security Officer (919) 754-6300 charles.moore@nc.gov http://www.esrmo.scio.nc.gov/ 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Awareness Rick Whitmore Information Technology Security Office security.ku.edu

Security Awareness Rick Whitmore Information Technology Security Office security.ku.edu

Security Awareness Rick Whitmore Information Technology Security Office security.ku.edu Everyone has a role in securing their part of cyberspace, including the devices and networks they use. Todays Topics Impact on Universities

936 views • 59 slides
SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security

SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security

SP 800-16 Rev 1 (3 rd Draft) A Role-Based Model for Federal Information Technology/Cyber Security Training FISSEA Conference March 19, 2014 Pat Toth Penny Klein Computer Security Division Systegra Information Technology Laboratory NATIONAL

750 views • 40 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division

Information Security in a Wireless World Dennis D. Steinauer Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD Information Security in a Wireless World Basic

554 views • 30 slides
Database-enabled web technology Security Instructor: C a gr C oltekin

Database-enabled web technology Security Instructor: C a gr C oltekin

Database-enabled web technology Security Instructor: C a gr C oltekin c.coltekin@rug.nl Information science/Informatiekunde Fall 2011/12 Security in Web applications Web, Databases & Security http://xkcd.com/327/ C . C

952 views • 47 slides
Security models Bj orn Victor Security models p.1/14 Harrison-Ruzzo-Ullman (HRU)

Security models Bj orn Victor Security models p.1/14 Harrison-Ruzzo-Ullman (HRU)

Information Technology Security models Bj orn Victor Security models p.1/14 Harrison-Ruzzo-Ullman (HRU) Information Technology Subjects S , objects O , access matrix M , access rights A : enforcement: read, write, execute, append,. .

371 views • 14 slides
American Bar Association Section of Science and Technology Law Information Security Committee

American Bar Association Section of Science and Technology Law Information Security Committee

American Bar Association Section of Science and Technology Law Information Security Committee 2013 Fall ISC Meeting and Presentation (with special participation by the Homeland Security Committee, the Cloud Computing Committee & the Public

57 views • 3 slides
Musings on IOT Tim Grance Jeff Voas Computer Security Division Information Technology

Musings on IOT Tim Grance Jeff Voas Computer Security Division Information Technology

Musings on IOT Tim Grance Jeff Voas Computer Security Division Information Technology Laboratory National Institute of Standards and Technology 2015 Agenda Four Horsemen of the Apocalypse, Cloud , Mobile , Big Data , Social What is

579 views • 40 slides
Information Technology and National Security Gary W. Strong National Science Foundation NSF has

Information Technology and National Security Gary W. Strong National Science Foundation NSF has

Information Technology and National Security Gary W. Strong National Science Foundation NSF has a broad, cross- cutting research agenda that includes national security. Interagency Cooperation on National Security Research Culture

311 views • 10 slides
WELCOME Welcome to Security Awareness Month Hosted by the Office of Information Technology

WELCOME Welcome to Security Awareness Month Hosted by the Office of Information Technology

WELCOME Welcome to Security Awareness Month Hosted by the Office of Information Technology October 2018 1 What is Prevent, Plan, and Prepare National We live in a world that is more connected than ever before. The Internet touches Cyber

785 views • 42 slides
NIST Information Technology Laboratory (ITL) The Cyber Maryland Showcase Security Automation

NIST Information Technology Laboratory (ITL) The Cyber Maryland Showcase Security Automation

NIST Information Technology Laboratory (ITL) The Cyber Maryland Showcase Security Automation Guidance Tower of Babel Documents Too much Alerts & Web Sites proprietary, Advisories incompatible information Costly

93 views • 8 slides
Security Issues in Mobile Agents E C Vijil School of Information Technology vijil@it.iitb.ac.in

Security Issues in Mobile Agents E C Vijil School of Information Technology vijil@it.iitb.ac.in

Security Issues in Mobile Agents E C Vijil School of Information Technology vijil@it.iitb.ac.in 16 January 2002 Security Issues in Mobile Agents 1 Overview of the Talk The Mobile Agent Paradigm Security Threats and Counter Measures

587 views • 24 slides
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Digital Signatures and Authentication Protocols ISS Dr. Ayman Abdel-Hamid 1

582 views • 27 slides
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Chapter 1 ISS Dr. Ayman Abdel-Hamid 1 Outline Attacks, services and

736 views • 24 slides
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Key Distribution in Symmetric Encryption ISS Dr. Ayman Abdel-Hamid 1 Outline

510 views • 12 slides
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Arab Academy for Science & Technology and Maritime Transport Chapter 11 p Message

251 views • 23 slides
Security Takes Center Stage Rajesh De Partner Chair, Global Cybersecurity & Data Privacy

Security Takes Center Stage Rajesh De Partner Chair, Global Cybersecurity & Data Privacy

Security Takes Center Stage Rajesh De Partner Chair, Global Cybersecurity & Data Privacy Practice +1 202 263 3366 June 7, 2016 rde@mayerbrown.com Cyber Attacks Are Increasing in Cost and Frequency 89% of breaches in 2015 had a

434 views • 8 slides
SITAC Meeting Wednesday, March 21, 2018 Pioneer Room, State Capitol Agenda Welcome/Opening

SITAC Meeting Wednesday, March 21, 2018 Pioneer Room, State Capitol Agenda Welcome/Opening

SITAC Meeting Wednesday, March 21, 2018 Pioneer Room, State Capitol Agenda Welcome/Opening Comments Shawn Riley Cloud Update Shawn Riley Unification/Shared Service Shawn Riley Cybersecurity Update Shawn Riley Statewide Productivity Suite

472 views • 33 slides
Law360 April 16, 2014 Antitrust Guidance On Cybersecurity Reaffirms Old Approach by Jamillia

Law360 April 16, 2014 Antitrust Guidance On Cybersecurity Reaffirms Old Approach by Jamillia

Law360 April 16, 2014 Antitrust Guidance On Cybersecurity Reaffirms Old Approach by Jamillia Padua Ferris and Paul M. Tiao On April 10, Deputy Attorney General James Cole, White House senior adviser Rand Beers, the head of the U.S. Department

281 views • 3 slides
NASS 2020 - Winter Conference 31 January 2020 Clint Watts Author of Messing With The Enemy:

NASS 2020 - Winter Conference 31 January 2020 Clint Watts Author of Messing With The Enemy:

NASS 2020 - Winter Conference 31 January 2020 Clint Watts Author of Messing With The Enemy: Surviving in a Social Media World of Hackers, Terrorists, Russians and Fake News Distinguished Research Fellow, Foreign Policy Research Institute

379 views • 11 slides
SecureWorks William Blair June 16, 2016 1 Disclaimers Non-GAAP Financial Measures The

SecureWorks William Blair June 16, 2016 1 Disclaimers Non-GAAP Financial Measures The

SecureWorks William Blair June 16, 2016 1 Disclaimers Non-GAAP Financial Measures The presentation presents information about the Companys non-GAAP revenue, non-GAAP gross margin, non-GAAP operating expenses, non-GAAP research and

646 views • 35 slides
Overview Introduction Legal framework Dynamics of the threat Nature of cyber

Overview Introduction Legal framework Dynamics of the threat Nature of cyber

BISC : Cyber Security What can the VSSE contribute? 1 BISC - 19/11/12 Overview Introduction Legal framework Dynamics of the threat Nature of cyber attacks Targeting Paradigm shifts Whos targeting what? Tools

340 views • 5 slides
Cyber Security Assessment Tool Overview FEDERAL DEPOSIT INSURANCE CORPORATION 1 Objectives

Cyber Security Assessment Tool Overview FEDERAL DEPOSIT INSURANCE CORPORATION 1 Objectives

Cyber Security Assessment Tool Overview FEDERAL DEPOSIT INSURANCE CORPORATION 1 Objectives Cybersecurity Discuss the Evolution of Data Security Define Cybersecurity Review Threat Environment Discuss Information Security

557 views • 40 slides
June 10th, 2020 W W W . A R G O C Y B E R . C O M Lorem ipsum dolor sit amet, consectetuer Jim

June 10th, 2020 W W W . A R G O C Y B E R . C O M Lorem ipsum dolor sit amet, consectetuer Jim

Cybersecurity, Hacking and Ransomware: What Every Local Government Needs to Know June 10th, 2020 W W W . A R G O C Y B E R . C O M Lorem ipsum dolor sit amet, consectetuer Jim Rogers, CEO, SME & Co-Founder has over 25 years of industry

371 views • 26 slides

More recommend