SLIDE 1
Center for Internet Security
CIS MS-ISAC Security Benchmarks Trusted Purchasing Alliance
National Council of County Association Executives Kristin Judge - - PowerPoint PPT Presentation
National Council of County Association Executives Kristin Judge - - PowerPoint PPT Presentation
National Council of County Association Executives Kristin Judge Executive Director Trusted Purchasing Alliance Center for I nternet Security William F . Pelgrin CIS President & CEO MS-ISAC Chair Center for Internet Security CIS
SLIDE 2
SLIDE 3
We Are All Digitally Connected!
SLIDE 4
SLIDE 5
Cyber Security Challenges
- Hacktivism
- Mobile Devices
- Social Netw orking
- I nsider Threats & Hum an Error
- Phishing
- Old infrastructure
SLIDE 6
Hacktivism
SLIDE 7
Hacktivism
“Attacking corporations, governments,
- rganizations and individuals…to make a point”
Sophos 2012
Hacktivist groups have attacked:
- Private corporations
- Federal Government
- City.gov sites
- Law enforcement groups
SLIDE 8
Mobile Devices
SLIDE 9
Smart phones will
surpass computers as web users' preferred vehicle for surfing the Internet Mobile Device Deployment Will Continue to Increase
SLIDE 10
Smartphones -- Blackberries Security Risks
- - Too Many Individuals Still…
– don’t use encryption, passwords, time-out settings or any other security protection – store their sensitive corporate information on smartphones – lose one of these devices at some point
SLIDE 11
More than 1 0 ,0 0 0 laptops are reported lost every w eek at 3 6 of the largest U.S. airports, and 6 5 percent of those laptops are not reclaim ed.
Ponemon Institute
Leaving your laptop or PDA unattended can lead to big problem s…
SLIDE 12
Social Netw orks
SLIDE 13
Threats
- 30,000 new
malicious URLs every day…approximatel y one every three seconds
Sophos Security Threat Report 2012
95% of comments to blogs, chat rooms and message boards are spam
- r contain malicious links.
Websense
SLIDE 14
Danger In TinyURL Links...
SLIDE 15
Risk is growing
Cyber attacks on social networks are up 70%
Sophos, 2010
Just 19% of government agencies ban social media sites at work, down from 55% in 2010
Sophos, 2012
SLIDE 16
I nsider Threat and Hum an Error
SLIDE 17
Insider Threats are Real…
Can be intentional or accidental
- WikiLeaks – Hundreds of thousands of
confidential documents leaked by military employee
- Inadvertent posting of the Social Security
numbers and birth dates of 22,000 government retirees on a state procurement website
- Disgruntled city employee tampers with city
network to deny access to top administrators
SLIDE 18
Human Error example– bad passwords!
tomshardware.com
SLIDE 19
Phishing
SLIDE 20
Phishing scams entice email recipients into clicking on a link or attachment w hich is malicious. WELL WRITTEN APPEARS CREDIBLE ENTICING OR SHOCKING SUBJECT APPARENT TRUSTED SOURCE
SLIDE 21
Old I nfrastructure
SLIDE 22
- Old hardware and software that is beyond the end of its
support life
- No longer supported by the vendors
- Using them after end of life places your organization at
great risk since any security vulnerability will NOT be fixed, making it easy for hackers to launch a successful cyber attack
SLIDE 23
How Can You Be More Secure?
- Create and follow organizational
information security policies
- Use strong passwords (minimum 8
characters and include upper and lower case, numbers and special characters)
- Don’t click on links in emails
- Don’t open attachments from unknown
sources
- Protect your mobile devices
SLIDE 24
The MS-ISAC is here to help!
SLIDE 25
AK MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member
A Trusted Model for Collaboration and Cooperation across All States, Local Governments and Several U.S. Territories—Built on over 8 years of Centralized Outreach, Awareness and Bidirectional Information Sharing.
MS-ISAC Member Am erican Sam oa HI MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member MS-ISAC Member
SLIDE 26
MS-ISAC Security Operations Center
24x7x365 Operations Monitoring Situational Awareness Incident Response Advisory & Analysis Services
SLIDE 27
- 24/7 Cyber Security Analysis
Center
- Cyber Security Alerts and
Advisories
- Public and Secure MS-ISAC
Websites
- Participation in cyber
exercises
- Common cyber alert level
map
- National Webcast Initiative
- National Cyber Security
Awareness Month
- Monthly Conference Calls;
Annual Meeting
- Ensuring collaboration with
all necessary parties
Multi-State Information Sharing and Analysis Center Products and Services
SLIDE 28
MS-I SAC Public W ebsite
SLIDE 29
Advisories & Daily Tips
SLIDE 30
Monthly New sletters
The MS-ISAC distributes the newsletters in a template form so they can be re- branded and distributed broadly throughout states and local governments
SLIDE 31
SLIDE 32
Cyber Security Guides
SLIDE 33
Cyber Security Awareness Toolkit
SLIDE 34