riskrecon overview
play

RiskRecon Overview June 10, 2020 Transforming How Texas Government - PowerPoint PPT Presentation

Jul 07, 2023 •122 likes •363 views

RiskRecon Overview June 10, 2020 Transforming How Texas Government Serves Texans Introductions Matt Kelly, Texas Department of Information Resources Dave Manning, RiskRecon Raine Drosdick, RSA Professional Services Transforming How

  1. RiskRecon Overview June 10, 2020 Transforming How Texas Government Serves Texans

  2. Introductions • Matt Kelly, Texas Department of Information Resources • Dave Manning, RiskRecon • Raine Drosdick, RSA Professional Services Transforming How Texas Government Serves Texans

  3. RiskRecon Onboarding Overview Dave Manning Customer Success Advisor 3

  4. Some questions you may want answers to 4

  5. Some Questions • What is my risk exposure today? • Is my risk exposure getting better or worse? • Do I encrypt sensitive data in transit? • Do I manage software vulnerabilities well? 5

  6. Where are the answers? 6

  7. 7

  8. What kind of data do you need to understand risk? 8

  9. Asset value is critical to determining risk Example: 2 systems with same critical unpatched software issue: 1 system is marketing brochure site 1 system is sensitive email gateway VS Same issue, but risks are very different Strictly RiskRecon Confidential – Shared with 9 under NDA

  10. RiskRecon builds risk profiles by analyzing each third-party’s publicly-accessible Internet surface Input Only Vendor Name and URL Strictly RiskRecon Confidential – Shared with 10 under NDA

  11. 11

  12. State Implementation Matt Kelly Transforming How Texas Government Serves Texans

  13. RiskRecon Overview • Provides security metrics on public-facing assets across 10 security domains. • Identifies vulnerabilities and recommends remediation responses. • Integration with Archer IT Security Vulnerability Management use case. • Issues Management • Vulnerability Ticketing • Licensed for 300 companies • Limiting RiskRecon accounts to ISO • Including common vendors in monitoring • Vendor suggestion form: https://www.surveygizmo.com/s3/5620263/RiskRecon-Vendor- Suggestions Transforming How Texas Government Serves Texans

  14. State Implementation • Mapped identified assets to organization profiles via MS-ISAC VMP program scan results, existing RiskRecon state of Texas domains/hosts, DIR Registrar records, etc. • Profiles can be tuned – add/remove domains and hosts. Send requests to support@riskrecon.com • Starting with designated ISO – additional users and user administration on RiskRecon side handled by support@riskrecon.com • Moving to production in SPECTRIM – new workspace (IT Security Vulnerability Management) will be available for Information Security Group members. • General users will have visibility into only assigned tickets. • Scan results are for the benefit of your organization, DIR is not incorporating scan results into maturity scores, security plans, etc. Transforming How Texas Government Serves Texans

  15. RiskRecon Does… • Deep mining of domain registration databases • Deep mining of network registration databases • Analysis of Internet DNS IP to hostname resolution logs • DNS queries • Lightly browse web sites, obeying robots.txt instructions • Analytics of publicly accessible code, content, configurations • Monitoring and analysis of commercial and open-source IP reputation feeds • Mining the internet for relevant information such as indicators of data loss events • Analyze Internet port scan data sourced from a commercial provider Transforming How Texas Government Serves Texans

  16. RiskRecon Does Not… • Tamper with parameters • Inject code • Conduct cross-site scripting • Conduct SQL injection • Attempt to bypass authentication • Execute memory overflow tests • Fill out form fields • Guess credentials • Execute vulnerability exploits • Attempt to bypass security controls Transforming How Texas Government Serves Texans

  17. Account Confirmation Email Transforming How Texas Government Serves Texans

  18. SPECTRIM Integration Raine Drosdick Transforming How Texas Government Serves Texans

  19. SPECTRIM Workflow Vulnerability Issues Scan Results Tickets Management Remediate Accept Risk Transforming How Texas Government Serves Texans

  20. Own Enterprise Monitoring Transforming How Texas Government Serves Texans

  21. Vulnerability Scan Results Transforming How Texas Government Serves Texans

  22. Vulnerability Tickets Transforming How Texas Government Serves Texans

  23. Questions GRC@dir.texas.gov Transforming How Texas Government Serves Texans

  24. Thank You dir.texas.gov #DIRisIT @TexasDIR Transforming How Texas Government Serves Texans

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 SF park overview OVERVIEW PRESENTATION / 2

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 SF park overview OVERVIEW PRESENTATION / 2

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 SF park overview OVERVIEW PRESENTATION / 2 Coin and card meters OVERVIEW PRESENTATION / 3 Making garages work better OVERVIEW PRESENTATION / 4 User interface and customer experience OVERVIEW

1.3k views • 24 slides
OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 Acknowledgements OVERVIEW PRESENTATION / 2 SF

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 Acknowledgements OVERVIEW PRESENTATION / 2 SF

OVERVIEW PRESENTATION / 1 OVERVIEW PRESENTATION / 1 Acknowledgements OVERVIEW PRESENTATION / 2 SF park overview OVERVIEW PRESENTATION / 3 Coin and card meters OVERVIEW PRESENTATION / 4 Improving the customer experience at garages OVERVIEW

567 views • 25 slides
GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin

GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin

National Taiwan University Department of Computer Science and Information Engineering GSM System Overview GSM System Overview GSM System Overview GSM System Overview Phone Lin Phone Lin Ph.D. Ph.D. Email: plin@csie.ntu.edu.tw Email:

686 views • 41 slides
i c r o g u a r d s OVERVIEW The m i c r o g u a r d BIOFUELS s OVERVIEW

i c r o g u a r d s OVERVIEW The m i c r o g u a r d BIOFUELS s OVERVIEW

LGE UNICAMP The m i c r o g u a r d s OVERVIEW The m i c r o g u a r d BIOFUELS s OVERVIEW The m i c r o g u a r d ETHANOL s OVERVIEW The m i c Ideal conditions r o g Costs-benefits u a r d

1.39k views • 59 slides
Football First Aid: Football First Aid: An Overview An Overview Steven Richmond 95#

Football First Aid: Football First Aid: An Overview An Overview Steven Richmond 95#

Football First Aid: Football First Aid: An Overview An Overview Steven Richmond 95# Commissioner --BRYC Firefighter II, EMT-B, HTR & HZMT Tech City of Alexandria Fire and EMS Overview Overview Hyperthermia (Heat Related Injuries)

2.61k views • 31 slides
1 Corporate Overview Transaction 1 Corporate Overview Overview of Libre Group Structure

1 Corporate Overview Transaction 1 Corporate Overview Overview of Libre Group Structure

1 Corporate Overview Transaction 1 Corporate Overview Overview of Libre Group Structure Industry Business Model Hotels Overview Disclaimer This presentation does not constitute, or form any part of any offer for sale or subscription

808 views • 32 slides
HabaPalooza T EA M HYPERION COM M 362 A PRIL 29 T H 201 2 Overview Team Overview

HabaPalooza T EA M HYPERION COM M 362 A PRIL 29 T H 201 2 Overview Team Overview

HabaPalooza T EA M HYPERION COM M 362 A PRIL 29 T H 201 2 Overview Team Overview Project Overview Analysis Active Experimentation Question & Answer Team Overview Our Logo Our Tagline Our Mission Statement

1.09k views • 15 slides
Outbound Logistics Overview 1 Outbound Logistics Overview Outbound Overview Four

Outbound Logistics Overview 1 Outbound Logistics Overview Outbound Overview Four

Outbound Logistics Overview 1 Outbound Logistics Overview Outbound Overview Four Dedicated Outbound Carriers MPF Meijer Private Fleet 111 stores serviced in Michigan, northern Ohio, and Indiana. NTB Nationwide Truck

865 views • 15 slides
HabaPalooza T E A M H Y P E R I O N C O M M 3 6 2 A P R I L 2 9 TH 2 0 1 2 Overview Team

HabaPalooza T E A M H Y P E R I O N C O M M 3 6 2 A P R I L 2 9 TH 2 0 1 2 Overview Team

HabaPalooza T E A M H Y P E R I O N C O M M 3 6 2 A P R I L 2 9 TH 2 0 1 2 Overview Team Overview Project Overview Analysis Active Experimentation Question & Answer Team Overview Our Logo Our Tagline Our

934 views • 15 slides
An overview to Maltese An overview to Maltese An overview to Maltese An overview to Maltese

An overview to Maltese An overview to Maltese An overview to Maltese An overview to Maltese

An overview to Maltese An overview to Maltese An overview to Maltese An overview to Maltese Agriculture Agriculture Agriculture characteristics S mall holdings L imited resources and L and Fragmentation. 2 Maltese agriculture in figures

1.04k views • 15 slides
Library Conversations: Talking with Users University of Rochester Overview Overview Used

Library Conversations: Talking with Users University of Rochester Overview Overview Used

Rebecca Bichel December 7, 2007 Library Conversations: Talking with Users University of Rochester Overview Overview Used anthropological & ethnographic Overview Overview methods Guiding research question: What do students

941 views • 44 slides
.NET Overview Objectives Introduce .NET overview languages libraries

.NET Overview Objectives Introduce .NET overview languages libraries

.NET Overview Objectives Introduce .NET overview languages libraries development and execution model Examine simple C# program 2 .NET Overview .NET is a sweeping marketing term for a family of products

388 views • 23 slides
1 Overview Overview Regional demographic overview Regional demographic overview Workforce

1 Overview Overview Regional demographic overview Regional demographic overview Workforce

1 Overview Overview Regional demographic overview Regional demographic overview Workforce supply analysis Regional demand for workers i l d d f k Balancing supply and demand Reviewing key cluster trends Key challenges

533 views • 39 slides
EZ Overview EZ Overview The Rapid Development Platform p p Muse EZ is a

EZ Overview EZ Overview The Rapid Development Platform p p Muse EZ is a

EZ Overview EZ Overview The Rapid Development Platform p p Muse EZ is a registered trademark of Future Designs, Inc . 1 Overview What is EZ? EZ RTOS Engine EZ Four Tier Hierarchy Reusable HAL and Device

600 views • 32 slides
Overview of the Reconstruction Overview of the Reconstruction Overview of Some Legal Issues

Overview of the Reconstruction Overview of the Reconstruction Overview of Some Legal Issues

Overview of the Reconstruction Overview of the Reconstruction Overview of Some Legal Issues Related to Puerto Ricos Debt Restructuring by Sergio M. Marxuach Center for a New Economy February 25, 2020 CNE Puerto Ricos Think Tank

347 views • 13 slides
Overview & Development Table of Contents 1 Simon Owen, CEO Business Overview

Overview & Development Table of Contents 1 Simon Owen, CEO Business Overview

2018 Investor Tour INGENIA COMMUNITIES GROUP Overview & Development Table of Contents 1 Simon Owen, CEO Business Overview Guidance Update Development Overview Latitude One Overview 2 Craig Shepherd, Project

247 views • 22 slides
International Association for Cryptologic Research Michel Abdalla IACR President Eurocrypt 2020

International Association for Cryptologic Research Michel Abdalla IACR President Eurocrypt 2020

International Association for Cryptologic Research Michel Abdalla IACR President Eurocrypt 2020 Membership meeting agenda About IACR Publications Conferences Journal of Cryptology Financial report Membership report

585 views • 44 slides
AND STOPPING THE NEXT ONE DAN LARSON VP OF PRODUCT, CROWDSTRIKE CROWD-SOURCED CLOUD-BASED

AND STOPPING THE NEXT ONE DAN LARSON VP OF PRODUCT, CROWDSTRIKE CROWD-SOURCED CLOUD-BASED

LEARNING FROM HIGH-PROFILE BREACHES AND STOPPING THE NEXT ONE DAN LARSON VP OF PRODUCT, CROWDSTRIKE CROWD-SOURCED CLOUD-BASED 150B CAPTURE INDICATORS OF Events/ day COMPROMISE 109 ENRICH Adversaries tracked 25,000 HUNT INDICATORS

435 views • 27 slides
WELCOME BASE FAMILIES! Distance Learning Spring 2020 Gathering How are you doing? Please share

WELCOME BASE FAMILIES! Distance Learning Spring 2020 Gathering How are you doing? Please share

WELCOME BASE FAMILIES! Distance Learning Spring 2020 Gathering How are you doing? Please share your response in the chat box if you like. Como estan? Por favor compartan sus respuestas en la seccion del chat si desea? Google Voice BASE

712 views • 42 slides
How to Conduct Quality Online Research Adrienne LeFevre Sarah Murray Ryan Liffrig Ed Lazarus

How to Conduct Quality Online Research Adrienne LeFevre Sarah Murray Ryan Liffrig Ed Lazarus

4/6/2020 How to Conduct Quality Online Research Adrienne LeFevre Sarah Murray Ryan Liffrig Ed Lazarus President Principal President & Senior Trial Consultant Consultant Winning Works, LLC First Court, Inc. LeFevre Trial Consulting/

659 views • 9 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng Ding, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 15: Electronic Mail Security Outline of this Lecture 1. Email security

580 views • 31 slides
System 2016 Oregon Association of County Clerks Mid-Winter Conference February 2 nd 2016

System 2016 Oregon Association of County Clerks Mid-Winter Conference February 2 nd 2016

Electronic Marriage Registration System 2016 Oregon Association of County Clerks Mid-Winter Conference February 2 nd 2016 Presenters: Krystalyn Salyer Karen Cooper Steve Taylor, Helion Software, Inc. Jennifer Woodward Salem Convention

834 views • 35 slides
Security CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ CSE473

Security CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ CSE473

Security CSE473 - Spring 2008 Professor Jaeger www.cse.psu.edu/~tjaeger/cse473-s08/ CSE473 Operating Systems - Spring 2008 - Professor Jaeger Protection Protect yourself from untrustworthy users in a common space If protection is so

578 views • 28 slides
PUBLIC RECORDS OVERVIEW October 3, 10, 2017 This presentation is posted at:

PUBLIC RECORDS OVERVIEW October 3, 10, 2017 This presentation is posted at:

PUBLIC RECORDS OVERVIEW October 3, 10, 2017 This presentation is posted at: http://www.flsheriffs.org/webinars/ Wayne Evans General Counsel, FSA Allen, Norton & Blue, P.A. 850-561-3503 revans@anblaw.com 3 Art. 1 24, Fla. Const.

316 views • 31 slides

More recommend