erepublic hawaii dgs 14 presentation - information security threatscape_michael powers
TRANSCRIPT
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation - Information Security Threatscape_Michael Powers
1/13
J. Michael Powers,HCISPP, CISSP, CISA, CISM
State of Hawaii
Department of Land and Natural ResourcesDivision of Boating and Ocean Recreation
Hawaii Digital Government Summit - 2014
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation - Information Security Threatscape_Michael Powers
2/13
Introduction Threat landscape - evolution
Oral
PaperPrinting press
Computer
Network
InternetCloud Services
BIG DATA
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation - Information Security Threatscape_Michael Powers
3/13
60 Minutes - Quote November 30, 2014
97% of all computer systems are already breached
Quote by senior security chief at major IT Security firm
Private
Privacy
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation - Information Security Threatscape_Michael Powers
4/13
Vectors to Breach PrivacyWeak policies and procedures
Insecure devices
Expanding connectivityWireless information capture
Loss of institutional knowledge
Lack of controls
Incidents issues
Inadequate security architecture
Insecure backups
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation - Information Security Threatscape_Michael Powers
5/13
Regulatory Drivers Health Care HIPAA, HITECH, PHI
Credit Cards - PCIDSS
Banking
FDIC, FINRA, SEC, Education FERPA
Public companies SOX, SSAE16
Government DOD - DIACAP
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation - Information Security Threatscape_Michael Powers
6/13
Current Threat Landscape Social Media
Online Purchasing
Mobile Connections RFID
BYOD
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation - Information Security Threatscape_Michael Powers
7/13
Threat Vectors - Vulnerabilities Data aggregation
Too many passwords
Linked systems
Personal System at work
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation - Information Security Threatscape_Michael Powers
8/13
Planning Preparation
Build a team
Inventory technologies Standardize investigation process
Training and governance
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation - Information Security Threatscape_Michael Powers
9/13
Execution
Protection Plan Steps Establish Critical Capabilities
Threat Intelligence
Vulnerability Identification
Activity Awareness
Forensic Analysis
Malware Analysis
Review and remediate Report and update
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation - Information Security Threatscape_Michael Powers
10/13
Training & Awareness Get the word out about attacks
Discuss defense strategies
Ongoing programs
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation - Information Security Threatscape_Michael Powers
11/13
Contact Information
State of Hawaii DLNR-DOBOR
IT Security Consulting
www.PowersGroup.com
mailto:[email protected]:[email protected]:[email protected]:[email protected]://www.powersgroup.com/http://www.powersgroup.com/http://www.powersgroup.com/mailto:[email protected]:[email protected] -
8/10/2019 ERepublic Hawaii DGS 14 Presentation - Information Security Threatscape_Michael Powers
12/13
Sources Privacy in Context Helen Nissenbaum
Big Data Mayer-Schonberger & Cukier
-
8/10/2019 ERepublic Hawaii DGS 14 Presentation - Information Security Threatscape_Michael Powers
13/13
Definitions DIACAP DOD Information Assurance Certification and
Accreditation Process DOD Department of Defense FDIC Federal Deposit Insurance Corporation
FERPA
Family Educational Rights and Privacy Act FINRA Financial Industry Regulatory Authority HIPAA Health Information Portability and Accountability Act HITECH Health Information for Economic and Clinical Health Act PCIDSS Payment Card Industry / Data Security Standard
PHI
Protected Health Information SEC Security and Exchange Commission SOX Sarbanes - Oxley Act SSAE16 Statement on Standards for Attestation Engagements no. 16