Add to collection(s) Add to saved
  1. Science
  2. Health Science

Cybersecurity: Risk, Remediation, Response

advertisement 
Cybersecurity
Risk, Remediation, Response
Nathan Gibson, CCE, CEH
Today’s Presentation




Introduction
Governance
Cyber Risk
Remediation Strategies
– Passwords
– Phishing
– Security Updates
 Incident Response
 Challenge
 Summary
Definitions
 Information Security
– The protection of information and information systems from
unauthorized access, use, disclosure, disruption, modification,
or destruction in order to provide confidentiality, integrity, and
availability.
 Cybersecurity
– The ability to protect or defend the use
of cyberspace from cyber attacks
Terms




Phishing
Threat Actor
Malware
OCR
Governance
 Leadership
– Executive Leadership
– Board Accountability
– Incident Response Team
• Confidentiality & Security Team (CST)
• Computer Emergency Response Team (CERT)
 Frameworks
– NIST Cybersecurity Framework
– NIST 800-Series Guidance
– SANS 20 Critical Security Controls
Compliance
Secure
Cyber
Risk
Next Steps
Risk
Remediation
Response
Cyber Risk
 Criminal Attacks Up 125%
 Medical Identity Theft Doubled
– 1.4M to more than 2.3M
 Average of $13,500 to Restore Credit
Cyber Risk
 The Numbers...
–
–
–
–
–
Medical record: $10 - $50
Mother’s Maiden Name: $6
Social Security Number: $3
Date of Birth: $3
Credit Card: $1.00
 Risks
–
–
–
–
Patient safety (medical record)
Coverage (routine physical to major surgery)
Fraudulent claims
Credit accounts
Cyber Risk
Phishing
Phishing
Phishing (TBD)
Cyber Risk
OCR Breach Portal: October, 2015
139 Breaches (Hacking), >115M Patients
Cyber Risk
 Verizon Data Breach Report
–
–
–
–
–
23% of recipients open phishing messages
11% click on attachments
97% of exploits target 10 CVEs
Mobile malware not a primary threat
Threat Actors
• 80% of breaches reviewed (external)
• 17% of breaches reviewed (internal)
• 3% of breaches reviewed (partners)
Cyber Risk
 Risk Assessment
– NIST 800-30 Rev. 1
• Conducting Risk Assessments
– NIST 800-39
• Managing Information Security Risk
– Vulnerability Assessments
– Stored and Transmitted
Cyber Risk
 Stored
–
–
–
–
–
Databases
Thumbdrives
Workstations
File Servers
Medical Devices
 Transmitted
–
–
–
–
Email
VPN (clients)
Site-to-Site VPN Tunnel
Secure Web Front-End
 Know your data!
 Don’t overlook non-sensitive systems
Cyber Risk
 Tools
– Security Risk Assessment (SRA Tool)
• https://www.healthit.gov/providersprofessionals/security-risk-assessment-tool
• Additional resources
o Top 10 Tips for Cybersecurity in Health Care
– HIPAA Security Rule Toolkit
• http://scap.nist.gov/hipaa/
Remediation
Next Steps
Strategies
Risk
Remediation
Response
Remediation Strategies
 Accept
– Within organizational risk tolerance
 Avoid
– Risk exceeds organizational risk tolerance
 Mitigate
– NIST 800-53
– 20 Critical Security Controls
 Share or Transfer
– Outsourcing
– Cyber Insurance
Remediation Strategies
 Cyber Insurance
–
–
–
–
Breach Costs (forensics, notification, identity protection)
Privacy Protection (regulatory)
Multimedia Protection
Cyber Extortion
 Analysis
– Incident History
– Ponemon Study: $204 per record
– Verizon Data Breach Report
Remediation Strategies
 Verizon Data Breach Report
– Cost Per Record
Remediation Strategies
 Example Safeguards
–
–
–
–
–
–
–
–
–
–
Encryption
Malware Protection
Microsoft & Third Party Updates
Physical Access Controls
Intrusion Detection & Prevention
Policies & Procedures
Disaster Recovery & Business Continuity
Incident Response
Two-Factor Authentication
Strong Password Enforcement
Video
Next
Steps
Passwords
Passwords
 Which one is more secure?
take the survey
Xq!5#7pK
15 characters
49 million years to crack
8 characters
3 days to crack
Passwords
 Passwords
–
–
–
–
Minimum of 8 characters (10-52 seconds)
Upper & lower case (45-180 minutes)
Numbers (3-15 hours)
Special characters (3-5 days)
 Passphrases
–
–
–
–
Minimum of 15 characters (13,000 years)
Upper & lower case (435 million years)
Numbers (6 billon years)
Special characters (157 billion years)
Passwords
 Two-Factor Authentication
– Password, Pin
– Hard Token, Soft Token, Certificate
Phishing
 Security awareness and training
Phishing
 Phishing tests
– Social Engineering Toolkit (SET)
– Simple Phishing Toolkit
– SpearPhisher
Phishing Test
Security Updates
 Windows Updates
– 120 Windows Updates, Per Server, Per Year
– 12,000 Windows Updates Per Year (per 100 Servers)
 Microsoft Updates
– Office
– SQL
 Third Party Updates
– Adobe
– Oracle (Java)
Incident
Next Steps
Response
Risk
Remediation
Response
Incident Response
 Incident Response Team
 Reporting & Tracking
 Breach Assessment
– Notification Requirements
 Law Enforcement & NCCIC
 Disaster and Contingency Planning
Incident Response
 National Cybersecurity and Communications Integration
Center (NCCIC)
– US-CERT (United States Computer Emergency Readiness Team)
– ICS-CERT (Industrial Control Systems Cyber Emergency
Response Team)
– NCC (National Coordinating Center)
– COC (NCCIC Cyber Operations Center)
– DTA (Discovery and Technical Analysis)
– MM (Mission Management)
Challenge #1
 Vulnerability Assessment Report
– US-CERT: Top 30 Targeted High Risk Vulnerabilities
– https://www.us-cert.gov/ncas/alerts/TA15-119A
Challenge #2
 Malware Report
– Virus definitions
– Detection history
– Rogue system detection
Challenge #3
 Security Update Status Report
– Microsoft updates
– Third party software
Challenge #4
 Security Awareness and Training
– Training certifications/verification
– Review/update content
– Phishing test
 Free Resources
– CyberAwareness Challenge (Federal Version)
• http://iatraining.disa.mil/eta/cyberchallenge/launchpage.htm
– Identifying and Safeguarding PII
• http://iatraining.disa.mil/eta/piiv2/launchPage.htm
– Privacy and Security Training Games
• https://www.healthit.gov/providers-professionals/privacy-security-training-games
Summary
 Risk
 Remediation
 Response
Additional Information
 Verizon Data Breach Report (2015)
– http://www.verizonenterprise.com/DBIR/2015/
 National Institute of Standards and Technology (NIST)
– http://www.nist.gov
– 800-Series Guidance: http://csrc.nist.gov/publications/PubsSPs.html
 OCR Breach Portal
– https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
 NCCIC
– http://www.dhs.gov/about-national-cybersecurity-communicationsintegration-center
 US-CERT
– https://www.us-cert.gov/
– Incident Reporting: https://www.us-cert.gov/forms/report
Additional Information
 Cybercrime and the Healthcare Industry (EMC & RSA)
– http://www.emc.com/collateral/white-papers/h12105-cybercrimehealthcare-industry-rsa-wp.pdf
 Fifth Annual Benchmark Study on Privacy and Security of Healthcare
Data (Ponemon Institute)
– https://www2.idexpertscorp.com/fifth-annual-ponemon-study-onprivacy-security-incidents-of-healthcare-data
 Cyber-Risk Oversight Handbook
– https://www.nacdonline.org/Resources/Article.cfm?ItemNumber=1068
8
Contact Information
Have a question, comment, or
suggestion?
Contact Nathan Gibson at:
ngibson@wvmi.org
304-346-9864 ext. 2236
Related documents
Cyber-Security Awareness PowerPoint
Cyber-Security Awareness PowerPoint
Internet Safety - CFFinfo
Internet Safety - CFFinfo
View session overview, activities and output
View session overview, activities and output
Individual Teacher Data Analysis Form
Individual Teacher Data Analysis Form
apdf nov 4 - 0910 sakada
apdf nov 4 - 0910 sakada
Jorge Valenzuela
Jorge Valenzuela
Security Awareness for ISACA
Security Awareness for ISACA
NLC provides member cities with access to two such programs: TULIP
NLC provides member cities with access to two such programs: TULIP
Global Data & Privacy Update
Global Data & Privacy Update
Breaking Trust On The Internet
Breaking Trust On The Internet
Presentation title slide - 42 pt Times New Roman, White
Presentation title slide - 42 pt Times New Roman, White
Download
advertisement