Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv...

Cybersecurity for Municipalities

2017 AUMA Convention

Agenda

Introductions

Cybersecurity Landscape

Current & Emerging Risks

Reducing Risk

Wrap-Up

Senior Client Solutions Architect Optiv Security

• Over 20 years of experience• Wide variety of industries• Diverse experience• Builder, problem solver

Chris Burchell

About Optiv

Largest pure-play cyber security solutions provider

Mission: Vision:Partner with organizations to help them plan, build and run successful cyber security programs.

To be the world’s most advanced, most comprehensive and most trusted partner for cyber security solutions.

Singular Focus: Cyber security

The CybersecurityLandscape

2017 Cybersecurity Headlines

Petya / NotPetya 199 Million Voter Records

and the list goes on…

WannaCryShadow Brokers

University of Calgary

MacEwanUniversity

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Verizon Data Breach Investigations Report

•“It can’t happen to us…”

•“We’re all good…”

•“Sure my password is strong…”

•“We don’t need to do anything different…”

95% of phishing attacks followed by some sort of software installation

61% were businesses with less than 1,000 employees

73% were financially motivated

27% of breaches discovered by third parties

It can happen to you.

Challenges, Current and Emerging Threats

World wants to be more connected

Massive explosion/churn of infrastructure and data

Threat volume and sophistication growing exponentially every day

A Very Big Problem

Nearly every tactic can be defeated

There is no one-size-fits-all solution

It will never be done

Stakes are high and getting higher

Thousands of options and choices

Few have the know-how, awareness, resources or time to catch up or keep up

No silver bullet

Beginning of a perfect storm Every

organization needs help

Cyber Security Challenges

Customer data and intellectual property

Insider threats

Mobility

Compliance and regulations

Security awareness

Cloud infrastructure services

Evolving technology landscape

Third-party riskAdvanced threat

Internet of things (IoT)

Threat intelligence

Distributed denial of service

•Stolen or weak passwords•Good old-fashioned hacking•Malware / Ransomware (phishing)•Social engineering attacks

Current and Enduring Risks

•Cloud Security•IoT•Third Party Risk•Insider Threats

Emerging and Growing Risks

Reducing Risk

Reducing Risk – Overview

•Know what you’re dealing with

•Know your exposure

•Build a business-driven security program

•Prepare for the inevitable

Prevent and Mitigate

• Know your assets• Restrict traffic• Use multi-factor authentication• Limit administrative access• Log and monitor events

Respond and Investigate

• Use IR playbook• Proactive review• Change administrative passwords• Contain and eradicate threats• Engage legal and PR teams early

Reducing Risk – Know What You’re Dealing With

Do you know what you are trying to protect and how important it is?

Prepare for the Inevitable

•Get executive buy-In

•Educate and raise awareness

•Have a plan (and rehearse it)

•Supplement / CYA

•Build internal capacity or partner with experts

Cybersecurity for Municipalities · Proprietary and Confidential. Do Not Distribute. © 2017 Optiv...

Documents

Enterprise Incident Management - Optiv...Enterprise Incident Management 2 Program Clarity The Optiv EIM framework covers all the components, both technical and non-technical, necessary

Cybersecurity 3 cybersecurity costs and causes

Larry Whiteside - Optiv Cloud ready or steam rolled csa version

Partnering w/ Municipalities

Cybersecurity: What Municipalities Need to Know Now · You May Have More Data Than You Think uFinancial data (water bills, taxes, parking fines) uPersonnel files (SSNs, bank accounts

CYBERSECURITY RISK DISCLOSURE AND CYBERSECURITY DISCLOSURE ... · CYBERSECURITY RISK DISCLOSURE AND CYBERSECURITY DISCLOSURE GUIDANCE ABSTRACT Cybersecurity risk disclosure has received

OPTIV CLASSIC 443 - w3.leica-geosystems.com · OPTIV CLASSIC 443 | FACTSHEET 3 PC-DMIS Vision - Feature-based measurements measurement software - Functions for fast editing of measurement

Civics 3.02 Local Gov’t in NC (ch. 14.1-2). I. Municipalities A.Creating municipalities 1.Municipalities-…

CDM for municipalities

Restoring Our Municipalities

The Cybersecurity Landscape...5/16/2016 1 ZZ The Cybersecurity Landscape Walt Powell CISSP, CISM Sr. Solution Architect Optiv Security Introduction Walt Powell CISSP CISM Sr. Solution

Municipalities FGV)

BC Municipalities Newsletter

XBRL in Municipalities

Water and Sewage Industry Examples - SecurityTechnology ... · Cybersecurity enacted (January 2015) Heisei merger of municipalities (June 2005) Cabinet decision on cybersecurity CSSC

MUNICIPAL GOVERNMENT · 2017-10-25 · 343 MUNICIP VERNMENT MUNICIPALITIES Mississippi law classifies municipalities according to population size . Municipalities with populations

SOLVE CYBERSECURITY COMPLEXITY · 2020-03-16 · Optiv Global ServicesOptiv Services 2 The current cybersecurity environment is founded in a traditional approach that no longer scales

Optiv Service Line Card

Optiv Classic 321 GL tp Technical Data - LAKARA d.o.o.€¦ · - 2 - Technical Data Product description The Optiv Classic 321 GL tp combines optical and tactile measurement in one

Www.salga.org.za “ for municipalities, by municipalities, to benefit of municipalities” A SALGA led initiative supported by the Water Research Commission