State Data Breaches

1
(No Transcript)
2
2012 CWAG Annual Meeting
State Agency Data Breaches Loss prevention,
response and remediation strategies
3
Identity Exploitations 12 years of our cases
Employees
Mortgagees
Job Seekers
Insured
The Scams Persist and This is Now an Industry
4
Prevention Detection Analysis Response
5
Prevention
6
Data Loss Prevention Comprehensive Approach
People, Processes and Systems to Identify,
Monitor and Protect Data...
In Use (endpoints, devices)
In Motion (network) At
Rest (storage)
7
Data Loss Prevention Conduct Gap Analysis
Your Current Security System Versus What You
Need to Have in Place
What Other Data Do You Hold That Could Become
Valuable?
What Processes (Internal and/or External) Can
be Tightened Up?
What Other Service Providers or Counter-Party
are Points of Vulnerability?
8
Detection
9
(No Transcript)
10
Analysis
Data Theft Is Preceded by Smaller
Intrusions...Catch Me if You Can
We Can Home In On Who Is Attacking We Can
Identify How Much Data Went Out What Data
Went Out, Where It Went Stop the Bleeding
11
Supplier
12
Analytics Real-time..or post-mortem
13
Analysis
An Incident Response Function and Plan Must be In
Place
Discover Attack and Exfiltration Identify
Data Which Has Gone Out and Where It Went
Contain Damage Eradicate Perpetrators
Presence Recover System and Data Protection in
Secure Manner Conduct in Forensically Sound
Manner Identify What Led to Intrusion to
Prevent
14
Monitoring, Detection and Remediation Providers
www.idanalytics.com www.inguardians.com www.mand
iant.com www.mantech.com
www.krollfraudsolutions.com www.intersections.com

15
Self-help resource
20 Security Controls For Effective Cyber
Defense - The SANS Institute
http//www.sans.org/critical-security-controls/
Consortium-led Approach to Determining Best
Practices and Most Cost Effective Security Across
Government Bodies
16
(No Transcript)
17
Wireless Access Code 9166703926