73 rd Annual Texas Association of County Auditors Fall Conference Holiday Inn San Antonio Riverwalk San Antonio, Texas October 16-19, 2018 Anniversary SAN ANTONIO 300 DE BÉJAR th Welcome to the River City IT Cybersecurity for Counties Wednesday, October 17 1:05-1:55 p.m. Michael Cheng, Head of Information Security, Bexar County This session will introduce an effective framework to quickly improve counties' cybersecurity posture.
12
Embed
IT Cybersecurity for Counties - TAC - Home · 1 October, 2018 CYBERSECURITY AT COUNTIES 7/27/17 1 AGENDA 10/10/2018 2 Major Cybersecurity Threats Challenges Quick Wins and Long Term
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
73rd AnnualTexas Association
of County Auditors Fall Conference
Holiday Inn San Antonio RiverwalkSan Antonio, Texas
October 16-19, 2018
AnniversarySAN ANTONIO
300
DE BÉJAR
th
Welcome to the River City
IT Cybersecurity for Counties
Wednesday, October 17
1:05-1:55 p.m.
Michael Cheng, Head of Information Security, Bexar County
This session will introduce an effective framework to quickly improve counties'
cybersecurity posture.
Michael Cheng, Head of Information Security, Bexar County, San Antonio Cheng joined Bexar County Information Technology as the head of information security in June 2018. He is responsible for establishing and maintaining vision, strategy, and program to ensure Bexar County information assets and technologies are adequately protected. Prior to current position, Cheng was Chief Information Security Officer at Aviage Systems, one of GE Aviation’s
joint ventures.
1
October, 2018
CYBERSECURITY AT COUNTIES
7/27/17 1
AGENDA
10/10/2018 2
Major Cybersecurity Threats
Challenges
Quick Wins and Long Term Strategy
2
MAJOR CYBERSECURITY THREATS
10/10/2018 3
10/10/2018 4
3
THREATS TO STATES/COUNTIES/CITIES
10/10/2018 5
WE ARE TARGETED
10/10/2018 6
Government agencies are ranked #7 sectors in Americas, experiencing most cyber-attacks and
system compromises in 2017
4
THINGS ARE AT RISK
10/10/2018 7
Election Systems & Election Information
Criminal Justice Information (CJI) & Criminal History Record Information (CHRI)
Personal Identified Information (PII)
Personal Medical Information
Payment Card Data
Government Secrets
“2018 Data Breach Investigation Report” by Verizon
POSSIBLE ENTRY POINTS
10/10/2018 8
Phishing Emails
System Vulnerabilities
Incorrect Configurations
Third Parties
5
CHALLENGES
10/10/2018 9
CHALLENGES COUNTIES ARE COMMONLY FACING
Out-of-date IT Infrastructure
Over-used Privileged Accounts
Lack of Boundary Defense
Ignorance of Security Incidents
…
10/10/2018 10
We are extremely vulnerable
6
QUICK WINS AND LONG TERM STRATEGY
10/10/2018 11
THINGS TO QUICKLY ENHANCE CYBERSECURITY
Asset Management Inventory and control of hardware devices
Inventory and control of software
Control security configurations of hardware and software