Scribd Logo
Upload

Welcome to Scribd!

  • TXDGS14 State of The State of Security Presentation - Edward Block

    Uploaded by

    e.Republic
    114 views14 pages
    GovTech Texas DGS 2014 presentation State of the State of Security by Edward Block

    Original Title

    TXDGS14 State of the State of Security presentation - Edward Block

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    GovTech Texas DGS 2014 presentation State of the State of Security by Edward Block

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    114 views14 pages

    TXDGS14 State of The State of Security Presentation - Edward Block

    Uploaded by

    e.Republic
    GovTech Texas DGS 2014 presentation State of the State of Security by Edward Block

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    State Cyber Threat Landscape

    States have comprehensive information about citizens


    Organized cyber criminals have targeted government and higher education
    agencies for the past few years.
    Data loss from government impacts citizen trust and has the potential to impact
    state business by affecting citizen services, revenue collections, or unplanned
    spending
    There has been high-profile cyber attacks from loose-knit, politically-motivated
    groups operating globally.
    These groups are distinct from more well established cyber criminal
    organizations, in both organizational structure (ad-hoc vs. top-down) and
    motivation (hacktivism vs. monetary gain).
    State Governments Are a Target
    2
    Texas has a population of 26+
    million
    Texas agencies spread across over
    3 million IP addresses
    Attacks mirror the larger Internet
    Since January of 2009: 34 incidents
    of lost data
    Range from network breach to
    lost/stolen laptops
    Texas is not immune
    The Changing Face of External Breaches
    Emerging cybercrime and state-sponsored threats will require a strong response from states.
    In terms of external security breaches, which of the following apply to your state?
    Texas
    Overall Infections are lower, but vectors
    have expanded
    Web vulnerabilities are still a significant
    vector for attack
    Similar attacks year-over-year
    A distinct issue for a State with thousands
    of field workers
    No significant activity from state-
    sponsored attackers
    The OCISO does not track financial fraud
    Top Five Barriers faced in addressing Cybersecurity
    Insufficient resources against growing sophistication of threats and emerging technologies make the
    need to raise stakeholder awareness to gain their support and funding the more critical.
    Identified Trends in Texas
    Internal network segmentation
    Consistent event monitoring and analysis
    Standards in security governance / awareness
    IT staffing challenges
    Security in software development
    1
    2
    3
    4
    5
    6
    Data classification
    7
    Identity and access management standardization
    Increased Focus on Security
    0 Bills
    Introduced
    81
    st
    Session
    1 Bill
    Introduced
    1 Bill
    Enrolled
    82
    nd
    Session
    5 Bills
    Introduced
    4 Bills
    Enrolled
    83
    rd
    Session
    Multiple groups established to identify and address security issues
    Texas Cybersecurity, Education, and Economic Development Council
    Statewide Information Security Advisory Committee
    Information Security Working Group
    State Security Operations Group
    Cyber Texas
    Texas Legislative Action
    SB1101 & SB1102
    Establishes a statewide coordinator within DIR to develop strategies for and
    implement solutions related to cybersecurity education and economic
    development
    Extends the council created in the 82
    nd
    Legislative Session to provide
    recommendations.
    SB 1134
    Creates clarity in the role DIR performs such as developing strategies and a
    framework for protecting critical infrastructure, maintaining a clearinghouse for
    the states cybersecurity matters, and to provide training to state personnel as
    well as promote public awareness of cybersecurity issues.
    SB1597
    Requires agencies to submit a security plan to DIR
    Frameworks and Standards
    HTTP://XKCD.COM/927/
    Texas Statewide Security Program Overview
    Security Services
    Texas Cybersecurity Framework
    Plan &
    Strategy
    Education & Awareness
    Direct Elected Services
    Cooperative Contract
    Procurement Offerings
    Managed
    Services
    TAC 202
    Agency
    Security
    Plan
    Template
    Control
    Catalog
    Operations
    Vendor
    Services
    Alignment
    Identify
    Recover
    Protect Respond
    Detect
    Risk
    Management
    Security Officer Training
    Agency Personnel
    Awareness
    Public Awareness
    Agency Security Plan Template
    40 security objectives defined
    Aligned to Framework for Improving
    Critical Infrastructure Cybersecurity
    released by NIST on February 12
    Agencies are guided to specify the
    controls they have in place for each
    security objective
    Framework Components
    Agency Security Plan Template
    Delivered in January / Responses Due in October
    Vendor Product / Service Template
    Delivered in March
    Texas Administrative Code Ch. 202
    Target February 2015
    Guidelines and Whitepapers
    Developed as Necessary
    Risk Management within the Framework
    In development within SISAC Risk Assessment Subcommittee
    Security Hierarchy of Needs
    Rick Holland, Principal Analyst, Forrester, @rickhholland
    Must do the fundamentals well or
    you'll never be able to address the
    top level threats.
    Contact
    Edward Block
    edward.block@dir.texas.gov
    512.463.8807

    You might also like