Professional Documents
Culture Documents
The challenge
Valuable data is collected, processed and stored at all levels of government A wide array of bad actors are trying to acquire, or disrupt access to, that data Numerous rules and regulations require government entities to protect that data Most government entities have scarce resources
Plan of attack
What data are we talking about? What are the risks? How do we address risks? What strategies we can apply to achieve success
Medical records
Employees, state programs, clinics
Payment Info
Loss of IT functionality
Due to denial of service, file corruption or deletion, data ransoming, DNS hacks
CREDENTIALS
!?**!
Gets infected/owned
Access to victim machine Search and exfiltrate files Use network connections Access to webcam and audio Passwords, system functions Victim chat
Compliance as leverage
Bosses may not like security But everyone hates bad grades Hard to avoid oversight From FISMA to state auditors
Thank you!
stephen.cobb@eset.com WeLiveSecurity.com www.eset.com