March - April - 20189GOVERNMENT CIO OUTLOOKwith your Cyber Security plans. A solid and tested DR plan (with good backup/restore capabilities) will go a long way in ensuring cyber resiliency in the environment.I'd like to share the practices and steps to build a `reasonable' local government cyber security program, broken out into People, Process, and Tools.PEOPLEEngage with cyber partners for knowledge share. The Multi-State Information Sharing & Analysis Center (MS-ISAC) is a must to partner with. The mission of the MS-ISAC is to improve the overall cybersecurity posture of state, local, tribal, and territorial governments. Collaboration and information sharing among members, private sector partners and the U.S. Department of Homeland Security are the keys to success. Additionally, the public/private InfraGard FBI partnership is dedicated to sharing information and intelligence to prevent hostile acts against the US, to include Cyber. Partner with a trusted cyber security firm to provide security posture assessments, pen-testing, application, and port scanning.Have a CISO and dedicated staff working on Cyber Security around the clock. Ensure you have a cyber awareness program in place to educate the workforce. Continually test staff and workforce with mock Phishing exercises and awareness training.PROCESSBecome familiar and use the NIST Cyber Security Framework for Network and Application security. Offense informs defense. By continuous monitoring and proactive measures, you can determine the right amount of defense mechanisms that need to be in place.Determine need and levels for Cyber Insurance. · Starts with the basics, making sure your data backup and restore capabilities are sound and match the data retention polices for tiered data classifications.· Disaster and Business Continuity plans are current and tested to ensure that fault tolerance and resiliency is built in. Data recovery capability is sound through backups and recovery.· Reduce your attack surface. Collapse networks and build partitions and micro-segments so that viruses, malware, and bad actors cannot traverse your network. · Patch program needs to be automated and monitored to ensure all critical systems are patched to latest versions, end point security included.· Secure configurations are set for firewalls, routers, and switches.· Implement Data at Rest and Data in Transit protection, encrypt sensitive and PII data.· Provide for system hardening by protecting credentials by implementing dual factor authentication.· Understand threat vectors and defenses in place to mitigate.Threat Vectors:· Social Engineering the human, phishing, spear-phishing, and whaling emails· SQL Injection and remote control execution· Cross-site scripting (XSS) vulnerabilities· DDOS attacks· Server vulnerabilities· Ransomware· MalwareDefense, Basic Measures:· Patching, staying current 100% on all patch levels· Restrict Admin privileges· Network and application firewalls. Application white listing· Pen Testing and vulnerability scans· Dual factor authentication.· Virus ProtectionTOOLS· Layer with Commercial off the Shelf (COTS) cyber products· Provide for boundary defense and perimeter filtering by having IDS/IDP in place· Application White listing in place· Centralize logging of critical systems and events· Managed DNS considered· DDOS scrubbing in place· Inventory for all devices and software, know your environment and risk posture· Email and web browser monitoring and filtering· Virus Protection, end-point and server· Ensure all software and applications, especially content management software, are fully patchedIn closing, Enterprises face cyber threats and attacks every day. It's not if a cyber breach will occur, but when and how significant the breach will be. A single cyber security breach can materially affect the operational and financial capabilities of any organization or cause a significant service level disruption. Governance and oversight over the cyber security posture of an organization is priority one. Peter Ambs
< Page 8 | Page 10 >