• No results found

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

N/A
N/A
Protected

Academic year: 2021

Share "Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement"

Copied!
26
0
0

Loading.... (view fulltext now)

Full text

(1)

Auditing After

a

Cyber‐Attack

JAX IIA Chapter Meeting

(2)

Presenter

Ray Guzman MBA, CISSP, CGEIT, CRISC, CISA  Over 25 years of diversified expertise in:

• Technology Infrastructure Development • Implementing ERP Solutions

• Developing Information Security Programs

• Business Continuity/Disaster Recovery Planning • Risk Management

• IT Auditing

(3)

Topic Agenda

 Cyber security Trends in 2013

 The rise of cyber‐attacks against service providers

 The threat and challenges healthcare providers face

 The role of the Internal Auditor to thwart

cyber-attacks

(4)

Cyber security Trends in 2013

Perspective Case Study: NASA (Paul K. Martin, Inspector General)

Testimony before the Subcommittee on Investigations and Oversight, House Committee on Science, Space, and Technology February 2012

 “In 2010 and 2011, NASA reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorized access to its systems”

 Some of these intrusions have affected thousands of NASA computers

 Resulted in the theft of export-controlled and otherwise sensitive data

(5)

Cyber security Trends in 2013

According to NASA’s Inspector General:

“NASA spends more than $1.5 billion annually on its IT-related activities”

So, what is the problem?

“NASA’s Chief Information Officer Lacks Visibility of and Oversight Authority for Key NASA IT Assets”

(6)

Cyber security Trends in 2013

Wayne Gretzky, also known as “the great one” said;

“A good hockey player plays where the puck is. A

great hockey player plays where the puck is going to

be.”

(7)

Cyber security Trends in 2013

Are we learning from Cyber Security Trends?

MacAfee's 2013 threats predictions;

1. “Ransomware” resurges and takes on mobile devices 2. Mobile malware goes on a shopping spree

3. Mobile “tap and pay” worms “bump and infect” 4. Botnets phone home

(8)

Cyber security Trends in 2013

Are we learning from Cyber Security Trends?

Open Web Application Security Project (OWASP)  OWASP is an open community organization

 All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security

 OWASP advocates approaching application security as:

 People  Process  Technology

(9)

Cyber security Trends in 2013

Are we learning from Cyber Security Trends?

Open Web Application Security Project (OWASP)

Top 5 Vulnerabilities of 2010 Top 5 Vulnerabilities of 2013

A1 – Injection A1 – Injection A3 – Broken Authentication and

Session Management

A3 – Broken Authentication and Session Management

A2 – Cross-Site Scripting (XSS) A2 – Cross-Site Scripting (XSS) A4 – Insecure Direct Object

References

A4 – Insecure Direct Object References

(10)

Cyber security Trends in 2013

Lessons learned:

 The means to carry out Cyber attacks will continue to evolve to overcome countermeasures

 Cyber attacks can’t be defeated by just throwing money at the problem

 Visibility: How can you protect what you don’t know you have in your network?

 Reduce the attack surface of software applications  Software assurance: Reduce software vulnerabilities

(11)

The rise of cyber‐attacks against

healthcare service providers

The problem for health care service providers;

“As predicted, HITRUST has seen a marked increase in the frequency and sophistication of cyber attacks targeted at healthcare organizations,” Daniel Nutkis, Chief Executive Officer, HITRUST

(12)

The rise of cyber‐attacks against

healthcare service providers

The problem for health care service providers;

New Kid on the block

Financial services and retail organizations have more

experience and insight mitigating the risk posed by cyber

threats

(13)

The rise of cyber‐attacks against

healthcare service providers

The problem for health care service providers;

“Healthcare, education, and government accounted for

nearly two-thirds of all identities breached in 2012.

Symantec Corporation

(14)

The rise of cyber‐attacks against

healthcare service providers

The problem for health care service providers;

(15)

The threat and challenges healthcare

providers face

The threat

“Symantec saw a 42 percent increase in the targeted attack

rate in 2012 compared with the preceding 12 months.”

Internet Security Threat Report 2013 :: Volume 18

 Why would a hacker be more interested on Electronic

Health Records (EHR) than credit card information?

(16)

The threat and challenges healthcare

providers face

The threat

Hackers know about:

• The push to share and exchange medical information electronically

• The push for compliance

• The push for security: protect the confidentiality, integrity and availability of EHRs

(17)

The threat and challenges healthcare

providers face

The threat

Hackers have the upper hand, but why?

Hackers don’t have competing motives But even more important;

Element of surprise Resources

(18)

The threat and challenges healthcare

providers face

The Challenge:

 Regulatory and compliance pressures:

 Dissimilar technologies that don’t work together  Millions of new patients coming into the system

 Industry that was not traditionally the focus of cybercrime, but it is now becoming the biggest target

 Lack of awareness and education to deal with increasing cyber security threats and attacks

(19)

The role of the Internal Auditor to thwart

cyber-attacks

Protecting Critical EHRs

• Review the organization’s Cyber Security strategy • Review the organization’s incident response and

communication plans

• Review the organization’s critical assets and associated risks

How are vulnerabilities identified? How are risks disclosed?

(20)

The role of the Internal Auditor to thwart

cyber-attacks

Protecting Critical EHRs

• Examine information security controls to ensure they are sufficient for regulatory requirements and follow industry best practices

 Monitor cloud  Monitor suppliers

 Monitor the networks  Monitor software

(21)

The role of the Internal Auditor to thwart

cyber-attacks

Protecting Critical EHRs

• Identify what digital information is leaving the organization

 Where is it going?  How is it tracked?

(22)

Auditing a service provider after

a cyber‐attack

Forensic investigative and analytical skills and abilities

are needed

Technical skills

• Building a digital audit trail

• Understand computer fraud techniques

• Understand information collected from various computer logs

• Understand the inner workings of web servers,

firewalls, attack methodology, security procedures & penetration testing

(23)

Auditing a service provider after

a cyber‐attack

Forensic investigative and analytical skills and abilities

are needed

Review:

• Computer Incident Response Plan and its performance after the cyber attack

• Chain-of-custody process

• Information Security Policies and Procedures

(24)

Reference Documents

NASA Testimony Before Congress in February 2012 McAfee Threats Report Third Quarter 2012

OWASP Top 10 Report for 2013

HITRUST Guidance for Healthcare Organizations to Assess Cybersecurity Preparedness

(25)

Q & A

(26)

Auditing After a Cyber‐Attack

References

Related documents

Three studies examined the association between alcohol use and harmful health behaviours such as tobacco smoking and substance abuse.(Jovic-Vranes, Vranes, Marinkovic, &

An explanatory paragraph following the opinion paragraph, describing that (i) the statement of social insurance presents the actuarial present value of the agency’s estimated

California State Loan Repayment Program – Increases the number of primary care physicians, dentists, dental hygienist, physician assistants, nurse practitioners, certified

The argument for a direct link between human resource practices and employee performance in R&D team settings hinges on the idea that high-involvement

Research highlights : This application has been designed to make it possible for any stakeholder to easily estimate standing vol- ume, biomass, and carbon content in maritime

Foreign-Trade Zone No. 79 received its Grant of Authority from the U.S. Foreign-Trade Zones Board in 1982. The City of Tampa is the Grantee. In 1989 the City of Tampa sponsored

In the United Kingdom, one particularly effective plastic card fraud prevention strategy involved a high profile publicity and education campaign by the Association for Payment

Another setback in computer implementation is schools has been identified in several studies which have shown that the learning potential of computers is