“data security prep for the holidays or how not to go dark on black friday
DESCRIPTION
TRANSCRIPT
![Page 1: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/1.jpg)
Stealing Christmas
Dr. Curtis A. Carver Jr.Vice Chancellor and CIO
Board of Regents
![Page 2: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/2.jpg)
• Policy ATE technology, oh my!
• Landscape
• What to do now?
• Questions, Comments, a Conversation
Agenda
![Page 3: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/3.jpg)
Necessary ComponentsPolicy, awareness, training, and education (ATE), and technology must form the core of your security program. All three are necessary.
![Page 4: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/4.jpg)
Landscape(Policy)
• Many policy or policy frameworks are available.– COBIT– ISO 27000 series– ITIL– NIST
• Pick one and execute as a first step.
• College courses in security policy are available.
![Page 5: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/5.jpg)
Perh
aps
Not
this
Pol
icy
![Page 6: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/6.jpg)
Technology
• Technology is getting better rapidly.• It is necessary but not sufficient.• Attack vector is shifting away from hacks to
social engineering. • Technology is not so good at preventing social
engineering.
![Page 7: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/7.jpg)
Recent Example: UGA• 8,500 staff and students
• Slow, deliberate social engineering attack
• Answers to “secret” questions found on Facebook.
![Page 8: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/8.jpg)
Another Example: South CarolinaGovernor Nikki Haley, “This is
not a good day for South Carolina.”
3/4ths of state citizens affected.
“The cost is also going to be enormous,
given that South Carolina may be required to pay for identity
theft protection services for anyone who has paid taxes in South
Carolina since 1998,”
October 27, 2012
![Page 9: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/9.jpg)
Landscape
• Attacks are increasing.
• Attacks are increasingly complex.
• Education, training and awareness becoming increasingly important.
![Page 10: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/10.jpg)
Normal versus Abnormal?Three Questions• What is normal for my
organization?• What is abnormal?• What do I do if
something abnormal occurs?
![Page 11: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/11.jpg)
Awareness, Training, and Education
Source: National Institute of Standards and Technology. An Introduction to Computer Security: The NIST
Handbook. SP 800-12. http://csrc.nist.gov/publications/nistpubs/800-12/.
![Page 12: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/12.jpg)
Three Examples
• Accountability Plus
• Carronade
• IT SAMI
![Page 13: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/13.jpg)
Accountability Plus
Time
Inci
dent
Cou
nt
Issue: In a five month period this year, 23% of helpdesk incidents were computer abuse. This represents a 255% increase over the same period last year
![Page 14: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/14.jpg)
Computer Abuse Process
• Computer incident occurs• Help Desk Notified• Institution notified• Help Desk Follows Up after 5 days• Help Desk Ticket closed out by Help Desk
What is wrong with
this process?
![Page 15: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/15.jpg)
Galileo, GeorgiaBest, GeorgiaFirst, GeorgiaonMyLine, GeorgiaView, GIL, PeachNet
• Actions Taken: – Incidents characterized as high, medium, or low impact.– Processes redefined to escalate resolution of these cases
to the President’s boss.– New processes go into effect on 9 April.
• Importance to USG Presidents: A telephone call from USG CIO is indicative of four days remaining until the case is forwarded to USG senior leadership.
Accountability Plus
![Page 16: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/16.jpg)
Galileo, GeorgiaBest, GeorgiaFirst, GeorgiaonMyLine, GeorgiaView, GIL, PeachNet
• Rest of the Story: I told the presidents that if I ever call them, their first step should be to fire the institutional CIO.
• Two Years Later: – The computer abuse line is linear – not
exponential.– I have not called a President…yet.
Rest of the Story and Two Years Later…
![Page 17: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/17.jpg)
Carronade• Issue: The longer
students are at our institution, the more susceptible they are to phishing attacks.
• Issue 2: – Death by PowerPoint
training version 1 failed. – Death by PowerPoint
training version 2 failed.
![Page 18: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/18.jpg)
Carronade Hypothesis
• Have the students launch spear phishing attacks against each other in a controlled manner.
• Have students remediate other students.• Don’t tell the technical staff when it will
happen.• Do it every semester.
![Page 19: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/19.jpg)
Typical Email
![Page 20: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/20.jpg)
Problems with Typical Email
![Page 21: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/21.jpg)
Carronade Results
![Page 22: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/22.jpg)
Two Years Later…
![Page 23: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/23.jpg)
04/10/2023 03:30 PM 23
IT-SAMI INSPECTION SHEET
Cadet Name Company Year Inspector Name
CategoryITEM POINTS
AD-AWAREINSTALLED? NO, -30CHECK UPDATES >= 1 WEEK OLD, - 05
>=3 WEEKS, -10
>= 1 MONTH, - 20
LAST SYSTEM SCAN >= 1 WEEK OLD, - 05>=3 WEEKS,
-10>= 1 MONTH,
- 20SCAN RESULTS
For each process -10For every 20 additional items, -05
DEFRAGEMENT ANALYZESYSTEM SUGGESTED? YES, -10
ADD/REMOVE PROGRAM LISTWILD TANGENT YES, -10WEATHER BUG YES, -10WELL KNOWN FILE SHARING YES, -20/item
BROWSER HEALTHSEARCH BAR OTHER THAN GOOGLE YES, -10
VIRUSES DEFENITION FILES >= 1 WEEK OLD, - 5
>=3 WEEKS, -10
>= 1 MONTH, - 20
SYSTEM DATASPACE REMAINING ON C-DRIVE < 20%, -10MAJORITY OF ACDEMIC DATA
STORED ON C-DRIVE YES, -20
Best In BDE
Best Regiment: 86.13
Best Company: 95.00
Worst Reg: 75.00
Worst Company: 53.50
![Page 24: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/24.jpg)
04/10/2023 03:30 PM 24
Saturday AM Inspection (IT SAMI)
In the hallways, cadetsstand inspection of theirmilitary equipment.
In their rooms, cadetsstand inspection of theircomputers.
![Page 25: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/25.jpg)
Stealing Christmas• The threat of organized crime and nation states attacking
your personal information is real. Grinch is alive and well.
• Give your organization the gifts of a strong security policy program, strong technology, and a strong education program.
• Think outside the box in educating, training and rewarding your organization.
![Page 26: “Data security prep for the holidays or how not to go dark on black friday](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c4447e4a795916078b4573/html5/thumbnails/26.jpg)
Questions, Comments, a Conversation
Dr. Curtis A. Carver Jr.Vice Chancellor and CIO
Board of Regents