This document summarizes a webinar presented by Capitol Technology University on cybersecurity challenges in the financial sector. The webinar included a presentation by Dr. Susan Goodwin on research showing an increase in cyber attacks on the financial sector during the COVID-19 pandemic. It discussed cybersecurity frameworks like NIST CSF and recommended that the financial sector adopt a framework to address vulnerabilities. The webinar provided an overview of the NIST CSF and case studies of universities that successfully used the framework.
The document discusses cybersecurity risks and responsibilities in the Caribbean region. It notes recent cyber attacks and security audits in Trinidad, Jamaica, and Barbados. It summarizes a section of the Cybercrime Bill 2014 that holds corporate directors responsible if they fail to prevent cybercrimes originating from their organization. Finally, it argues that information security requires governance, securing people and processes in addition to technology, and following standards like ISO 27001 to be prepared for incidents.
Learn about current cybersecurity threats, what new threats are on the rise, and how to train the next generation of cyberprofessionals to help keep us secure.
The document discusses information security workshops offered by Pinaka Technology Solutions to help organizations strengthen their security governance and increase user awareness of threats like phishing. The workshops cover topics such as security policies, risk management, and social engineering attacks, and are aimed at executives, IT staff, and other personnel handling sensitive data. Details are provided on workshop content, duration, cost, and customization options.
This document discusses the Honeynet Project and cyber security governance frameworks. It provides an overview of Honeynet, a non-profit focused on computer security research. It then discusses the importance of cyber security governance and introduces the NIST Cybersecurity Framework. The framework consists of five functions (Identify, Protect, Detect, Respond, Recover), categories within each function, and implementation tiers that describe an organization's cybersecurity risk management practices. The document emphasizes that effective cyber security requires leadership and continuous risk management to address evolving threats.
Thinking like a hacker - Introducing Hacker VisionPECB
This webinar will explain how to improve Security by adopting the mindset of your opponent, and 'seeing like a hacker'!
Main points covered:
• Introducing ways in which you can think like a hacker, and get into your attacker's mindset so that you can better identify and assess threats.
• How to use this thinking to improve your security controls - how effective are they? And how can you better test them for readiness?
• Visual examples to really lift the lid on what your attackers see, as 'hacker vision' gets you thinking in the mindset of a hacker.
• Examples covered will include physical security, Network security, as well as IoT security.
Presenter:
Our exclusive presenter, Mark Carney is a former pen tester and now a professional security researcher for Security Research Labs in Berlin, specializing in embedded systems and IoT. His background spans compliance testing, Red Teaming, full stack pen testing, and social engineering & physical access engagements.
Link to the recorded webinar: https://youtu.be/Fx2Ha8kIqgE
The document discusses trends and challenges related to critical infrastructure and cyber security. It summarizes GCSEC's involvement in several national and international initiatives in 2013 related to critical infrastructure protection. These initiatives include projects co-funded by the EU on topics like online fraud information sharing, smart grid security, and energy sector cyber threat information sharing. The document also discusses emerging threats to critical infrastructure from trends like greater internet usage and connectivity of devices. Critical infrastructure is defined as those facilities necessary for essential service delivery. The new trend in critical infrastructure protection is to have proper knowledge of perimeter and critical services, prioritize patch management, and conduct regular risk assessments.
1. Cyber Ethics and Cyber Crime
2. Security in Social Media & Risk of Child Internet
3. Social media in Schools and photo privacy
4. Risk of OSNs and Security, Privacy of Facebook
5. Risk and Security of Social Networking site Facebook and Twitter
6. Risk analysis of Government and Online Transaction
Chinatu Uzuegbu presents a practical and proactive approach to combating cyber crimes. They discuss key concepts like the CIA triad of confidentiality, integrity and availability. Cyber crimes are defined as unruly or malicious acts that lead to disclosure, modification or destruction of information assets. Some prevalent cyber crimes include social engineering, ransomware, and denial of service attacks. An effective approach involves identifying and classifying assets, determining appropriate protections, and ongoing monitoring. International frameworks and carrying stakeholders along are also emphasized.
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
The document discusses the risks posed by increased digital connectivity and cybersecurity issues in an interdependent global economy. It notes that while advancements have benefits, they also introduce new risks like cyber crimes, warfare, and espionage. The top global risks identified are income disparity, extreme weather events, unemployment, climate change, and cyber attacks. To address cyber risks, coordinated efforts are needed from individuals, technology users, providers, governments, and through global cooperation. This includes following security best practices, information sharing, developing legal norms, and collaborating across jurisdictions.
With more than 50,000 new malware created every day organisations can no longer afford to risk the financial and reputational impacts of a security or data breach, which can be too much for a business to recover from. Because of this, IT managers face increasing scrutiny and pressure from CEOs, managing directors and boards to prove that they are keeping the organisation secure.
The changing threat landscape means organisations need to be vigilant and smarter about security. While businesses still face threats from infected devices and malware, attackers have also moved beyond that. For example, there is an increasing number of targeted email attacks with cyber criminals spending time to monitor communications so they can imitate emails that are so sophisticated that even relatively savvy users will open them.
This webinar will explore the building blocks required to ensure you have the roadmap required to best protection against cyber attacks. We will provide you with a high level view of the following topics:
· Audit and discovery – What are your weaknesses and are you compliant?
· Education – Do your employees know when not to open that attachment?
· Policy – Do you have the right policies for your industry?
· Technology – Where to start and what has changed?
Defending Critical Infrastructure Against Cyber AttacksTripwire
In our increasingly connected world, networks of machines help critical infrastructure run more efficiently and prevent downtime. However, systems which were once isolated are now being exposed to digital security threats that operators never considered.
Joseph Blankenship of Forrester Research and Gabe Authier of Tripwire discuss the evolving threat landscape and how we can protect these critical assets from cyber threats.
Topics covered include:
-Examples of some of the most recent cyber-attacks to critical infrastructure
-Why traditional IT security approaches won't work
-Recommended approaches for securing critical infrastructure
Watch this previously recorded webinar event with special guest Karthik Sundaram of Frost & Sullivan as he expands on his recently published research, “Cybersecurity in the Era of Industrial IoT". Leveraging insights from actual use cases, new policy initiatives, and available solutions, the research explores cybersecurity approaches, including a deep dive into the concept of “defense-in-depth” and its implications for a converged IT-OT environment in the future.
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
This document provides an overview of critical infrastructure protection in Europe presented by Ignacio Paredes of the Industrial Cybersecurity Center. It discusses the convergence of physical and cyber worlds and how industrial control systems have become interconnected over TCP/IP and use general purpose operating systems. This has introduced cybersecurity challenges to operational technology environments. The document reviews cyber attacks on critical infrastructure like Stuxnet and Shamoon and regulations around critical infrastructure protection in the US and EU. It argues that identifying and prioritizing critical infrastructure is important but questions who will pay for protection and whether regulations have led to minimum compliance over real protection.
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
Critical infrastructure refers to physical and cyber assets so vital to a nation or organization that their incapacitation would have a debilitating impact. This includes sectors like energy, water, transportation and communications. The document outlines growing threats to critical infrastructure from both physical attacks and cyber incidents. It notes recent attacks on energy facilities, water systems and rail networks. While governments set standards, ultimate responsibility lies with infrastructure owners to assess vulnerabilities, design security into new systems, and partner through information sharing on threats and responses.
Role of Forensic Triage In Cyber Security Trends 2021Amrit Chhetri
Mr. Amrit Chhetri is a cyber security analyst, forensics researcher, and digital forensics mentor based in Siliguri, India. He has over 18 years of experience in fields including cyber security, incident response, and digital forensics.
He holds numerous cyber security and forensics certifications and has presented research papers on topics including forensics with AI, big data, IoT security, and cyber security architecture.
He teaches cyber security courses and serves as a technical editor for a leading forensics journal while also engaging with various cyber security organizations and forums.
The spread of information networks in communities and organizations have led to a daily huge volume of information exchange between different networks which, of course, has resulted in new threats to the national organizations. It can be said that information security has become today one of the most challenging areas. In other words, defects and disadvantages of computer network security address irreparable damage for enterprises. Therefore, identification of security threats and ways of dealing with them is essential. But the question raised in this regard is that what are the strategies and policies to deal with security threats that must be taken to ensure the security of computer networks? In this context, the present study intends to do a review of the literature by using earlier researches and library approach, to provide security solutions in the face of threats to their computer networks. The results of this research can lead to more understanding of security threats and ways to deal with them and help to implement a secure information platform.
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityShiva Bissessar
Brief impressions of the current state of Cyber Security development efforts in the Caribbean with focus on Trinidad and Tobago, as gleaned from the recently held (26th -28th May 2014) Caribbean Stakeholders Meeting (ICT) and knowledge of the landscape in Trinidad & Tobago.
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
The document discusses information and communication technology (ICT) supply chain security risks, existing practices for managing these risks, and emerging standards and frameworks. It notes risks like intentional insertion of malware, use of counterfeit components, and poor security practices in supplier networks. Additionally, it outlines government and industry efforts to develop guidelines and best practices for ICT supply chain risk management.
This document provides guidance for lawyers on data security issues and how to help clients meet data security standards. It discusses how lack of security knowledge is common among both personal and enterprise computer users. Various threats like viruses, worms, Trojans, bots, and spyware/adware are described. Examples of data security risks include loss of portable devices containing personal information, insecure home networks that employees access for work, and insecure disposal of physical documents and digital media. The document advises evaluating security controls and investing in tools to detect breaches and audit compliance.
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
Cyber attacks have increased in frequency and severity, and financial institutions are particularly interesting targets to cyber criminals. Join this presentation to learn the latest cybersecurity threats and challenges plaguing the financial industry, and the policies and solutions your organization needs to have in place to protect against them.
Viewers will learn:
• Current trends in Cyber attacks
• FFIEC Cyber Assessment Toolkit
• NIST Cybersecurity Framework principles
• Security Metrics
• Oversight of third parties
• How to measure cybersecurity preparedness
• Automated approaches to integrate Security into DevOps
About the Presenter:
Ulf Mattsson is the Chief Technology Officer of Security Solutions at Atlantic BT, and earlier at Compliance Engineering. Ulf was the Chief Technology Officer and a founder of Protegrity, He invented the Protegrity Vaultless Tokenization, Data Type Preservation (DTP2) and created the initial architecture of Protegrity's database security technology. Prior to Protegrity, Ulf worked 20 years at IBM in software development and in IBM's Research organization, in the areas of IT Architecture and Security, and received a US Green Card of class ‘EB 11 – Individual of Extraordinary Ability’ after endorsement by IBM. Ulf is the inventor of more than 45 patents in the areas of Encryption, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention
Hear how security pros are responding and adapting to increased attacks and breaches, including facilitating more comprehensive cyber threat management strategies and best practices and the increasing investments and resource utilization to mitigate these challenges. Listen to the webinar, based on the Cybersecurity Resource Allocation & Efficacy (CRAE) Index study for Q1 2021, from CyberRisk Alliance Business Intelligence to hear the panel of experts:
•Review survey results from CRAE Index’s Q1 global research study;
•Discuss the latest trends on proactive and reactive cybersecurity; and
•Hear insights on what lies ahead.
Michael Goldsmith and I presented an overview of cybersecurity capacity building and current research findings for delegates from across the Commonwealth nations. The first section of slides introduces the Global Cyber Security Capacity Centre (GCSCC), and the second part presents a comparative analysis of the status and impact of capacity building.
The Role Of Data Analytics In CybersecurityABMCollege2
If you've decided to pursue this path, take a look at ABM College's cybersecurity program. From understanding the fundamentals of security to mastering advanced data analysis and penetration testing, the college equips students with the knowledge to fill the industry's significant skills gap.
1) The document discusses cyber security standards and their implementation by governments and organizations to improve resilience against cyber attacks.
2) It provides an overview of common cyber security standards like ISO/IEC 27001, ISO 22301, and ISO/IEC 15408 which provide requirements and guidelines for cyber security management, business continuity, and evaluation of IT security.
3) Implementing cyber security standards helps establish controls to improve an organization's ability to prepare for, protect against, respond to, and recover from cyber threats and attacks.
Fortifying the Digital Fortress: A Comprehensive Guide to Cybersecurity Solut...greendigital
Introduction:
In an era dominated by digital innovation, the importance of cybersecurity cannot overstated. The threat landscape has evolved, with businesses, governments. and individuals relying on interconnected networks and digital platforms. This article aims to provide a comprehensive guide to cybersecurity solutions. exploring the current challenges, emerging trends. and practical strategies to safeguard against cyber threats.
Follow us on: Pinterest
I. Understanding the Cybersecurity Landscape:
A. The Evolution of Cyber Threats:
The cybersecurity landscape has seen a paradigm shift. with cyber threats becoming more sophisticated and diverse. From ransomware attacks to phishing schemes. understanding the different types of threats is crucial for developing robust cybersecurity solutions.
B. Impact on Businesses and Individuals:
The consequences of cyber threats extend beyond data breaches. Businesses face financial losses, reputational damage, and regulatory penalties. while individuals may experience identity theft and privacy violations. Examining the real-world impact highlights the urgency of implementing effective cybersecurity measures.
2. Key Components of Cybersecurity Solutions:
A. Endpoint Security:
This section delves into the importance of antivirus software, firewalls. and other endpoint protection measures.
B. Network Security:
Securing networks is paramount for preventing unauthorized access and protecting data in transit. Topics covered include firewalls, intrusion detection systems. and virtual private networks (VPNs), emphasizing the significance of a multi-layered defense approach.
C. Cloud Security:
With the proliferation of cloud services. ensuring data security stored in the cloud is critical. This section explores encryption, access controls. and other cloud security measures to mitigate risks associated with cloud-based solutions.
D. Application Security:
Cybercriminals often target applications as potential entry points. Discussing secure coding practices, penetration testing. and application firewalls sheds light on how organizations can fortify their applications against cyber threats.
E. Data Security:
Protecting sensitive data is at the core of cybersecurity. This section delves into encryption, data loss prevention (DLP), and secure data storage practices to safeguard information from unauthorized access.
3. Emerging Trends in Cybersecurity:
A. Artificial Intelligence and Machine Learning:
Integrating artificial intelligence (AI) and machine learning (ML) in cybersecurity solutions. revolutionizes threat detection and response. Explore how these technologies enhance the ability to identify anomalies. and predict potential threats.
B. Zero Trust Security Model:
The zero-trust model assumes that threats can originate within the network. and need verification from anyone trying to access resources. Discuss the principles and benefits of adopting a zero-trust approach.
C. Blockchain Technology:
7th ERM - S2 - Cyber security, Cyber Risk and Data Privacy - Kalpesh Doshi (1...TraintechTde
Cyber security risks are increasing and pose serious threats. The document discusses several alarming cyber attack statistics experienced by India and globally in recent years. It also outlines specific risks to the financial sector, including theft of funds, legal/regulatory issues, and loss of customer trust from cyber attacks. Effective cyber security requires organizations to be vigilant, adaptable, and have robust risk management practices in place.
This webinar discussed cyber security threats facing the Government of Canada and strategies to prevent and mitigate risks. It covered:
- Types of cyber threats including state-sponsored actors, cybercriminals, hacktivists, and script kiddies.
- Sectors of government information that are targeted, such as personal information, trade secrets, and natural resources data.
- The importance of patching systems and applications to prevent known vulnerabilities from being exploited.
- Additional best practices like network segmentation, limiting internet access points, and anticipating compromises to harden defenses.
- The need for government agencies, private sectors, and vendors to work together on cyber security as it requires a team effort.
Cyber Liability - Insurance Risk Management and PreparationEric Reehl
See how Adaptive Solutions is delivering leading cyber risk management solutions through its strategic alliance with Willis Towers Watson and Darklight Technologies.
The document provides an agenda for maturing an information security (IS) program using the NIST Cybersecurity Framework and FFIEC Cybersecurity Maturity Assessment. It discusses reasons to mature cybersecurity posture such as data breaches and their impact on the economy. It then outlines the NIST Cybersecurity Framework including its functions, categories, and subcategories. It also describes the FFIEC Maturity Assessment Tool and its domains for evaluating an organization's cybersecurity maturity. The document shares details about how one organization used these frameworks to improve their cybersecurity program over time from an initial assessment to continuous improvement.
SecureWeb3 - Developing a Comprehensive Cybersecurity Strategy for the Decent...Prasanna Hegde
The document outlines a proposed product strategy for developing a comprehensive cybersecurity solution for the decentralized future of Web3. It involves conducting market research and a customer analysis to understand needs and trends. The strategy defines the company's goals, highlights opportunities in Web3 security, and proposes a set of core product features to protect blockchain networks, smart contracts, decentralized applications, cryptocurrency transactions, and Web3 identities. These features are aimed at addressing common customer pain points around security, scalability, and ease of use. The strategy also covers pricing, distribution, marketing, and targeting key customer segments in a way that positions the solution as unique in the competitive landscape.
Lessons Learned from Implementing the Cybersecurity Capacity Maturity Model f...Carolin Weisser
This presentation was given by Prof Michael Goldsmith and Dr Patricia Esteve-González, both from the Global Cyber Security Capacity Centre (GCSCC), University of Oxford, at the 2020 Global Cybersecurity Capacity Building Conference in Melbourne, 18 February 2020.
The presentation includes:
- Mission, purpose and impact of the GCSCC
- Lessons learned from implementing the Cybersecurity Capacity Maturity Model for Nations (CMM) around the world
- The shaping and impacts of cybersecurity capacity: What is the status of cybersecurity capacity building? What factors are shaping capacity building within nations? What are the implications of capacity building for nations?
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
The January IIA meeting agenda covered cybersecurity topics including:
- A review of major 2015 cybersecurity incidents
- The 2015 Global Threat Index from the World Economic Forum
- Top cybersecurity risk predictions for 2016 such as the Internet of Things and insider threats
- Cybersecurity facts and figures on topics like data breaches and victims of cybercrime
- Potential risks of cyber-attacks including loss of data, interruptions, and costs
- The top 10 cybersecurity areas to consider auditing in 2016 including frameworks, assessments, third party risks, and business continuity
The document discusses cybersecurity issues and strategies. It provides background on the Internet Security Alliance (ISA), including its mission, priority programs, and board of directors. It then analyzes the changing threat landscape, characteristics of new attackers, insider threats, and the advanced persistent threat (APT). The document calls for a total risk management approach across technical, economic, legal and human resources functions to address cybersecurity challenges.
The document summarizes Matthew Rosenquist's predictions for the top 10 cybersecurity trends of 2015. These included:
1. Cyber warfare becoming a legitimate tool for governments and increasing sophistication of state-sponsored attacks.
2. Increased active government intervention in cybersecurity through law enforcement, international cooperation, and regulating critical infrastructure protection.
3. High demand and shortage of cybersecurity talent as attacks grow in scale and sophistication.
4. Continued targeting of high-profile organizations despite security improvements.
5. Attacks directly targeting individuals through ransomware and doxing of public figures.
6. Organizations overhauling their approach to risk management and increasing board involvement in security.
The survey found that the lingering effects of the global pandemic continue to impact cybersecurity staffing levels. Sixty percent of respondents reported difficulties retaining qualified cybersecurity professionals, a seven percentage point increase from 2020. Additionally, 63% of respondents said their organizations have unfilled cybersecurity positions, an eight percentage point increase from 2021. While the time to fill positions saw a modest improvement, with a five percentage point increase in positions being filled within six months, staffing shortages and retention challenges remain significant issues according to the survey results.
Similar to Capitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial Sector (20)
Slide Presentation from a Doctoral Virtual Open House presented on June 30, 2024 by staff and faculty of Capitol Technology University
Covers degrees offered, program details, tuition, financial aid and the application process.
Capitol Tech U Doctoral Info Session-June 30 2024.pptxCapitolTechU
Slides from a virtual open house presented by staff and faculty from Capitol Technology University. The session covered the doctoral program and included information on degrees, program modalities, tuition, financial aid and the application process.
Capitol Masters Presentation June 2024.pptxCapitolTechU
Slides from a Virtual Open House Presented by Capitol Technology University on June 26, 2024. Includes information on programs, application process, tuition and fees, and overview of the univeristy.
CapTechTalks Webinar Slides June 2024 Donovan Wright.pptxCapitolTechU
Slides from a Capitol Technology University webinar held June 20, 2024. The webinar featured Dr. Donovan Wright, presenting on the Department of Defense Digital Transformation.
slides CapTechTalks Webinar May 2024 Alexander Perry.pptxCapitolTechU
Slides from a webinar presented May 23, 2024 by Capitol Technology University and featuring faculty member Dr. Alexander Perry discussing hybrid quantum Machine Learning.
Capitol Tech U Masters Presentation May 2024CapitolTechU
Slides from a Virtual Information Session from Capitol Technology University covering accredited Master's degrees offered online by the university. Includes program details, costs, financial aid and the application process.
Slides from a Capitol Technology University presentation covering the doctoral programs offered by the university. Includes information on the degrees available, disciplines offered, modalities, tuition, financial aid and the application process. Presented by members of the faculty assisted by Admissions staff.
CapTechU Masters Presentation April 2024.pptxCapitolTechU
Slides from a Capitol Technology University virtual information session held April 24, 2024 and covering Online accredited master's degrees offered by the university. Includes details about degrees offered, tuition and fees, financial aid, and how the programs are set up.
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
Slides from a virtual open house held April 21, 2024 by Capitol Technology University and detailing online regtionally accredited doctoral degree programs offered by the unversity. Features information about programs, modalities, tuition, application procedures, and the doctoral process.
Slides CapTechTalks Webinar April 2024 Ilia Kolochenko.pptxCapitolTechU
Slides from a webinar presented by Capitol Technology University on April 18, 2024. Features a presentation given by Dr. Ilia Kolochenko and Cyber Law, Cybercrime Investigations and Response.
CapTechU Masters Info Session March 2024.pptxCapitolTechU
Slides from a Master's Degree Virtual Information Session held March 27, 2024 by Capitol Technology University. Slides cover the history of the university, accreditation, degrees offered, modalities, the online format, tuition, financial aid and the application process.
Slides CapTechTalks Webinar March 2024 Joshua Sinai.pptxCapitolTechU
Slides from a Capitol Technology University webinar presented on March 21, 2024 by Dr. Joshua Sinai. The webinar detailed how to develop a framework to assess risk and looked at the Maui Fires of 2023 and the Hamas attack of Israel, also in 2023. Dr. Sinai, an expert on counterterrorism and risk management looked at the causes of the failtures to anticipate the catastrophes how they should have been counteracted.
Slides from a Virtual Information Session from Capitol Technology University covering the doctoral programs offered by the university. Includes information on the university, its accreditation, doctoral academics, admissions, tuition and more. Presented March 20, 2024
Masters Presentation - February 2024.pptxCapitolTechU
Slides from Feb. 28, 2024 presentation by Capitol Technology University covering the online accredited masters degrees the University offers. Includes what programs are offered, who they are organized, and information on the application process, financial aid and more.
Slides from a webinar presented on Feb. 25, 2024 discussing doctoral programs at Capitol Technology University. Features information on degree programs, schedules, application, financial aid and more. Presenters include Dr. Ian McAndrew, Mr. Allen Exnor, Ms. Carmit Levin, and Mr. Bill Gibbs.
CapTechTalks Webinar Feb 2024 Darrell Burrell.pptxCapitolTechU
Slides from a Capitol Technology University webinar presented on Feb. 15, 2024 and featuring Dr. Darrell Burrell discussing "Finding Your Scholarly Voice: Using Peer-reviewed Publications to Showcase Your Expertise.
Masters Presentation - January 2024.pptxCapitolTechU
Slides from a Capitol Technology University presentation on accredited Master's degree programs offered online by the university. Includes information on degrees, program details, tuition, financial assistance and more.
CapTech Talks Webinar December 2023 Diane Janosek.pptxCapitolTechU
Slides from a webinar from Capitol Technology University presented in December 2023 and featuring Dr. Diane M. Janoske presenting on Data Governance. This session was part of the fall "Women in Cyber" Leadership Series.
CapTech Talks Webinar November 2023 Tom Vazdar slides.pptxCapitolTechU
Slides from a webinar presented Nov. 16, 2023 by Capitol Technology University and featuring Tom Vazdar, a noted banking cybersecurity expert from Europe.
Front Desk Management in the Odoo 17 ERPCeline George
Front desk officers are responsible for taking care of guests and customers. Their work mainly involves interacting with customers and business partners, either in person or through phone calls.
How to Store Data on the Odoo 17 WebsiteCeline George
Here we are going to discuss how to store data in Odoo 17 Website.
It includes defining a model with few fields in it. Add demo data into the model using data directory. Also using a controller, pass the values into the template while rendering it and display the values in the website.
Views in Odoo - Advanced Views - Pivot View in Odoo 17Celine George
In Odoo, the pivot view is a graphical representation of data that allows users to analyze and summarize large datasets quickly. It's a powerful tool for generating insights from your business data.
The pivot view in Odoo is a valuable tool for analyzing and summarizing large datasets, helping you gain insights into your business operations.
Understanding and Interpreting Teachers’ TPACK for Teaching Multimodalities i...Neny Isharyanti
Presented as a plenary session in iTELL 2024 in Salatiga on 4 July 2024.
The plenary focuses on understanding and intepreting relevant TPACK competence for teachers to be adept in teaching multimodality in the digital age. It juxtaposes the results of research on multimodality with its contextual implementation in the teaching of English subject in the Indonesian Emancipated Curriculum.
Integrated Marketing Communications (IMC)- Concept, Features, Elements, Role of advertising in IMC
Advertising: Concept, Features, Evolution of Advertising, Active Participants, Benefits of advertising to Business firms and consumers.
Classification of advertising: Geographic, Media, Target audience and Functions.
Principles of Roods Approach!!!!!!!.pptxibtesaam huma
Principles of Rood’s Approach
Treatment technique used in physiotherapy for neurological patients which aids them to recover and improve quality of life
Facilitatory techniques
Inhibitory techniques
How to Show Sample Data in Tree and Kanban View in Odoo 17Celine George
In Odoo 17, sample data serves as a valuable resource for users seeking to familiarize themselves with the functionalities and capabilities of the software prior to integrating their own information. In this slide we are going to discuss about how to show sample data to a tree view and a kanban view.
How to Add Colour Kanban Records in Odoo 17 NotebookCeline George
In Odoo 17, you can enhance the visual appearance of your Kanban view by adding color-coded records using the Notebook feature. This allows you to categorize and distinguish between different types of records based on specific criteria. By adding colors, you can quickly identify and prioritize tasks or items, improving organization and efficiency within your workflow.
2. Presented by Dr. Susan Goodwin
Cybersecurity Challenges in
the Financial Sector
3. Agenda
Bill Gibbs
Cap Tech Talks Host
1. About Capitol Technology University
2. Session pointers
3. About the presenter
4. Presentation: Dr. Susan Goodwin
5. Q & A
6. Upcoming webinars
7. Recording, Slides, Certificate
4. About
Established in 1927, We are
one of the only private
Universities in the state of
Maryland specifically
dedicated to engineering,
cybersecurity, computer
sciences and tech
management.
5. Nonprofit, Private &
Accredited
Capitol is a nonprofit, private accredited university
located in Laurel, Maryland, USA
Capitol Technology University is
accredited by the Commission on
Higher Education of the Middle
States Association of Colleges
and Schools
The University is authorized by
the State of Maryland to confer
Associate’s (A.A.S.), Bachelor’s
(B.S.), Master’s (M.S., M.B.A.,
T.M.B.A), and Doctoral
(D.B.A.,D.Sc., Ph.D.) degrees.
6. Session Pointers
• We will answer questions at the conclusion of the presentation. At any
time you can post a question in the text chat and we will answer as many
as we can.
• Microphones and webcams are not activated for participants.
• A link to the recording and to the slides will be sent to all registrants and
available on our webinar web page.
• A participation certificate is available by request for both Live Session and
On Demand viewers.
7. Presented by Dr. Susan Goodwin
Cybersecurity Challenges in
the Financial Sector
8. About the presenter: Dr. Susan
Goodwin
• Cybersecurity Consultant / Subject Matter Expert
• Capitol Technology University:
• Ph.D. Technology (2020)
• Adjunct Faculty / Dissertation Chair
• University of Massachusetts Lowell (M.S.
Cybersecurity, M.S. Information Technology, B.S.
Computer Science)
• Senior Member: IEEE, Society of Women Engineers
• Industry engineer experience: financial, healthcare,
government, military, and commercial; research, development,
consulting, cybersecurity/information assurance, system
administration, release engineering, documentation, quality
assurance, risk management
• Musician: cello, flute
10. Research
Dissertation: The Need for a Financial Sector Legal Standard to Support the NIST Framework for
Improving Critical Infrastructure Cybersecurity (Dr. Susan Goodwin, Capitol Technology University,
ProQuest, January 2021)
• My dissertation focuses on research and analysis of reported Financial Sector risks, failures and
impacts due to weak or lack of cybersecurity controls.
• The study also provides analysis of success stories of Financial Sector and other entities which have
adopted a cybersecurity framework.
• Dissertation research findings assert an upward trend of cyber attacks in the U.S. Financial Sector
during the COVID-19 pandemic, showing a need for adoption of cybersecurity best practices
throughout the sector to mitigate the trend.
• Several industry reports indicated a continued increase in cyber attacks from 2018 to 2020 with no
downward trends.
11. Financial Sector Cybersecurity
Challenges
Global cyber attack opportunists used the 2020 COVID-19 pandemic to exploit cybersecurity
vulnerabilities and gaps in the U.S. Financial Sector.
In 2020, Kellerman and Murphy published a report, Modern Bank Heists, summarizing the
findings of the VMWare Carbon Black survey of 25 chief information security officers from
leading financial institutions
https://www.vmware.com/resources/security/modern-bank-heists-2020.html
12. Financial Sector Cybersecurity
Challenges
• 27% of all cyber attacks in 2020 have targeted either the healthcare sector or the
financial sector, according to VMware Carbon Black data.
• Over one-quarter of all cyber attacks which occurred during the first five months of
2020 targeted the financial and healthcare sectors.
• The two sectors are entities within the United States Critical Infrastructure.
https://www.vmware.com/resources/security/modern-bank-heists-2020.html
13. Financial Sector Cybersecurity
Challenges
• 82% of surveyed financial institutions said cybercriminals have become more
sophisticated, leveraging highly targeted social engineering attacks and advanced
tactics, techniques and procedures for hiding malicious activity.
• These criminals exploit weaknesses in people, processes, and technology to gain
a foothold and persist in the network, enabling the ability to transfer funds and
exfiltrate sensitive data.
https://www.vmware.com/resources/security/modern-bank-heists-2020.html
14. Financial Sector Cybersecurity
Challenges
• 64% of surveyed financial institutions reported increased attempts of wire transfer
fraud, a 17 percent increase over 2019.
• The statistical upward trend only includes the first five months of 2020, but also
during the beginning of the pandemic.
https://www.vmware.com/resources/security/modern-bank-heists-2020.html
15. Financial Sector Cybersecurity
Challenges
• 25% of surveyed financial institutions said they were targeted by destructive
attacks over the past year.
• Destructive attacks are rarely conducted for financial gain. Rather, these attacks
are launched to be punitive by destroying data.
• One risk associated with this type of attack is the permanent loss of data when a
financial sector entity does not have a data backup plan.
https://www.vmware.com/resources/security/modern-bank-heists-2020.html
16. Financial Sector Cybersecurity
Challenges
• Ransomware attacks against the financial sector have increased by nine times
from the beginning of February to the end of April 2020.
• This statistical upward trend occurred during the onset of the pandemic in the
United States.
https://www.vmware.com/resources/security/modern-bank-heists-2020.html
17. Financial Sector Cybersecurity
Challenges
• 20% of surveyed financial institutions experienced a watering-hole attack during
the past year.
• In these attacks, financial institution and bank regulation websites are hijacked
and used to pollute visitors’ browsers.
• This tactic is increasing as cybercriminals recognize the implicit trust consumers
have in bank brands.
https://www.vmware.com/resources/security/modern-bank-heists-2020.html
18. Financial Sector Cybersecurity
Challenges
• The research results demonstrate that the number of cyber attacks in the U.S.
Financial Sector continue to grow in an upward trend across several major
categories of attacks between the beginning of 2018 and the end of the first five
months of 2020.
• The trends continued to increase upon the emergence of the 2020 COVID-19
pandemic, such as the number of ransomware attacks multiplying by nine times
between February and April 2020.
https://www.vmware.com/resources/security/modern-bank-heists-2020.html
19. Financial Sector Cybersecurity
Challenges
• Cybercriminals became more sophisticated and exploiting weaknesses in people,
processes, and technology in the U.S. Financial Sector.
• Cyber attack actors took advantage of the pandemic to further seek and exploit
cyber infrastructures in the U.S. Financial Sector.
https://www.vmware.com/resources/security/modern-bank-heists-2020.html
20. Cybersecurity Frameworks
Prameet Roy, Information Security & Risk Management Consultant, performed a study in 2020
comparing the NIST Cybersecurity Framework and the ISO 27001 Information Security Standard.
Roy found that both frameworks provide robust methodologies on cybersecurity which address
threats and breaches, ensuring the 3 pillars of confidentiality, integrity, and availability.
Roy concluded that the main advantages of the NIST Cybersecurity Framework over ISO 27001
are:
• The structure of the NIST Framework enables its implementation at an enterprise level
• The NIST Framework is more user friendly
• The NIST Framework is streamlined
https://www.nist.gov/cyberframework
21. Cybersecurity Frameworks
• The National Institute of Standards and Technology (NIST) published the NIST Framework
for Improving Critical Infrastructure Cybersecurity of 2014, followed by an updated version in
2017.
• The Framework, which was developed as a joint effort between the U.S. Federal Government
and the private sector, serves only as a guideline and is not mandated by any legal authority.
Currently, adoption of the Framework is voluntary.
https://www.nist.gov/cyberframework
22. The NIST Cybersecurity
Framework
The NIST Framework provides general guidance which pro-actively addresses the elements of each
of the findings:
• Risk management
• Planning cybersecurity incident response
• Setting policies processes, and procedures
• Planning the requirements for protective technology
• Planning controls and detection
• Planning post-incident analysis
• Planning mitigation for future incidents
https://www.nist.gov/cyberframework
23. The NIST Cybersecurity
Framework
The NIST Cybersecurity Framework consists of Three Components:
1. Framework Core
2. Implementation Tiers
3. Profile
https://www.nist.gov/cyberframework/online-learning/components-framework
24. The NIST Cybersecurity
Framework
1. Framework Core
• A set of desired cybersecurity activities and outcomes organized into categories and aligned
to Informative References
• Designed to be intuitive and simplistic
• Consists of three parts: Functions, Categories, and Subcategories
• Five high level functions: Identify, Protect, Detect, Respond, and Recover
https://www.nist.gov/cyberframework/online-learning/components-framework
25. The NIST Cybersecurity
Framework
The NIST Cybersecurity Framework Core:
https://www.nist.gov/cyberframework/online-learning/components-framework
26. The NIST Cybersecurity
Framework
2. Implementation Tiers
• Tiers describe the degree to which an organization’s cybersecurity risk management
practices show the characteristics defined in the Framework
• The Tiers range from Partial (Tier 1) to Adaptive (Tier 4) and describe an increasing degree
of rigor, and how well integrated cybersecurity risk decisions are into broader risk decisions,
and the degree to which the organization shares and receives cybersecurity info from
external parties
• Tiers do not necessarily represent maturity levels
https://www.nist.gov/cyberframework/online-learning/components-framework
27. The NIST Cybersecurity
Framework
The NIST Cybersecurity Framework Implementation Tiers
https://www.nist.gov/cyberframework/online-learning/components-framework
28. The NIST Cybersecurity
Framework
3. Profile
• An organization's unique alignment of organizational requirements, objectives, risk appetite,
and resources against the desired outcomes of the Framework Core
• Profiles can be used to identify opportunities for improving cybersecurity posture by
comparing a “Current” Profile with a “Target” Profile
https://www.nist.gov/cyberframework/online-learning/components-framework
29. The NIST Cybersecurity
Framework
The NIST Cybersecurity Framework Implementation Tiers
https://www.nist.gov/cyberframework/online-learning/components-framework
30. The NIST Cybersecurity
Framework
• The authors of the NIST Framework intended its guidance to be voluntarily adoptable by any
organization in any country (not only by U.S. organizations), and the Framework’s core functions
are identical for all adopting organizations
• The findings and recommendations from NIST Framework assessments, are examples for other
organizations, such as U.S. Financial Sector entities, for cybersecurity risk assessment and
mitigation through Framework adoption.
• The Framework’s cybersecurity principles and risk management guidance can apply to any
organization.
https://www.nist.gov/cyberframework
31. The NIST Cybersecurity
Framework
According to the U.S. Government’s Cybersecurity & Infrastructure Security Agency (CISA), the
NIST Cybersecurity Framework can be used for:
• Alignment of mission objectives with cybersecurity decisions
• Organization of security requirements derived from policy, legislation, regulation, and best
practices in industry
• Communication of cybersecurity requirements to stakeholders, including suppliers and partners
• Integration of the risk management of civil liberties and privacy into cybersecurity activities
• Measure current state and express desired state
• Prioritize cybersecurity resources and objectives
• Analysis of risk and expenditure trade-offs
https://www.cisa.gov/using-cybersecurity-framework
32. The NIST Cybersecurity
Framework
In 2020, NIST published an online catalog of eight NIST Cybersecurity Framework global success
stories, including three U.S. academic institutions: University of Kansas Medical Center, University
of Pittsburgh, and University of Chicago.
The university implements the Baldrige Cybersecurity Excellence Builder, a framework for self-
assessment and program development, in conjunction with the NIST Cybersecurity Framework.
Results and positive impact of Framework adoption by the University of Kansas Medical Center
include:
• Identification of gaps resulting in action plans, funding opportunities and deep alignment to
the business
• Better understanding by team members of their roles and engaging other employees and
partners in cybersecurity protection
https://www.nist.gov/cyberframework/success-stories
33. The NIST Cybersecurity
Framework
Initially, the University of Pittsburgh did not have centralized cybersecurity management or a
unifying cybersecurity standard.
Adoption and implementation of the Framework provided the university with “better knowledge and
perspective about its management of cybersecurity risks and identified multiple opportunities for
better coordination of its cybersecurity approaches, investments, and priority needs”.
The benefits of Framework adoption by the University of Pittsburgh include:
• Consistency in data management standards across a decentralized environment
• Execution of a security assessment across the organization which identified the need for a
prioritized data security mitigation and remediation plan
https://www.nist.gov/cyberframework/success-stories
34. The NIST Cybersecurity
Framework
All twenty-three departments of the Biological Sciences Division of the University of Chicago
benefitted from implementation of the Framework with a “consistent, risk-informed, cybersecurity
program” of:
• Aligned security risk expectations
• A common set of target outcomes
• Prioritized security goals
Results of Framework implementation include the education of all users on the university’s
cybersecurity program and continuous monitoring of program improvements.
https://www.nist.gov/cyberframework/success-stories
35. Recommendations
• The Financial Sector, one of sixteen Department of Homeland Security critical infrastructure sectors,
should be mandated to adopt a framework such as the NIST Cybersecurity Framework, based on
risk impacts and inconsistency and accountability of best practices implementation across the sector.
• As an example, the NIST Cybersecurity Framework provides a tailorable outline of best practices,
including risk management.
https://www.nist.gov/cyberframework
36. Recommendations
• The NIST Cybersecurity Framework has been proven to be successful in preventing cybersecurity
incidents as determined in case studies from academia and various industries.
• The implementation of the NIST Cybersecurity Framework in each of the cases was proven to
mitigate or reduce cyber risk impacts as well as strengthen the organizations’ cybersecurity
infrastructure.
https://www.nist.gov/cyberframework
37. Conclusion
• Until the U.S. Financial Sector takes action to adopt consistent cybersecurity best practices,
especially as shown by vulnerabilities exposed during a pandemic, the risk impacts will continue to
rise as cyber criminals become more sophisticated in their actions.
• Vulnerabilities during the pandemic include gaps in infrastructure personnel coverage, cybersecurity
infrastructure weaknesses due to employees working from home, delays of cybersecurity
infrastructure updates.
• Established and proven frameworks, such as the NIST Cybersecurity Framework, provide guidance
for prevention and mitigation of such vulnerabilities.
39. Upcoming Webinars
Infrastructure: Critical
Challenges &
Differences
Between the Private &
Public Sectors
Dr. Nikki Robinson
Mar.17
Tech Career Skills
Identification &
Communication in
Writing a Resume
Connie Harrington
Apr. 14
Tips for Finding
Career Success in
Technology
Vennard Wright
May 19
41. Recording, Slides & Certificate
A copy of the slides and a
link to the recording will be
sent to all registrants.
Watch for an email
A Certificate of Completion
is available upon request to
both live session and On
Demand viewers
Simply reply to the email
42. Thanks for Joining Us!
Thank You!
This concludes today’s webinar
Watch for a follow up email that contains:
1. How to get a Participation Certificate (Available by
request for both Live Session and On Demand
viewers)
2. Link to the webinar recording and slides
3. Info on upcoming webinars