![Page 1: IT Cybersecurity for Counties - TAC - Home · 1 October, 2018 CYBERSECURITY AT COUNTIES 7/27/17 1 AGENDA 10/10/2018 2 Major Cybersecurity Threats Challenges Quick Wins and Long Term](https://reader035.vdocuments.site/reader035/viewer/2022062415/5fe49f32ef38bb7ec33aef5e/html5/thumbnails/1.jpg)
73rd AnnualTexas Association
of County Auditors Fall Conference
Holiday Inn San Antonio RiverwalkSan Antonio, Texas
October 16-19, 2018
AnniversarySAN ANTONIO
300
DE BÉJAR
th
Welcome to the River City
IT Cybersecurity for Counties
Wednesday, October 17
1:05-1:55 p.m.
Michael Cheng, Head of Information Security, Bexar County
This session will introduce an effective framework to quickly improve counties'
cybersecurity posture.
![Page 2: IT Cybersecurity for Counties - TAC - Home · 1 October, 2018 CYBERSECURITY AT COUNTIES 7/27/17 1 AGENDA 10/10/2018 2 Major Cybersecurity Threats Challenges Quick Wins and Long Term](https://reader035.vdocuments.site/reader035/viewer/2022062415/5fe49f32ef38bb7ec33aef5e/html5/thumbnails/2.jpg)
Michael Cheng, Head of Information Security, Bexar County, San Antonio Cheng joined Bexar County Information Technology as the head of information security in June 2018. He is responsible for establishing and maintaining vision, strategy, and program to ensure Bexar County information assets and technologies are adequately protected. Prior to current position, Cheng was Chief Information Security Officer at Aviage Systems, one of GE Aviation’s
joint ventures.
![Page 3: IT Cybersecurity for Counties - TAC - Home · 1 October, 2018 CYBERSECURITY AT COUNTIES 7/27/17 1 AGENDA 10/10/2018 2 Major Cybersecurity Threats Challenges Quick Wins and Long Term](https://reader035.vdocuments.site/reader035/viewer/2022062415/5fe49f32ef38bb7ec33aef5e/html5/thumbnails/3.jpg)
1
October, 2018
CYBERSECURITY AT COUNTIES
7/27/17 1
AGENDA
10/10/2018 2
Major Cybersecurity Threats
Challenges
Quick Wins and Long Term Strategy
![Page 4: IT Cybersecurity for Counties - TAC - Home · 1 October, 2018 CYBERSECURITY AT COUNTIES 7/27/17 1 AGENDA 10/10/2018 2 Major Cybersecurity Threats Challenges Quick Wins and Long Term](https://reader035.vdocuments.site/reader035/viewer/2022062415/5fe49f32ef38bb7ec33aef5e/html5/thumbnails/4.jpg)
2
MAJOR CYBERSECURITY THREATS
10/10/2018 3
10/10/2018 4
![Page 5: IT Cybersecurity for Counties - TAC - Home · 1 October, 2018 CYBERSECURITY AT COUNTIES 7/27/17 1 AGENDA 10/10/2018 2 Major Cybersecurity Threats Challenges Quick Wins and Long Term](https://reader035.vdocuments.site/reader035/viewer/2022062415/5fe49f32ef38bb7ec33aef5e/html5/thumbnails/5.jpg)
3
THREATS TO STATES/COUNTIES/CITIES
10/10/2018 5
WE ARE TARGETED
10/10/2018 6
Government agencies are ranked #7 sectors in Americas, experiencing most cyber-attacks and
system compromises in 2017
![Page 6: IT Cybersecurity for Counties - TAC - Home · 1 October, 2018 CYBERSECURITY AT COUNTIES 7/27/17 1 AGENDA 10/10/2018 2 Major Cybersecurity Threats Challenges Quick Wins and Long Term](https://reader035.vdocuments.site/reader035/viewer/2022062415/5fe49f32ef38bb7ec33aef5e/html5/thumbnails/6.jpg)
4
THINGS ARE AT RISK
10/10/2018 7
Election Systems & Election Information
Criminal Justice Information (CJI) & Criminal History Record Information (CHRI)
Personal Identified Information (PII)
Personal Medical Information
Payment Card Data
Government Secrets
“2018 Data Breach Investigation Report” by Verizon
POSSIBLE ENTRY POINTS
10/10/2018 8
Phishing Emails
System Vulnerabilities
Incorrect Configurations
Third Parties
![Page 7: IT Cybersecurity for Counties - TAC - Home · 1 October, 2018 CYBERSECURITY AT COUNTIES 7/27/17 1 AGENDA 10/10/2018 2 Major Cybersecurity Threats Challenges Quick Wins and Long Term](https://reader035.vdocuments.site/reader035/viewer/2022062415/5fe49f32ef38bb7ec33aef5e/html5/thumbnails/7.jpg)
5
CHALLENGES
10/10/2018 9
CHALLENGES COUNTIES ARE COMMONLY FACING
Out-of-date IT Infrastructure
Over-used Privileged Accounts
Lack of Boundary Defense
Ignorance of Security Incidents
…
10/10/2018 10
We are extremely vulnerable
![Page 8: IT Cybersecurity for Counties - TAC - Home · 1 October, 2018 CYBERSECURITY AT COUNTIES 7/27/17 1 AGENDA 10/10/2018 2 Major Cybersecurity Threats Challenges Quick Wins and Long Term](https://reader035.vdocuments.site/reader035/viewer/2022062415/5fe49f32ef38bb7ec33aef5e/html5/thumbnails/8.jpg)
6
QUICK WINS AND LONG TERM STRATEGY
10/10/2018 11
THINGS TO QUICKLY ENHANCE CYBERSECURITY
Asset Management Inventory and control of hardware devices
Inventory and control of software
Control security configurations of hardware and software
Access Control Control of Privileged Accounts
Vulnerability Management Continuous vulnerability management
Security Monitoring Maintenance, Monitoring and Analysis of Audit Logs
10/10/2018 12
![Page 9: IT Cybersecurity for Counties - TAC - Home · 1 October, 2018 CYBERSECURITY AT COUNTIES 7/27/17 1 AGENDA 10/10/2018 2 Major Cybersecurity Threats Challenges Quick Wins and Long Term](https://reader035.vdocuments.site/reader035/viewer/2022062415/5fe49f32ef38bb7ec33aef5e/html5/thumbnails/9.jpg)
7
RESOURCES TO LEVERAGE
10/10/2018 13
MS-ISAC (https://www.cisecurity.org/ms-isac/)
DHS
Texas DIR contracts and services
LONG TERM STRATEGY
10/10/2018 14
Establish Cybersecurity Program
Adopt Mature Cybersecurity Framework, CIS Top 20 Controls, NIST, etc.
Transform IT Infrastructure, cloud based
![Page 10: IT Cybersecurity for Counties - TAC - Home · 1 October, 2018 CYBERSECURITY AT COUNTIES 7/27/17 1 AGENDA 10/10/2018 2 Major Cybersecurity Threats Challenges Quick Wins and Long Term](https://reader035.vdocuments.site/reader035/viewer/2022062415/5fe49f32ef38bb7ec33aef5e/html5/thumbnails/10.jpg)
8
THANKS
10/10/2018 15
Michael Cheng – Head of Information Security @ Bexar County, [email protected], 210-335-0208
![Page 11: IT Cybersecurity for Counties - TAC - Home · 1 October, 2018 CYBERSECURITY AT COUNTIES 7/27/17 1 AGENDA 10/10/2018 2 Major Cybersecurity Threats Challenges Quick Wins and Long Term](https://reader035.vdocuments.site/reader035/viewer/2022062415/5fe49f32ef38bb7ec33aef5e/html5/thumbnails/11.jpg)
Free Lined Graph Paper from http://incompetech.com/graphpaper/lined/
![Page 12: IT Cybersecurity for Counties - TAC - Home · 1 October, 2018 CYBERSECURITY AT COUNTIES 7/27/17 1 AGENDA 10/10/2018 2 Major Cybersecurity Threats Challenges Quick Wins and Long Term](https://reader035.vdocuments.site/reader035/viewer/2022062415/5fe49f32ef38bb7ec33aef5e/html5/thumbnails/12.jpg)
Free Lined Graph Paper from http://incompetech.com/graphpaper/lined/