SlideShare ist ein Scribd-Unternehmen logo

Managing Cyber and Five Other Technology Risks

Lincoln Institute of Land Policy
Lincoln Institute of Land Policy

This document discusses the importance of managing technology risks for municipal governments. It identifies six categories of technology risk: cybersecurity, financial, operational, legal, reputational, and societal. Cybersecurity risks like data breaches and network intrusions are discussed in depth. The document emphasizes that developing technological proficiency requires strong governance, planning, cyber hygiene practices, and technical competency. It provides a five-stage model for assessing an organization's maturity in managing technology risks and recommends that all organizations start prioritizing technological proficiency.

Regierungs- und gemeinnützige Organisationen
1 von 30
Downloaden Sie, um offline zu lesen
MANAGING CYBER AND FIVE OTHER TECHNOLOGY RISKS WHAT MUNICIPAL OFFICIALS AND SENIOR EXECUTIVES NEED TO KNOW CRITICAL ISSUES FOR THE FISCAL HEALTH OF NEW ENGLAND CITIES AND TOWNS APRIL 8 ,2016 Presented By Marc Pfeiffer, Principal Investigator and Assistant Director, Bloustein Local Government Research Center, Rutgers University
THE TECHNOLOGY MANAGEMENT OPPORTUNITY: • Integrating new technologies into a government environment that includes: • Cost/tax/fee pressures • Citizen expectations • Political dynamics that work against against long-term planning • “We can defer that purchase for another year, can’t we?”
KEY TECHNOLOGY MANAGEMENT CHALLENGES • Determining what we need, want, can afford; when and how we get it, how to manage it • Understanding that “technology” is more than “information technology”, but also includes operational and communications technologies; and they all have risks to manage • Understanding the risks; and that technology risks go beyond cyber-security; that it includes the other risks that need to be reckoned with • Knowing that managing technology and their risks is a not journey with a destination; it is an ongoing and evolving activity
WHAT IS TECHNOLOGICAL RISK?
Categories of Technology Risk Cyber- security Financial Opera- tional Legal Reputa- tional Societal
1. CYBER SECURITY • Banking incursions – electronic funds transfer • Data/PII breach/theft • Network breach/use as a remote host • Access to networked control systems • Credit card security • Cyber extortion – DDOS, Cryptolocker/ransomware • Website/Social Media Security
TYPES OF THREATS – SO FAR Targeted Attacks • Local government agencies are not usually specifically targeted, but you might be targeted by someone disgruntled or if something goes wrong Mass Attacks • This stems from successful email phishing and its cousins, and social engineering attacks Your Humans: • Clicking on the wrong link/opening the wrong file Bottom line: bad guys try to manipulate people into divulging personal or business information or tricking them into schemes to defraud
2. LEGAL RISKS
THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources
THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources 4. Financial – costs of responses to breaches and operational failure
THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources 4. Financial – costs of responses to breaches and operational failure 5. Reputational risks
THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources 4. Financial – costs of responses to breaches and operational failure 5. Reputational risks 6. Society driven risks
MANAGING TECHNOLOGY RISKS: THE NEED FOR TECHNOLOGICAL PROFICIENCY
A TECHNOLOGICALLY PROFICIENT ORGANIZATION …Understands the links between its business processes and its technology …Understands its technology needs …Is assured that the technology will work when it needs to, including routine and emergency situations …Is capable of protecting itself against compromise, including protecting and responding to cyber threats
DEVELOPING TECHNOLOGICAL PROFICIENCY To the extent one is weaker than the other, they are all weaker. ProficiencyGovernance Planning Cyber Hygiene Technical Competency
GOVERNANCE Governing boards cannot ignore technology or delegate key elements • Reputational and financial risks cannot be delegated • Governing body and chief executive must be engaged • Includes technology managers, fiscal staff, public safety, operational representation; can include responsible citizens.
GOVERNANCE Management needs to set the tone from the top, down: • Understands technology as an enterprise-wide risk management issue • Create a technology governance process • Has adequate access to technology expertise • Develop risk management processes • Adopts technology policies • Establish a technology planning process • Ensure reports to elected officials are meaningful
PLANNING Determines how you spend technology resources Key elements of the plan: • Matches organizational goals to technology goals • Assessment of technology assets, services, resources (hardware, software, networks, contractors, facilities, people) • Identify priorities of changes in technology solutions and activities • Assess and address technology risks • Define the information security management framework • Address “make or buy” decisions • Assign plan execution responsibilities to appropriate staff and tie plan to organization budget • Use a practical time horizon: No more than 3 years and review annually (or more often )
CYBER HYGIENE
BECAUSE… The bulk of successful attacks come because an employee clicked on something they shouldn’t have, so… • Train (and retrain) your humans • Consider intrusion testing • Have informed employee policies
TECHNICAL COMPETENCE Implement the plan with technical competency • Keep Governance updated on activities • Apply and enforce policies • Ensure that all tech employees are trained and contractors are secure • Keep aware of changing circumstances and technology, and SHARE information with peers • Be consistent; do not slack off
http://blousteinlocal.rutgers.edu/managing-technology-risk/
TECHNOLOGY PROFICIENCY MATURITY MODEL • UnawareStage 1 • FragmentedStage 2 • Top Down/EvolvingStage 3 • Managed/PervasiveStage 4 • Optimized/NetworkedStage 5
RISKPOTENTIAL UNAWARE FRAGMENTED DEFINED MANAGED OPTIMIZED MATURITY LEVEL MATURITY AND RISK POTENTIAL
TECHNOLOGY PROFILES BASIC
WHAT SHOULD I DO?
PUT TECHNOLOGY PROFICIENCY ON YOUR ORGANIZATIONS AGENDA You can’t do this overnight; it will always be a work in progress. It will likely cost new resources of time, attention, and $$ Remember, proficiency and cybersecurity are an ongoing process and challenge, NOT a destination! And every organization is at a different spot on the map So… START
STUDY CONDUCTED BY: Marc Pfeiffer, Assistant Director Bloustein Local Government Research Center Bloustein School of Planning and Public Policy Rutgers, The State University 33 Livingston Street, New Brunswick 08901 marc.pfeiffer@rutgers.edu 848-932-2830 http://blousteinlocal.rutgers.edu/managing-technology-risk/ Under a grant provided by the: Municipal Excess Liability Joint Insurance Fund 9 Campus Drive - Suite 16 Parsippany, NJ 07054 (201) 881-7632 With an assist from Dr. Alan Shark, Director of the Center for Technology Leadership at the Rutgers School of Public Affairs and Administration, and Executive Director, Public Technology Institute All materials © 2015 by Rutgers and the Municipal Excess Liability Joint Insurance Fund

Empfohlen

Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
31 ijaprr vol1-4-29-35harmeet
31 ijaprr vol1-4-29-35harmeet31 ijaprr vol1-4-29-35harmeet
31 ijaprr vol1-4-29-35harmeetijaprr_editor
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information PolicyMLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and controlYulias Sihombing, Ak, MAk, CIA
 

Empfohlen

Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
31 ijaprr vol1-4-29-35harmeet
31 ijaprr vol1-4-29-35harmeet31 ijaprr vol1-4-29-35harmeet
31 ijaprr vol1-4-29-35harmeetijaprr_editor
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Lesson 1- Information Policy
Lesson 1- Information PolicyLesson 1- Information Policy
Lesson 1- Information PolicyMLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and controlYulias Sihombing, Ak, MAk, CIA
 
ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devicesMarc Vael
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherEOTSS
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyResilient Systems
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Peter ODell
 
Cyber Rangers S1 E2
Cyber Rangers S1 E2Cyber Rangers S1 E2
Cyber Rangers S1 E2JudyEvans8
 
Privacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident ResponsePrivacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident ResponseID Experts
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security ContinuumMartin Hingley
 
Operational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solutionOperational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solutionFaysal Ghauri
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningKeyaan Williams
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Online BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techOnline BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techBradford Sims
 
Secuntialesse
SecuntialesseSecuntialesse
SecuntialesseAnne Starr
 
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...Levi Shapiro
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat KeynoteJohn D. Johnson
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guideAstalapulosListestos
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 

Weitere ähnliche Inhalte

Was ist angesagt?

ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devicesMarc Vael
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherEOTSS
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyResilient Systems
 
Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Peter ODell
 
Cyber Rangers S1 E2
Cyber Rangers S1 E2Cyber Rangers S1 E2
Cyber Rangers S1 E2JudyEvans8
 
Privacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident ResponsePrivacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident ResponseID Experts
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security ContinuumMartin Hingley
 
Operational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solutionOperational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solutionFaysal Ghauri
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningKeyaan Williams
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Online BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techOnline BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techBradford Sims
 
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...Levi Shapiro
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat KeynoteJohn D. Johnson
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 

Was ist angesagt? (20)

ISACA smart security for smart devices
ISACA smart security for smart devicesISACA smart security for smart devices
ISACA smart security for smart devices
 
Information Security
Information SecurityInformation Security
Information Security
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better Together
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014Cyber threat enterprise leadership required march 2014
Cyber threat enterprise leadership required march 2014
 
Cyber Rangers S1 E2
Cyber Rangers S1 E2Cyber Rangers S1 E2
Cyber Rangers S1 E2
 
Privacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident ResponsePrivacy and Security: Teamwork Required to Tackle Incident Response
Privacy and Security: Teamwork Required to Tackle Incident Response
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security Continuum
 
Operational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solutionOperational technology threats in developing countries and possible solution
Operational technology threats in developing countries and possible solution
 
Risk Management and Security in Strategic Planning
Risk Management and Security in Strategic PlanningRisk Management and Security in Strategic Planning
Risk Management and Security in Strategic Planning
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Online BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol techOnline BS in Construction Management and Critical Infrastructure at capitol tech
Online BS in Construction Management and Critical Infrastructure at capitol tech
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
 
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote2011 SC Magazine Insider Threat Keynote
2011 SC Magazine Insider Threat Keynote
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 

Ähnlich wie Managing Cyber and Five Other Technology Risks

It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guideAstalapulosListestos
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. HawkinsSteel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkinslthawkins
 
Managing IT projects by David Bustin
Managing IT projects by David BustinManaging IT projects by David Bustin
Managing IT projects by David BustinDavid Bustin
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereBIJFMCF Journal
 
100531 it management dpa upload
100531 it management dpa upload100531 it management dpa upload
100531 it management dpa uploadplpictimatec
 
Technology intelliegence & forecasting
Technology intelliegence & forecastingTechnology intelliegence & forecasting
Technology intelliegence & forecastingVijayKrKhurana
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxSUBHI7
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereFinancialMarketCorpo
 
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...Black Duck by Synopsys
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsRd. R. Agung Trimanda
 
A Critical Appraisal of Technology in the University
A Critical Appraisal of Technology in the University A Critical Appraisal of Technology in the University
A Critical Appraisal of Technology in the UniversityRichard Hall
 
Using ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernanceUsing ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernancePECB
 
Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Matthew Rosenquist
 
Technology forcasting ch#5
Technology forcasting ch#5Technology forcasting ch#5
Technology forcasting ch#5Yasir Abbas
 

Ähnlich wie Managing Cyber and Five Other Technology Risks (20)

It and business risk alignment guide
It and business risk alignment guideIt and business risk alignment guide
It and business risk alignment guide
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
 
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. HawkinsSteel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
Steel Point Solutions IAS Track 3 "Sustaining a Cyber Workforce" by L.T. Hawkins
 
Managing IT projects by David Bustin
Managing IT projects by David BustinManaging IT projects by David Bustin
Managing IT projects by David Bustin
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
 
1_ICT.pdf
1_ICT.pdf1_ICT.pdf
1_ICT.pdf
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
 
100531 it management dpa upload
100531 it management dpa upload100531 it management dpa upload
100531 it management dpa upload
 
S36169184
S36169184S36169184
S36169184
 
Technology intelliegence & forecasting
Technology intelliegence & forecastingTechnology intelliegence & forecasting
Technology intelliegence & forecasting
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docx
 
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting SphereTo Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
To Assess the Main Drawbacks of Advanced Technology for the Accounting Sphere
 
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
The New Development Organization: Embracing “Open” and “Sharing” to Deliver S...
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
 
A Critical Appraisal of Technology in the University
A Critical Appraisal of Technology in the University A Critical Appraisal of Technology in the University
A Critical Appraisal of Technology in the University
 
1_ICT.pptx
1_ICT.pptx1_ICT.pptx
1_ICT.pptx
 
Using ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernanceUsing ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and Governance
 
Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015Top 10 Cybersecurity Predictions for 2015
Top 10 Cybersecurity Predictions for 2015
 
Technology forcasting ch#5
Technology forcasting ch#5Technology forcasting ch#5
Technology forcasting ch#5
 

Mehr von Lincoln Institute of Land Policy

What Research Shows about Resurgent Cities: Lessons for Policy Makers
What Research Shows about Resurgent Cities: Lessons for Policy MakersWhat Research Shows about Resurgent Cities: Lessons for Policy Makers
What Research Shows about Resurgent Cities: Lessons for Policy MakersLincoln Institute of Land Policy
 
Fiscal Distress in Local Governments: Opportunities for State/Local Partnership
Fiscal Distress in Local Governments: Opportunities for State/Local PartnershipFiscal Distress in Local Governments: Opportunities for State/Local Partnership
Fiscal Distress in Local Governments: Opportunities for State/Local PartnershipLincoln Institute of Land Policy
 
Rhode Island's Fiscal Stability Act and Municipal Transparency Portal
Rhode Island's Fiscal Stability Act and Municipal Transparency PortalRhode Island's Fiscal Stability Act and Municipal Transparency Portal
Rhode Island's Fiscal Stability Act and Municipal Transparency PortalLincoln Institute of Land Policy
 
Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...
Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...
Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...Lincoln Institute of Land Policy
 
Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...
Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...
Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...Lincoln Institute of Land Policy
 
Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...
Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...
Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...Lincoln Institute of Land Policy
 

Mehr von Lincoln Institute of Land Policy (20)

Land Value Capture Examples
Land Value Capture ExamplesLand Value Capture Examples
Land Value Capture Examples
 
Rethinking Property Tax Incentives for Business
Rethinking Property Tax Incentives for BusinessRethinking Property Tax Incentives for Business
Rethinking Property Tax Incentives for Business
 
Nonprofits, the Property Tax, and PILOTs in New England
Nonprofits, the Property Tax, and PILOTs in New EnglandNonprofits, the Property Tax, and PILOTs in New England
Nonprofits, the Property Tax, and PILOTs in New England
 
Working Cities Challenge
Working Cities ChallengeWorking Cities Challenge
Working Cities Challenge
 
What Research Shows about Resurgent Cities: Lessons for Policy Makers
What Research Shows about Resurgent Cities: Lessons for Policy MakersWhat Research Shows about Resurgent Cities: Lessons for Policy Makers
What Research Shows about Resurgent Cities: Lessons for Policy Makers
 
Best Practices for Funding Retirement & Benefits
Best Practices for Funding Retirement & BenefitsBest Practices for Funding Retirement & Benefits
Best Practices for Funding Retirement & Benefits
 
Nonprofits, the Property Tax, and PILOTs in New England
Nonprofits, the Property Tax, and PILOTs in New EnglandNonprofits, the Property Tax, and PILOTs in New England
Nonprofits, the Property Tax, and PILOTs in New England
 
What's Up With Property Taxes
What's Up With Property TaxesWhat's Up With Property Taxes
What's Up With Property Taxes
 
Fiscal Distress in Local Governments: Opportunities for State/Local Partnership
Fiscal Distress in Local Governments: Opportunities for State/Local PartnershipFiscal Distress in Local Governments: Opportunities for State/Local Partnership
Fiscal Distress in Local Governments: Opportunities for State/Local Partnership
 
Rhode Island's Fiscal Stability Act and Municipal Transparency Portal
Rhode Island's Fiscal Stability Act and Municipal Transparency PortalRhode Island's Fiscal Stability Act and Municipal Transparency Portal
Rhode Island's Fiscal Stability Act and Municipal Transparency Portal
 
Regional Economic Update
Regional Economic UpdateRegional Economic Update
Regional Economic Update
 
Financing Infrastructure in U.S. Cities
Financing Infrastructure in U.S. CitiesFinancing Infrastructure in U.S. Cities
Financing Infrastructure in U.S. Cities
 
Accessing Capital Markets for Capital Needs
Accessing Capital Markets for Capital NeedsAccessing Capital Markets for Capital Needs
Accessing Capital Markets for Capital Needs
 
Fiscal Transparency in Arlington, Massachusetts
Fiscal Transparency in Arlington, MassachusettsFiscal Transparency in Arlington, Massachusetts
Fiscal Transparency in Arlington, Massachusetts
 
Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...
Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...
Current-Use Assessment of Rural Land in New England: Equity Effects and Refor...
 
Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...
Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...
Meeting the Challenge: Examples of Boston's Fiscal and Economic Development I...
 
Tackling Fiscal Stress in Rhode Island
Tackling Fiscal Stress in Rhode IslandTackling Fiscal Stress in Rhode Island
Tackling Fiscal Stress in Rhode Island
 
Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...
Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...
Fiscal Resilience & Fiscal Crisis: The Case Studies of Baltimore and San Bern...
 
City Fiscal Structures and Conditions
City Fiscal Structures and ConditionsCity Fiscal Structures and Conditions
City Fiscal Structures and Conditions
 
New England Regional Economic Update
New England Regional Economic UpdateNew England Regional Economic Update
New England Regional Economic Update
 

Kürzlich hochgeladen

Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceCunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceHigh Profile Call Girls
 
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...nservice241
 
PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)ahcitycouncil
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...ranjana rawat
 
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...tanu pandey
 
Postal Ballots-For home voting step by step process 2024.pptx
Postal Ballots-For home voting step by step process 2024.pptxPostal Ballots-For home voting step by step process 2024.pptx
Postal Ballots-For home voting step by step process 2024.pptxSwastiRanjanNayak
 
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Call Girls in Nagpur High Profile
 
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore EscortsVIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escortsaditipandeya
 
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...anilsa9823
 
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...Suhani Kapoor
 
Regional Snapshot Atlanta Aging Trends 2024
Regional Snapshot Atlanta Aging Trends 2024Regional Snapshot Atlanta Aging Trends 2024
Regional Snapshot Atlanta Aging Trends 2024ARCResearch
 
Expressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxExpressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxtsionhagos36
 
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...Suhani Kapoor
 
Climate change and safety and health at work
Climate change and safety and health at workClimate change and safety and health at work
Climate change and safety and health at workChristina Parmionova
 
CBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCongressional Budget Office
 
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...aartirawatdelhi
 

Kürzlich hochgeladen (20)

Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceCunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
 
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
 
PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)PPT Item # 4 - 231 Encino Ave (Significance Only)
PPT Item # 4 - 231 Encino Ave (Significance Only)
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
 
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
 
Rohini Sector 37 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 37 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 37 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 37 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Postal Ballots-For home voting step by step process 2024.pptx
Postal Ballots-For home voting step by step process 2024.pptxPostal Ballots-For home voting step by step process 2024.pptx
Postal Ballots-For home voting step by step process 2024.pptx
 
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
(TARA) Call Girls Chakan ( 7001035870 ) HI-Fi Pune Escorts Service
 
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
Top Rated Pune Call Girls Bhosari ⟟ 6297143586 ⟟ Call Me For Genuine Sex Ser...
 
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore EscortsVIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
 
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
 
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
 
Regional Snapshot Atlanta Aging Trends 2024
Regional Snapshot Atlanta Aging Trends 2024Regional Snapshot Atlanta Aging Trends 2024
Regional Snapshot Atlanta Aging Trends 2024
 
The Federal Budget and Health Care Policy
The Federal Budget and Health Care PolicyThe Federal Budget and Health Care Policy
The Federal Budget and Health Care Policy
 
Expressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxExpressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptx
 
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...
 
Climate change and safety and health at work
Climate change and safety and health at workClimate change and safety and health at work
Climate change and safety and health at work
 
CBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related Topics
 
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
 
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
 

Managing Cyber and Five Other Technology Risks

  • 1. MANAGING CYBER AND FIVE OTHER TECHNOLOGY RISKS WHAT MUNICIPAL OFFICIALS AND SENIOR EXECUTIVES NEED TO KNOW CRITICAL ISSUES FOR THE FISCAL HEALTH OF NEW ENGLAND CITIES AND TOWNS APRIL 8 ,2016 Presented By Marc Pfeiffer, Principal Investigator and Assistant Director, Bloustein Local Government Research Center, Rutgers University
  • 2. THE TECHNOLOGY MANAGEMENT OPPORTUNITY: • Integrating new technologies into a government environment that includes: • Cost/tax/fee pressures • Citizen expectations • Political dynamics that work against against long-term planning • “We can defer that purchase for another year, can’t we?”
  • 3. KEY TECHNOLOGY MANAGEMENT CHALLENGES • Determining what we need, want, can afford; when and how we get it, how to manage it • Understanding that “technology” is more than “information technology”, but also includes operational and communications technologies; and they all have risks to manage • Understanding the risks; and that technology risks go beyond cyber-security; that it includes the other risks that need to be reckoned with • Knowing that managing technology and their risks is a not journey with a destination; it is an ongoing and evolving activity
  • 6. 1. CYBER SECURITY • Banking incursions – electronic funds transfer • Data/PII breach/theft • Network breach/use as a remote host • Access to networked control systems • Credit card security • Cyber extortion – DDOS, Cryptolocker/ransomware • Website/Social Media Security
  • 7. TYPES OF THREATS – SO FAR Targeted Attacks • Local government agencies are not usually specifically targeted, but you might be targeted by someone disgruntled or if something goes wrong Mass Attacks • This stems from successful email phishing and its cousins, and social engineering attacks Your Humans: • Clicking on the wrong link/opening the wrong file Bottom line: bad guys try to manipulate people into divulging personal or business information or tricking them into schemes to defraud
  • 9. THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources
  • 10. THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources 4. Financial – costs of responses to breaches and operational failure
  • 11. THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources 4. Financial – costs of responses to breaches and operational failure 5. Reputational risks
  • 12. THE OTHER TECHNOLOGY RISKS 3. Operational: failure of government to operate; services delivery failure from loss of access to IT resources 4. Financial – costs of responses to breaches and operational failure 5. Reputational risks 6. Society driven risks
  • 13. MANAGING TECHNOLOGY RISKS: THE NEED FOR TECHNOLOGICAL PROFICIENCY
  • 14. A TECHNOLOGICALLY PROFICIENT ORGANIZATION …Understands the links between its business processes and its technology …Understands its technology needs …Is assured that the technology will work when it needs to, including routine and emergency situations …Is capable of protecting itself against compromise, including protecting and responding to cyber threats
  • 15. DEVELOPING TECHNOLOGICAL PROFICIENCY To the extent one is weaker than the other, they are all weaker. ProficiencyGovernance Planning Cyber Hygiene Technical Competency
  • 16. GOVERNANCE Governing boards cannot ignore technology or delegate key elements • Reputational and financial risks cannot be delegated • Governing body and chief executive must be engaged • Includes technology managers, fiscal staff, public safety, operational representation; can include responsible citizens.
  • 17. GOVERNANCE Management needs to set the tone from the top, down: • Understands technology as an enterprise-wide risk management issue • Create a technology governance process • Has adequate access to technology expertise • Develop risk management processes • Adopts technology policies • Establish a technology planning process • Ensure reports to elected officials are meaningful
  • 18. PLANNING Determines how you spend technology resources Key elements of the plan: • Matches organizational goals to technology goals • Assessment of technology assets, services, resources (hardware, software, networks, contractors, facilities, people) • Identify priorities of changes in technology solutions and activities • Assess and address technology risks • Define the information security management framework • Address “make or buy” decisions • Assign plan execution responsibilities to appropriate staff and tie plan to organization budget • Use a practical time horizon: No more than 3 years and review annually (or more often )
  • 20. BECAUSE… The bulk of successful attacks come because an employee clicked on something they shouldn’t have, so… • Train (and retrain) your humans • Consider intrusion testing • Have informed employee policies
  • 21. TECHNICAL COMPETENCE Implement the plan with technical competency • Keep Governance updated on activities • Apply and enforce policies • Ensure that all tech employees are trained and contractors are secure • Keep aware of changing circumstances and technology, and SHARE information with peers • Be consistent; do not slack off
  • 23. TECHNOLOGY PROFICIENCY MATURITY MODEL • UnawareStage 1 • FragmentedStage 2 • Top Down/EvolvingStage 3 • Managed/PervasiveStage 4 • Optimized/NetworkedStage 5
  • 26.
  • 27.
  • 29. PUT TECHNOLOGY PROFICIENCY ON YOUR ORGANIZATIONS AGENDA You can’t do this overnight; it will always be a work in progress. It will likely cost new resources of time, attention, and $$ Remember, proficiency and cybersecurity are an ongoing process and challenge, NOT a destination! And every organization is at a different spot on the map So… START
  • 30. STUDY CONDUCTED BY: Marc Pfeiffer, Assistant Director Bloustein Local Government Research Center Bloustein School of Planning and Public Policy Rutgers, The State University 33 Livingston Street, New Brunswick 08901 marc.pfeiffer@rutgers.edu 848-932-2830 http://blousteinlocal.rutgers.edu/managing-technology-risk/ Under a grant provided by the: Municipal Excess Liability Joint Insurance Fund 9 Campus Drive - Suite 16 Parsippany, NJ 07054 (201) 881-7632 With an assist from Dr. Alan Shark, Director of the Center for Technology Leadership at the Rutgers School of Public Affairs and Administration, and Executive Director, Public Technology Institute All materials © 2015 by Rutgers and the Municipal Excess Liability Joint Insurance Fund