This page contains a Flash digital edition of a book.
and Technology (NIST) or the Center for Internet Security Critical Security Controls (CSCs), or a mandated set of regulations such as the Payment Card Industry Data Security Standard (PCI DSS) if the venue processes, stores or transmits cardholder data. These frame- works provide a structured way to approach addressing risk. The approach can also be process-centric, the equivalent of a law-


yer invoking “common law” to persuade a judge or jury. An acronym used in the security space is “PPT” – People, Process, and Technolo- gy. The three elements are equally weighted and heavily intertwined. Assessing and maturing “People” – the employee, the executive, the vendors, the adversary - is invaluable. By ensuring “People” are prop- erly trained, educated on cyber risk, held accountable, made aware of the principles of information security, the venue risk manager is empowering the workforce. Working hand-in-hand with this is the “Process” prong, which is


the creation and enforcement of policies and procedures. Incident re- sponse planning, acceptable use policy creation, information security governance, and business continuity planning are all foundational components to preparedness. Lastly, a “Technology” overlay is also needed, whereby inner, mid-


dle, and outer perimeter concepts match up with the appropriate hardware and software. If the relevant administrator is not aware   their domain controller, or the security camera infrastructure is not included in the scope of endpoint monitoring because of a failure to recognize the particular tool available supports that infrastructure’s operating system, the preparedness fails. Whatever approach is taken, as a framework is applied, leaders need to properly apply a deliberate process to develop, validate, and continually improve organizational readiness. Choosing a framework – an approach – is critical, as is following through on it and ensur- ing the organization understands how to execute in accordance with that framework. For this, there is a common process encouraged by the U.S. Department of Homeland Security – the application of the Preparedness Cycle.  -


ganizing, training, equipping, exercising, evaluating, and taking cor- - tend with what can be a very fast paced, frequently changing threat environment, one could be overwhelmed trying to determine how to prepare for and respond to the attacks and incidents that could  addressing cyber risk or are struggling to determine how to mitigate the array of cyber threats and associated risks they are facing. While the Preparedness Cycle is often thought of in relation to “traditional” threats – natural hazards and hostile events, for example – it is just as valid an approach to take in confronting cyber threats and works just as well to reduce the associated risks and impacts of such events. Leaders need to understand the ever-changing threat environment and then assess their organization’s risks. From there, applying an established framework or process, and ensuring readiness via the Pre- paredness Cycle, leaders can minimize risk and ensure their organi- zations are best positioned to protect their “crown jewels.” The VenueConnect 2018 panels, “Understanding the Current and


Evolving Cyber Threats and Risks at Venues,” and “Venue Cyberse- curity & Venue Preparedness,” included cyber experts Erik Rasmus- sen, Principal at Grobstein Teeple LLP, and Travis Farral, the Direc- tor of Security Strategy at Anomali, and were facilitated by IAVM Allied Partner, Andy Jabbour, with Gate 15. FM


ERIK RASMUSSEN. With nearly 15 years of cybersecurity and security experience, to include leadership expe- rience managing some of the largest data breaches over the past several years, Rasmussen is an industry leader in security consulting. Having investi- gated hundreds of cyber investigations and assisted in the apprehension of sev-


eral transnational criminals, he brings a breadth of experience. Prior to joining the firm, Rasmussen led the North America cy- ber security and investigations practice of a global risk man- agement firm and worked several years in the financial ser- vices sector, to include running cyber intelligence programs at Visa Inc. and working closely with the Deputy CISO of a global payments processor. As a Secret Service agent, Rasmussen served on the FBI’s


Los Angeles Joint Terrorism Task Force and conducted nu- merous security advances in the United States, to include cy- ber security advance work for a Presidential Debate in 2012 and the dedication of a Presidential library in 2013. A dedicat- ed thought leader, Rasmussen has presented at RSA, Inter- pol, various webinars in concert with global law firms, as well as numerous law enforcement liaison engagements, such as speaking at USSS Electronic Crimes Task Force quarterly meetings. Rasmussen started his public service career as a Deputy Prosecuting Attorney in Tacoma, Washington. http:// gtllp.com/erik-Rasmussen/


Andy Jabbour. Andy is co-founder and Managing Director of The Gate 15 Com- pany, where he oversees team projects providing Gate 15’s threat-informed and risk-based approach to analysis, pre- paredness and operations in support of private sector and government partners across the critical infrastructure environ- ment, including support to the several


information sharing and analysis centers. He also presently serves as a member of the International Association of Venue Managers Venue Safety & Security Committee and as faculty for IAVM’s Academy for Venue Safety & Security, as well as serving on the InfraGardNCR Board. He has 20 years of project and personnel management ex- perience, with extensive experience working in the fields of analysis, operations and preparedness with public and private organizations. In addition to current projects with a variety of information sharing and analysis organizations and govern- ment partners, he has previously supported the DHS Ofice of Infrastructure Protection’s incident response, serving in the IP Incident Management Cell / Crisis Action Team during several incidents. Prior to founding Gate 15, Andy was employed by the FS-ISAC, the Battelle Memorial Institute, and Cintas Corpo- ration. He served 8 years in the U.S. Army assigned to bases in the United States, Germany, Kosovo, Iraq, and Afghanistan.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60