![Page 1: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/1.jpg)
BOB AINSBURYChief Product Officer, Granicus
![Page 2: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/2.jpg)
Closing the Cyber Security Gap2017 Digital Communications Summit (DCComm17)
Bob Ainsbury
![Page 3: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/3.jpg)
The user's going to pick dancing pigs over security every time.
![Page 4: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/4.jpg)
The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals.
We cause accidents.
![Page 5: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/5.jpg)
Those of us in security are very much like cardiologists. Our patients know that lack of exercise, too much dietary fat, and smoking are all bad for them. But they will continue to smoke, eat fried foods, and practice being couch potatoes until they have their infarction.
![Page 6: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/6.jpg)
6
![Page 7: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/7.jpg)
7
![Page 8: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/8.jpg)
8
the practice of using a network of remote servers (accessed via the Internet) to store, manage, and process data, rather than a local system.
![Page 9: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/9.jpg)
9
YOUR STUFF ON OTHER PEOPLES SYSTEMSPOTENTIALLTY ACCESSABLE BY MORE THAN
25 BILLION DEVICES
![Page 10: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/10.jpg)
10
![Page 11: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/11.jpg)
11
![Page 12: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/12.jpg)
120
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000
7,000,000
8,000,000
9,000,000
10,000,000
1 2
Intrusion Attempts Per Day
10,000,000 IAPD
20,000,000 IAPD
10,000,000 IAPD 50,000 IAPD
![Page 13: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/13.jpg)
13
1,300%
in February 2015, the Director of National Intelligence testified that cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication, and severity of impact.
![Page 14: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/14.jpg)
14
Chief Information Security Officer (CISO)
ensure that the agency is meeting the requirements of the law, including developing, documenting, and implementing the agency-wide information security program
![Page 15: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/15.jpg)
We only need to be lucky once. You need to be lucky every time.
![Page 16: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/16.jpg)
16
![Page 17: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/17.jpg)
17
Do you exercise?
Do you smoke?
Do you drink?
How many hours do you sleep?
How stressful is your job?
When did you last go to the dentist?
When did you last take a vacation?
![Page 18: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/18.jpg)
18
Do you exercise?
Do you smoke?
Do you drink?
How many hours do you sleep?
How stressful is your job?
When did you last go to the dentist?
When did you last take a vacation?
?
![Page 19: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/19.jpg)
19
Do you receive regular security training?
Do you receive security incident alerts?
Do you share login credentials?
Is security discussed at team and group meetings?
Are there passwords on whiteboards?
Does your organization test employees for security IQ?
![Page 20: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/20.jpg)
20
Do you receive regular security training?
![Page 21: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/21.jpg)
21
Does your organization test employees for security IQ?
![Page 22: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/22.jpg)
22
Does your organization test employees for security IQ?
![Page 23: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/23.jpg)
23
Take a moment and think about yourself, your group, your department, your agency.
How do you rate your security health?
![Page 24: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/24.jpg)
24
the systems you use need to be secure
FEDRAMPprovides a standardized approach to security assessment, authorization, and continuous monitoring
![Page 25: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/25.jpg)
25
1. A company doesn't get authorized – individual products or services do.
2. Just because a product runs in a FedRAMP cloud provider (like Amazon) doesn’t mean that the application is FedRAMP’d …..far from it.
3. Agency's have to use FedRAMP’d solutions
4. FedRAMP uses a very rigorous and effective process
5. An agency has security obligations even when you use a FedRAMP’d Product
![Page 26: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/26.jpg)
![Page 27: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/27.jpg)
Closing the GAP• Get security burned into your culture – don’t wait for the CISO
• Make security part of your regular dialog
• Train and re-train
• Test your teams
• Measure, Monitor, Adjust
• Only use FedRAMP approved products
• And do your part in meeting your obligations
27
![Page 28: Chief Product Officer, Granicus · 2017 Digital Communications Summit (DCComm17) Bob Ainsbury. The user's going to pick dancing pigs over security every time. The most likely way](https://reader031.vdocument.in/reader031/viewer/2022011901/5f09ad077e708231d427fa77/html5/thumbnails/28.jpg)
Those of us in security are very much like cardiologists. Our patients know that lack of exercise, too much dietary fat, and smoking are all bad for them. But they will continue to smoke, eat fried foods, and practice being couch potatoes until they have their infarction.