QUESTION
How does the city respond to zero-day vulnerabilities and potential data breaches?
1:23:23
·
106 sec
The city rapidly engages agency teams to assess potential exposure from critical zero-day vulnerabilities.
- Fixes or compensating controls are implemented when available
- Heightened monitoring is conducted to detect any impacts
- Close collaboration occurs with agencies if a data breach results
- Notifications are sent out based on the type of regulated data impacted
Jennifer GutiƩrrez
1:23:23
In the instance of a 00 day scenario, which as I understand is it's a little bit more specific than like a full on or different than like a full on data to breach.
1:23:33
How do you all adjust the policy or protocol with that agency after after that kind of an incident?
Kelly Moan
1:23:39
So it so let's first talk about the 0 day vulnerabilities.
1:23:43
Right?
1:23:44
So if a critical vulnerability, that severity level comes out with a 0 day, we very wrap Italy engage our city agency teams to determine what our potential exposure could be as part of our unified vulnerability management program.
1:23:56
And, again, I'm speaking at a high level, but I
Jennifer GutiƩrrez
1:23:59
Mhmm.
Kelly Moan
1:23:59
I wanna provide as much detail as I can because this is an important core tenant of any cybersecurity program.
1:24:04
And and this is this is where it all starts.
1:24:07
Right?
1:24:08
So when a 0 day vulnerability is disclosed, we very rapidly engage.
1:24:12
We also determine what fix could be in place.
1:24:15
And look large in part, most 0 days.
1:24:19
The nature of the definition, they don't have a fix.
1:24:21
So sometimes it's a We have to put in a compensating control.
1:24:25
This is essentially a mitigation of the risk.
1:24:30
Or we have heightened monitoring to determine if we've been impacted in any way.
1:24:35
And that's close collaboration with our agency partners.
1:24:38
And then in the in the unfortunate event that 0 day vulnerability has ultimately led to a security event Mhmm.
1:24:46
Which has ultimately potentially led to a data breach, which is a breach of information that comes from us.
1:24:53
Could come from a security technical incident, then we when we work together with collaboratively with our partners, with our agencies to determine what if any data elements impacted and then send out relevant notification as it relates to whichever regulated data has been impacted in that regard.