QUESTION
What is the frequency and process of application security audits conducted by NYC Cyber Command?
1:27:05
·
151 sec
NYC Cyber Command routinely engages agency partners for periodic reviews of the city's applications to assess their security posture.
- The office conducts heightened reviews when potential threats to systems are identified.
- They adapt their approach based on evolving cybersecurity threats and tactics like denial of service attacks.
- NYC Cyber Command works closely with agencies to understand security needs and explain requirements.
- Their passion stems from protecting the data of New Yorkers, including their own families and friends.
Jennifer GutiƩrrez
1:27:05
According to citywide application security policy, NYC Cyber Command can conduct periodic audits to review the security posture of any information system.
1:27:14
Can you share how often your office engages in this application audit?
Kelly Moan
1:27:18
So our application the city has a number of applications, a large number of applications.
1:27:23
We routinely engage our agency partners for periodic reviews of those particular systems.
1:27:31
We also and I think it's important to note this.
1:27:34
Right?
1:27:34
So we also engage for assessments or heightened reviews of systems, should we see that there could be an ongoing threat that could potentially impact that system.
1:27:50
Right?
1:27:51
We have a whole of defense.
1:27:53
Defense in-depth approaches what we call it in the cybersecurity world.
1:27:57
To all systems that are built within the city, and that's not just us, that's also our agency partners.
1:28:03
But I'll give you an example.
1:28:05
So over the last few years, again, given the geopolitical drivers and what has been happening in the world with with multiple protracted conflicts in in multiple areas of the world.
1:28:17
The threat landscape has continued to evolve tactics that really have been used historically like denial of service, where it's a threat actor's attempt to shut off access to a system that is used by, in this case, the public.
1:28:33
We're seeing, and we saw for the last few years that that changing threat as a tactic that was being used more.
1:28:40
Right?
1:28:40
And so when we saw that it was being used more, we wanted to rapidly, you know, engage and continue to engage our agency partners to say, okay, do we have the appropriate protections in place?
1:28:50
And so that's a That is an everyday conversation with us and our our agencies.
1:28:55
And again, that's just one example of numerous examples about how the threat continued to shift in shape in our job and what we consistently show up to do with with a very immense passion to do so is working with our agencies to understand the why behind why we're asking them what they need to do.
1:29:15
Them understanding it.
1:29:16
And then ultimately, you know, I'm a New Yorker.
1:29:19
My team are New Yorkers.
1:29:20
We're protecting not just our data.
1:29:22
We're protecting our families' data, our friends data.
1:29:24
And so making, I think, that sense of passion and commitment to service to the city of New York is really what what I believe best position us to protect and defend against these threats.