Sign Iowa Banking Living Will Secure

Industry sign banking iowa living will secure

hi everyone and thanks so much for joining us today for another Tuesday at two webinar today we have a timely topic talking about incident response and cyber threats through security and to give us some expertise on the subject we're happy to welcome Derek dad's vice president of information security at Sarah brim derek is a certified PCI qualified security assessor and a certified information systems security professional or cissp and with no further ado Derek I'm going to turn things over to you welcome and thanks for coming today thank you thank you for having me my name is Derek dabs with Sarah Brent and today we're going to be talking about some cyber security threats and Incident Response say in that introduction here a couple of really foundational quotes you know the loss of industrial information and intellectual property through cyber espionage constitutes the greatest transfer of wealth and history you take that in comparison back to the Manhattan Project of World War two where they were developing the nuclear bomb the transfer of wealth when the Russians had acquired that technology the new cyber threats are of no comparison of what can be taken these days the monetary loss is so high again every major company in the United States has most likely already been breached as well you just don't know about it because the attackers are that good at what they're doing they cover their tracks they hide everything that they do so without the proper planning and processes behind that organizations can set themselves up to be continuously breached and never know about it a little bit about myself I spent majority of my career supporting the Department of the defense intelligence agency and a couple of the other three-letter agencies in the government sector in the world some of my highlights include working on multi classification domain means that are specifically air-gapped apart from each other and additionally I also supported the world's largest information surveillance and reconnaissance event what that means in layman's speak is all of the technologists who develop the cutting-edge intelligence and surveillance activities and technologies for the Department of Defense come to a annual exercise to showcase all of their cutting-edge stuff for example all of the the unmanned aerial vehicle technologies they come to this event to showcase what they can and can't do to the military and other coalition forces were present there the biggest difference between that is that when this event is set up most organizations only have about 90 to 120 days to prepare for the entire event so why that is significant is that I was able to take all of those unique and desperate capabilities that are attending that event and ensure that they all met and complied with information security requirements because needless to say when you're putting on the world's largest event of this nature you get a lot of activity from other organizations who want to hack to find out what's going on and to collect their own espionage and information to determine what's going on absolutely it's probably one of the world's largest targets for state-sponsored attacks the worldwide cyber risk the biggest thing with cyber risk is that it's a worldwide threat anybody can be attacking you from any place in the world majority of the attacks that we noticed these days are coming from Eastern European and believe it or not Southwest Asia or the Middle East now these are not just a tax on us but these are global attacks so the the historical thinking of nobody will ever touch me is not the case anymore just as easy as it is to send an email to anybody across the world it's equally it's easy for that same person on the other end to attack or hack your computer in your network different protection mechanisms most everybody is familiar with physical security fences doors magnetic locks badge swipe access mechanisms a lot of those are still very handy with the protection of cyber information however it does not stop the global threat you know your physical controls will only stop your local it threats to your environment logical protections for this would include firewalls intrusion detection systems and a couple other different web application filters that will help protect your environment from exposure on the web why do they do it why are people attacking right now majority of it is monetary money you know right now the cyber risks and the threats in the entire world bring in more money than the entire drug trade of marijuana cocaine heroin and methamphetamines combined so when you're reading the newspaper about the the coat the United States Coast Guard you know seizing 200 tons of cocaine that's a drop in the bucket compared to the actual cyber of money that's being stolen across the electronic wire given that the cyber threats there that profitable or vulnerability is that profitable you know all of your South American and other drug cartels and even mafia are really starting to pursue you know cyber hacking of being at the similar but biggest targets is credit card information right now it's costing organizations worldwide cumulatively over 338 billion a year which is a very large number not only is it the illegal trade going on with cyber attacks but you also have state-sponsored attacks you have you know countries such as China Iran Israel that are suspected and alleged at creating and launching specific cyber attacks against individual infrastructures and corporations key one would excuse me the key point with that is that if you're a commercial entity and you have a manufacturing or a research and development laboratory you can guarantee you that you have either been hacked by China or you're about to be they are taking manufacturing schematics left and right with their global trade capabilities additionally every second that goes by 19 people are fall victim to some form of an online crime whether it's a data theft or social networking email hacks anything it's just constant even today I have a server that I put online just yesterday unknown brand new IP address the whole nine yards by today at ten a.m. i have noticed five different unique attacks that if people have attempted to put on this server and this machine has only been on for about 12 hours so the threats are out there and they're coming all the time keep going on the price associated with maybe someone's credit card number or their social security number or maybe their health care records but I you know this gives it a whole new perspective that this is potentially the most highly in incentivize area of theft right now correct it definitely is a key aspect to that theft is how do they get away with it how do they do it when they went or when a state or a country detects and identifies potential hacks that are happening they'll shut down there you know financial assets you know commercial banking credit card processing a similar instance was back in November 10 I am assuming that everybody has heard of Julian Assange and the whole week WikiLeaks debacle that's been in the news for probably the last two years sure keep think key thing was that is that state-sponsored governments had shut down all of his financial assets every bank account that they could reach out to they shut it down all of his card processing and donation capabilities all you know coalition governments had shut that down so what this Julian Assange do of WikiLeaks he starts using a technology called bitcoins it's a cyber monetary a money system that is completely and utterly immune to political pressure and the monetary censorship meaning that once somebody transitions a dollar into a Bitcoin the bitcoin is a ciphered encrypted string of ones and zeros on a computer that once you transmit it is has a valuation as a real world currency you know it's completely encrypted and untrackable by all law enforcement organizations there's no tracking mechanism to it it's from the gray hat and the black hat hacking communities this is what they do to fund everything on the from a national intelligence perspective I would not be surprised if terrorism and narco efforts are also utilizing bitcoins as their funding source simply because it's completely untraceable and untouchable so in relation to that here's a small graph of the amount of volume in dollars that bitcoins is currently responsible for processing now you can see back in December 11 December 2011 ahead does that believe a very large spike in the assets of that if you go back to your national headline USA TODAY's around those timelines you can notice that that is approximately when WikiLeaks was getting shut down by all with all of their bank accounts and card processing techniques so you can see that you know small trend in the analysis of all of the donations that that particularly organization had received through this Bitcoin vector and financial gain yeah totally totally new cyber currency in relation to that also some of you may have heard of a 3d avatar game called second life a lot of universities utilize this as a online meeting place p people get little avatars they can walk around in a virtual world and conversate and communicate with other people universities sometimes use it for actual lecturing and as part of their college curriculum I know Harvard uses it pretty exclusively as well within that second life kicked a game they have what is called linden linden dollars those same linden dollars are a virtual currency that have a translatable monetary value to non virtual money whereas i believe last I checked it was like a five linden dollars would equal one US dollar so what this could be is a possible money laundering money hiding type of environment you know the days of requiring offshore bank accounts to evade the law are basically gone in my opinion now everybody who has large sums of money who's trying to hide it from the authorities they'll be using virtual currencies simply because of the direct control that they have on the funds I wonder how long it will take the IRS to go techie then that's a good question I'm not entirely sure on that because because it's everything right now is completely untraceable an IRS would have to prove the income before they could even go after it but if there's no if everything is paid in cash and it goes straight digital there's no trace and I'd like to go into actual cyber threats now back in 2008 this is a specific Department of Defense attack that occurred it was a known by those in the community as operation buckshot Yankee which was a reaction to a thumb drive ish thumb drive initiated malware what happens is is bri back in early part of 2008 over in the war field of Afghanistan a foreign intelligence server was her foreign intelligence service was had allegedly dropped a thumb drive in a cyber cafe that was frequented by US service members a US service member then allegedly picked that up and put it into governmental classified computers no one has ever seen that before at the time and it took them believe about 90 days before it was even detected that it was operating on their network the significant to that is that once this is on a computer it opens a backdoor connection and it starts sending data that it has collected from those classified networks in those environments the big deal of that that I'm trying to hit home with is that all the protections for this buckshot Yankee was in a reactive measure you know there is no expectation or no thought of any protection to limit or disable the utilization of thumb drives a lot of times you can relate it to your home computers whenever you put a CD into the CD tray it autoruns same thing when you put a thumb drive into a compute computer it autoruns you know it comes up and asks what would you like to do is this newfound device well the malware that was used with this within the aging btz of buckshot Yankee whenever windows would attempt to autorun based on that infected thumb drive that's how it would put the software on the machine you know at the time virtually undetectable then moving on after that another very large activity that a lot of people her about is the the Stuxnet computer worm that predominantly affected the Iranian nuclear facilities it affected the Siemens excuse me the Siemens programmable logic boards which are the you know the robots and machines that manage and control the nuclear facilities these aren't your typical home computers running windows or linux unix or windows operating systems on most it's a big deal because it was a specific attack to only affect those Siemens industrial tools and capabilities I hit with that because if your organization has specific and unique environments you're not exempt from being attacked with this now in the future though go moving past the Stuxnet is what is today as the flame malware it is very similar and has a lot of the same characteristics as the original Stuxnet that you know was going after the nuclear facilities except for now it has been retailored to attack everybody everybody with the Windows operating system and it still operates on the same auto run in sector and it uses that utilizes a privilege explore privilege escalation exploit as well so as soon as it's on your thumb drive or on your computer your machine is now owned it's still still spread via the same USB malware zero-day exploits as well and what's interesting on that is you know moving back you know Stuxnet was happened back in 2010 but now here we are in 2012 why is that same USB autorun zero-day vulnerabilities still out there simple part is because the existing autorun utility is very handy to have you know you don't want to disable something that you can you know use frequently but organizations who become paranoid to that on why you know what am i at risk to this that's where policies and procedures and technical controls can come into place such as corporate policies to disable the use of individually owned USB drives or media there's also a tattle-tale audit software that can be installed in a corporate infrastructure to disable unknown USB devices from actually running inside of an environment oh excuse me from running inside of their corporate environment so it's got to be a combination of both the technologies but also awareness and knowing what steps to take so that you can be as secure as possible I mean does anyone ever get to the point of being a hundred percent secure I yes the only way that you can become a hundred percent secure from the online environment is the unplugged from the internet that's the only way you can be a hundred percent secure so therefore everybody has to have a at minimum a minimum level of risk acceptance you have to know and understand the risks and then either accept them or mitigate them or unplug from the internet look open it up to the panel or the attendees if there's any questions on the threats that I just mentioned feel free to type them into the chat window or the questions window and if we aren't able to get to all of your questions we will certainly circle back with you or if a question comes to mind in the latter half of the presentation here will will stop again at the end to to follow up so you want to comment Derek on anything about the godaddy issue yesterday where does that of all the spectrum of the certainly they I did a little bit of limited research this morning on the godaddy attack and I saw that the anonymous group has potentially claimed credit for that attack the significant thing that I've learned from that is the the level in the type of attack that actually occurred with godaddy I've discovered that it appears that the attackers utilized a distributed denial of service to attack a certain segment of the godaddy servers there's really not a whole lot an organization can do to protect themselves from a globally denial of service attack that is traditionally one of the absolute last tricks in a hackers toolbox to take an organization down all of your compliance mechanisms all of your policies and your procedures you can be running at a hundred and ten percent success on those but you can't stop a denial of service attack yeah it's kind of like your internet connection is the size of a garden hose but when a d nial of service attack hits you somebody's trying to attack you with a fire hose worth of information you know what happens when you put a fire hose connected to a garden hose well the fire hose is pushing a heck of a lot more data or water through then the garden hose would do sup in thus create a denial-of-service it does not allow any data to come in or out of Go Daddy's infrastructure another piece of denial of service attacks I'd like to comment on is the secure socket layer ssl a lot of you'll see that in your web browsers with a little padlock icon whenever you go to make a connection in your web browser using ssl your computer itself might use rough estimate of about three to five percent of its CPU power but the receiving end of that that server that you're connecting to will use approximately five times that amount of processing power to initiate and authenticate an ssl session to a server what that means is if go daddy has a ssl server and intricate if cpu cycles respond to ssl requests at five times the the power of the actual machine that's sending it if you have a thousand machines all attempting to connect via ssl at the same time you're not going to touch those distributed computers and their processing power but that server you're going after after is going to completely hang up and just completely died trying to answer all those distributed ssl requests at the same time that's it's just one of those vulnerabilities that hits me as a significant vulnerability but at this time there's no real technological workaround to prevent that level of an attack so we've got there's different kid I'm sorry go ahead oh we have a couple good questions here let me share these with you one is in addition to a firewall intrusion detection and staff education what are other suggestions for protecting private medical records private medical records electronic health records be very cautious of bring your own devices I noticed a lot of health care professionals are now being allowed to bring their iPads iPhones Android devices into an organization but when those individuals bring those into an organization and they start accessing corporate sensitive data how our organization stopping you know the Apple iCloud backup service from backing up that corporate data that is now on that ipod or iphone from being backed up to a unsecured cloud that's still a technology that's being worked on right now some of my immediate fixes would be very strong firewall access control lists prevent outgoing traffic for those devices create a successful segmented network do not allow mobile devices bring your own devices to be part of the same subnets as your corporate servers I say that because then you can take that specific subnet of the employee-owned devices and you can then specifically create a firewall rule set to that sub sub domain that makes a lot of sense separating the network so there's not as much potential of unauthorized access if you know there is something on that mobile device that is intrusive mm-hmm another question was what is a denial of service attack exactly i know you shared the example of the firehose work of data coming at a garden hose but what are the exact mechanics of a denial of service attack it's coupled this couple different to attack vectors of a denial of service but the entire goal of a denial of service is to send so much internet traffic at a single server a router a fire to where it overwhelms that server firewall routers capability of handling all that information let's relate a server to a person's mailbox you know the good ol US snail mail you know your mailbox can only hold so many different letters until you walk out to the street and you pick up that mail same thing with the computer server router or firewall they can only hold so much data before it can pass it on to the next source but if that mailman or if that attacker slams that mailbox full of mail and then everything else all of a sudden you're in a denial of service because the mailman cannot put your bills in the mailbox because it's full junk mail and spam and everything else that's a great metaphor dare think another question are you any safer on a Mac versus a PC or or you know maybe a Linux box are you ever really safe regard as OS operating system you use a good question with in regards to the mac and the linux will just go back and say everything but microsoft is at less risk anything microsoft being probably the largest operating system proliferated in the world therefore water attacker is going to go after the most popular most prevalent Lee used operating systems that being said not in comparison of viruses and malware that are designed for windows operating systems thousands times more frequently and more different and more types of viruses are created for windows macintosh linux are there still viruses and malware that are created for that sure are they as prevalent and are you as at a high risk as running a Microsoft operating system today not as much risk but you're not safe either way unless you practice smart computing and protect yourself okay great well hey that's all the questions we have so far and I know you've got some more tips for us regarding how to be prepared and for tech system correct great alright like the move on to in protecting yourself in your organization I'd recommend that everybody write down that link at the bottom and you can dive deeper into all these sands critical controls these were originally developed by the heads of the government department of homeland security national security agency and a couple other large CTOs within the information security community as you can see there's you know 20 core focus areas or different disciplines to protect your corporate environment what I'm going to be focusing on today is a number 18 the incident response capability incident response is you know a synonym for a forensics capability in the computer world you know in read in relation to local law enforcement activities you know when law enforcement response to an incident what do they do how do they react to you know the bait getting robbed around the corner how do they know what to do that's because they planned out their entire evolution and efforts on how to respond to those type of events you know every organization should have a capability to respond to that however limited they may have it could be something as similar as small as having a system administrator you know shutting a system down as a response every organization is going to be unique with their own incident response and forensics planning I'm going to go through a few of the highlights and a little bit not too deep into the weeds on how to set your organization up to be better capable of reacting and potentially preventing incidents from occurring great some of the things that you want to know in your organization is who should be involved with the incident response in the forensics part events at your organization you say each organization should decide which parties will take care of the tasks based on skills abilities cost response time and data sensitivity that's important because if an organization just got hacked and they lost healthcare records you know who do they have to notify if they lost records or if they suspected records do they contact their law department they contact human resources you know etc etc you know those think kind of response plans of who's going to be involved in that should be clearly identified in all the analysts and the system administrators and the technical control personnel that are going to be involved with that they should have the knowledge and the resources to respond to that again this goes into a little bit more on the forensic capabilities you should always if you can have more than one user or one administrator being assigned to those tasks the hands-on exercises and forensic training courses can be helpful building and maintaining schools or the the tools and the technologies there are quite a quick question here if you're an independent consultant handling thi what's the minimum you should do to respond to an incident if your individual consultant I'd have to ask are you an incident that occurred to your single workstation or to a customer client organization that was identified there'd be different totally different responses okay so it probably depends a lot on the clients that and and the their type of business that you're dealing with exactly typically as a consultant or a third party looking in they are not the data owner so traditionally if there is a suspected data breach the first thing you want to do if you are not the information owner is to notify the owner of the information or those data or those records from there the owner of that data should have a have an established response plan to that but the key thing is don't be afraid to report it the worst thing you can do is to not report it that's when the security individuals and the corporations get very antsy if you don't report it would potentially lose the opportunity to conduct forensics as well to determine where the attack came from and how it occurred very part of the forensics everybody needs to know what their roles and responsibilities are and how to do that one of the key things is a when a IT administrator or any user on a corporate environment identifies a potential data breach or something's just not acting right on my computer what do they do who do they call you know what is the contact tree for an exercise or an event that occurs of that nature those are good things to have so everybody knows who to call key point on that is if you have a significant loss of electronic healthcare records of a billion-dollar healthcare organization do you want your level one system administrator calling to report that incident to the CEO or the CTO of the organization or you want to go to the lead supervisor of the IT department to validate and verify that that data was actually lost or suspected as being lost I have an appropriate contact tree to verify validate that the proper information and reporting within the organization is getting to the decision-makers run-throughs in advance of something actually happening and you're absolutely right I made comment on that as well and of another slider to I believe which is a very key if you have all the policies and procedures in place what good are they if you never test them or evaluate them even something simple as just doing a dry run you know it's a great way of testing and evaluating that your procedures are going to work another key area is having a documented rules of engagement for your response team meaning that you know if your system administrator comes in and just carte blanche just powers everything down you know the improper way and there are improper ways such as just poking a machine in the Eider to take the power down or purely unplugging it from the back of the wall when you one improper techniques like that occur you run the risk of losing significant audit data that could be wrapped around this particular attack or data loss because properly configured computer will have tattletale reports and system logs that will tell forensics teams what happened where did it come from what time did it happened and potentially what data is access and or transferred if you turn the machine off the wrong way or if your rules of engagement or your administrators are not properly developed you run the risk of losing the incident response battle before it even starts that's a really interesting point I'm sure in a incident situation you know the biggest panic point will be making it stop no matter what but if you lose the ability to figure out what happened and how to stop the next attack then it's really not going to do you a lot of good just to stop attack if it just means that tomorrow you're under the same threat exactly you're exactly right and in addition to that can be internal corporate policies do your administrators have full-blown data access to the research and development part of the business you have all of your administrators or personnel on that response team then fully vetted and deemed trustworthy to have access to everything in the organization because what are the hackers are going for is the most sensitive data of an organization make sure that your staff is trustworthy to be to be able to work on that environment and to provide those response techniques again address the intervent inadvertent disclosures and long-term storage of sensitive information captured by the forensics tools after the event has happened in your administrators your response team has collected the data wrapped around that incident you know what are your privacy laws on that those administrators collected protected health information or if they collected you know forbidden PCI credit card data or any other type of very sensitive data deemed by an organization what is the privacy rules and data retention policies wrapped around that you know just because an incident happened does not mean you want to put your guard down on on pursuing the response in the forensics of that environment address the monitoring and networks as well as requiring warning banners on systems that indicate activity might be monitored most organizations that I've seen have been implementing login banners these days you know this computer is monitored for blah blah blah blah but on the same side of that is a commercial civil rights users have an expectation to reasonable you know however you want to make sure that your organizational policies notify your users either through user agreements login banners corporate Human Resources policies that all the users are aware that they can be tracked traced that they do not own the corporate computer they are just a user on that computer who owns the data the data owners are what's most important step-by-step procedures should explain how to perform the routine tasks when you have an incident response plan you want to have a repeatable definable and repeatable process that can have that can reoccur for ninety to ninety-five percent of all tags you know things earlier part of those processes is the contact tree who how is it reported how is it validated or verified a lot of those rudimentary steps can be identified in a definable and repeatable process in procedures make sure of your evidence handling procedures if you're an organization that would have desire of pursuing law enforcement against their legal proceedings from an incident you know everybody's watched CSI or law and order they hear the word chain of custody it's no different here you know cyber data electronic data can easily be manipulated to however you feel so therefore during the incident response you have to make sure that your chain of custody is absolutely bulletproof if you intend to pursue legal proceedings and again always a regular review your processes and procedures is what works today may not work tomorrow or six months from now it's one of those things it's never a set it and forget it response you always have to be planning ahead for the next event the fun stuff the actual technical response for a incident I recommend that all the analysts or the system administrators who are charged with actually conducting the forensics or the the technical aspect of an incident response they should always have some type of forensics tool kit for data collection i know linux has a couple different security distributions that are capable of being loaded or booted off of a CD or a USB drive of types but the key things that you need to have in your forensics tool kit is the ability to collect and examine the volatile and nonvolatile data the difference between those two is non-volatile data does not disappear when you turn the computer off that's traditionally the information that's held in your hard drive or your floppy disk or any type of physical media to hold the store data the volatile memory or also you may have seen it on some of the computers as your random access memory how much ram does your computer have when you turn your computer on and off everything that was in RAM disappears completely so again proper shutdown procedures are important an with the technical preparation your analysts need to have the capability to collect that volatile data that could be present within Ram a lot of attacks utilize that to their advantage knowing that they can put their virus or their malware inside of your computer's Ram and it runs and it runs you never know that all of a sudden things go bad you panic you reboot the computer all of a sudden you've lost potentially all of your forensics capability from that particular malware or virus you want your toolkit also have the capability to do quick reviews of data you know quick Val bation and verification that the suspected attack was validated or verified this is the kind of thing that you want to be able to get a quick answer within 30 to 60 minutes but on the flip side in regards to quick reviews you also want to be able to do is a very long and in-depth drawn-out review of all the data network administrators preventing providing adequate storage for network activity you know how many organizations know how many megabytes of traffic that they actually transmitted in and out of their organization throughout the business day you know what is the trends of how much data comes through on a Monday versus a Friday having those type of metrics and data collection on your environment will drastically increase your threat detection because of all the sudden you're used to having a one mega bird I'm sorry one gigabyte of data traffic on a Monday then all of a sudden your organization is transmitting a hundred times that amount of data there's an anomaly there that you might want to take a look at and pursue that's a great point sounds like it's really wise to know your own backyard so that if there is some random wild animal wandering around three or network at least you have a better chance of recognizing it absolutely that's exactly right I'm in there in closing the forensics is a consistent process you you want to come you first once you have been reported the incident has been reported it then goes into collection of the data that's usually the immediate responses what do we need to do to collect the data in order to perform a forensics investigation after your dad is collected everybody would then go into a examination you've got the data let's examine it see if that attacker that threat was really occurred did it occur or did it not you've got the analysis piece on that as well and finally is the the reporting aspect different organizations and different businesses have unique compliance and reporting requirements if you're a DoD or a governmental organization you have mandatory reporting requirements to the government some states and local governments are also requiring mandatory reporting of any incidents that occur I can speak to the state of Virginia right now and i believe it was last year our district attorney for the entire state of virginia made it mandatory for commercial entities to report all suspected data breaches to his office so while we're aware of you all of you guys yeah those in health care or any from other compliant of regulated markets you know have have got their own respective agencies that they're required to report to and you know knowing what information you have to collect and what steps you have to take in the time frame that you have to make those reports is all background work that has to happen you know before a bridge happen so it's a lot of doing your homework and it's my strong opinion also on the reporting is share the information how are you going to protect yourself how are other organizations going to protect themselves from a similar threat yeah some of you may not care if other organizations get attacked I sometimes feel the same way but if everybody is sharing information everybody can protect themselves because everyone has the same common enemy and that is data loss and being data breached nobody wants that to happen further data collection you know you want your analyst to collect real data proper data standard processes I discussed the volatile a data where it's stuck in RAM I'm ensure that it's addressed and acquired properly proper shutdown methods and preserve and verify verify file integrity that's important when you're doing the chain of custody type events where data can be changed by say a rogue inside threat of your organization and you never know that's what you got to preserve and verify that integrity and the chain of custody the examination and analysis if there is to be a dynamic step of incident response this is an area where it's going to be the most dynamic and different almost every time you know i briefed that it's a methodical approach to studying the data but without a you know a pure umbrella of attack knowledge or hacker knowledge the analysts are going to be fairly limited right here on examination and analysis there's so many different threats that are out there and every single one of them is slightly different and this is where I reached back to in sharing the data I am reporting the threats and the potential breaches to your required organizations by reporting it and sharing it it brings everybody's knowledge of cyber security to the top ah and here's a back to reporting and clothing as well you know make sure it's done right make sure your you know who you need to report it to I would if I was the list everybody's unique environment here it would be extremely long everybody's got different requirements for reporting and processing and who they report to health care has HIPAA requirements hi trust weaved in there as well anybody's processing credit cards or payment cards they also have mandatory reporting up procedures and policies as well same with government state local and federal level typically the old saying goes as a everybody has a boss same thing everybody has to report to somebody there is no high high authority either samaya Sarah Brenda colleagues in the point of contact anybody has further questions after this brief this is some point of contact you can reach out to to ask questions and to generally talk to us about your environment super Derek this was a great overview very timely greatly appreciated with your permission you can let us know which of this contact info you'd like posted along with the slides and for those of you if we did not get to your question during the time a lot of today I will forward your question on to Derek and give them an opportunity to answer you directly let me just do a quick recap on upcoming events for those of you who are local to the ann arbor area feel free to join us this friday for fall into IT seminar we're also going to be experimenting with our first live streaming of the events so if you're willing to be a guinea pig and give us some feedback go ahead and register for friday and you can check out our live stream on tuesday and wednesday September 25th and 26th will be in novi michigan for the michigan hens event for those of you who are in the healthcare space in michigan and on tuesday at two october second will be giving a webinar with dr. marie mischel drop about mobile security will be in Des Moines Iowa in November for the Midwest Tim's conference and then down in the DC area December third and fifth for the M Health Summit and come party with us in New Orleans in March will be down there for hims 2013 thanks again Derek wonderful presentation Thanks to everyone who joined us today and show you online or in person students alright thanks for having me thanks Eric will be in touch soon take care everyone all right good bye bye