Public Risk Management

Thomas Bullock, Director of Education and Training at Virginia Risk Sharing Association (VRSA), teaches how to identify and respond to current and future cyber security threats. Cyber Security has transitioned from protecting data to every area that we use the internet, from social media and email to GPS and medical records. Thomas explains how cyber attacks stem from organizational problems, not technical ones and therefore requires all employees to understand and participate in mitigating risks. He explains "Defense in Depth;" a multi-layered approach to cyber security that may appear redundant but addresses many different attack vectors and closes the gaps that occur between singular layers of security such as: firewalls, malware, scanners, and integrity auditing solutions. He describes why a cyber security incident response plan is necessary, who you should include in your response team, who you need to notify and the four phases to the most effective response plans: 1. preparation 2. detection and