Security Risk Profiles – Tips and Tricks

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
David A. Brown Chief Information Security Officer State of Ohio
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.
Security Controls – What Works
August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Network Security and Personally Managed Computers Jordan K. Wiens Copyright Jordan K. Wiens 2004.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
SEC835 Database and Web application security Information Security Architecture.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Information Security Update CTC 18 March 2015 Julianne Tolson.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
Protecting Internet Infrastructure Michael M. Roberts [ ] MS&E 237 July 11, 2002 Stanford University.
Ali Alhamdan, PhD National Information Center Ministry of Interior
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Security Trends & Industry Insights
Frontline Enterprise Security
Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015.
FFIEC Cyber Security Assessment Tool
Cybersecurity Risk, Remediation, Response Nathan Gibson, CCE, CEH.
MIS323 – Business Telecommunications Chapter 10 Security.
OTech CalCloud Security General 1  Meets the operational and compliance requirements of the State  SAM/SIMM  NIST  FedRAMP v2  Other necessary regulatory.
1 1 Advanced Cyber Security Event - Introduction 11 th May 2016 Matt Locker.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
The Current State of Cyber Security and How to Defend Your Data.
BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.
September 20, 2016 How to Defend Your Organization from a Cyber Breach LTC Tim Bloechl (U.S. Army, Ret.) Director, Cyber Security Business.
Defining your requirements for a successful security (and compliance
Securing Information Systems
Securing Information Systems
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
CISOs Guide To Communicating WNCRY.
OIT Security Operations
Your security risk is higher than ever.
Cyber Warfare and Importance of Cyber Awareness
ISSeG Integrated Site Security for Grids WP2 - Methodology
Cybersecurity - What’s Next? June 2017
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
Cybersecurity 101: Protecting Your Company From Cybersecurity Threats
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
San Francisco IIA Fall Seminar
Securing Information Systems
I have many checklists: how do I get started with cyber security?
By: Tekeste Berhan Habtu Chief Executive Officer Venue: African Union
Andy Hall – Cyber & Tech INSURANCE Specialist
Securing Your Digital Transformation
Cyber Security in the Mortgage Industry
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Network Security Best Practices
CRITICAL INFRASTRUCTURE CYBERSECURITY
Information Protection
Introduction to Symantec Security Service
IT and Audit Building a Security Aware Culture
Information Protection
Presentation transcript:

Security Risk Profiles – Tips and Tricks William Perry and Helen Norris California State University and Chapman University Tips and Tricks Tips and Tricks A Few (in)Famous Cyber Attacks Information Security – the Seemingly Impossible Mission It is a complex & demanding role Skillset must cover related but disparate domains Decentralized environments Organizational Culture Federated Governance Models Ever increasing cyber threats Assess Security Controls Do you have a framework? (SANS, ISO27001, NIST) Policies, standards, and guidelines aligned to framework? Perform a gap analysis Prioritize based on a risk assessment (HIPAA, PCI, etc…) Develop mitigation plan Implement & test The Morris Worm 1988 – Broke the internet The MafiaBoy DDoS Attack 2000 - $1.2B in damage Teen hacks NASA 1999 – NASA stopped emails during shuttle launch LA Radio Station phone lines blocked to win a Porsche – 1995 Estonian govt. networks attacked by Russians? – 2007 Israel’s Internet Infrastructure attacked (Soviets & Hamas)? – 2009 Stuxnet in Iran 2010 – Malware designed to disrupt weapons program Canadian govt.’s finance agencies attacked 2011 Office of Personnel Management 2015 – Millions of PII records stolen Gain Insight from Intelligence! Utilize information sharing services (e.g. MS-ISAC) Industry research (e.g. Verizon Data Breach) Penetration tests & compromise assessments Analyze your organization’s incidents Log & user access management Vulnerability & application scanning Locate your sensitive data There was a time when sticks and stones were advanced weapons! Develop your approach to manage threats – blocking & tackling Firewalls & Network Access Control (NAC) Physically & logically segregated networks APT, Signature based & behavioral based malware protection Encryption Secure application development practices Patch management Access management & SoD assessment, 2 Factor Authentication Incident & business continuity plans Data Loss / Leakage Prevention tools Application Whitelisting Biggest Bang for your buck – train users Computer based training Information security advisory emails Articles in organizations newsletter Small groups (It’s Just Lunch) Phishing education campaign

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.