National Cyber Security

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

David A. Brown Chief Information Security Officer State of Ohio
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,
Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
SEC835 Database and Web application security Information Security Architecture.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Dell Connected Security Solutions Simplify & unify.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Continuous Monitoring: Diagnostics & Mitigation October 24, 2012.
Nata Raju Gurrapu Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
IT Security – Scanning / Vulnerability Assessment David Geick State of Connecticut IT Security.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
Frontline Enterprise Security
South Wales Cyber Security Cluster A networking group with a purpose Membership Open to anyone with an interest in Cyber Security.
Critical Security Controls & Effective Cyber Defense Hasain “The Wolf”
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
INNOVATE THROUGH MOTIVATION MSP Services Overview KEVIN KIRKPATRICK – OWNER, MSP INC LOGO.
Information Security tools for records managers Frank Rankin.
Managed IT Services JND Consulting Group LLC
Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Defining your requirements for a successful security (and compliance
Cybersecurity as a Business Differentiator
Managed IT Solutions More Reliable Networks Are Our Business
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
CYBERSECURITY SOLUTIONS
Managing Compliance for All Departments
BruinTech Vendor Meet & Greet December 3, 2015
Information Security Program
Your security risk is higher than ever.
Cyber Security for Building Management
Cybersecurity - What’s Next? June 2017
Comprehensive Security and Compliance at an Affordable Price.
Team 1 – Incident Response
Critical Security Controls
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
Security Standard: “reasonable security”
Leverage What’s Out There
Cyber Protections: First Step, Risk Assessment
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
NYBA 2017 Technology, Compliance &
5G Security Training
I have many checklists: how do I get started with cyber security?
Implementing and Auditing the Critical Controls
Healthcare Cloud Security Stack for Microsoft Azure
NCHER Knowledge Symposium Federal Contractor/TPS Session
SMB practice development: Security play
Navigating Security Seas in a Small Ship with a Limited Crew
Network Security Best Practices
Brandon Traffanstedt Systems Engineer - Southeast
SMB practice development: Security play
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
How to Mitigate the Consequences What are the Countermeasures?
Healthcare Cloud Security Stack for Microsoft Azure
Cybersecurity Threat Assessment
November 30, 2017 By: Richard D. Condello NRECA Senior Director
Healthcare Cloud Security Stack for Microsoft Azure
Healthcare Cloud Security Stack for Microsoft Azure
6. Application Software Security
UDTSecure TM.
Presentation transcript:

National Cyber Security Awareness Month

Who We Are Special Guest Zac Abdulkadir - CISSP, CISM, CRISC President / CISO Bert Goodrich Vice President - Sales Special Guest Mike Wylie - MBA, CISSP Director, Cybersecurity Services Richey May Technology Solutions Tony Lewis Technical Account Manager Senior Engineer Andy Nolan SOC Manager

Tony Lewis – CIS Controls Basic CIS Controls Inventory and Control of Hardware Assets Inventory and Control of Software Assets Continuous Vulnerability Management Controlled Use of Administrative Privileges Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers Maintenance, Monitoring and Analysis of Audit Logs

Tony Lewis – CIS Controls Foundational CIS Controls Email and Web Browser Protections Malware Defenses Limitation and Control of Network Ports, Protocols and Services Data Recovery Capabilities Secure Configuration for Network Devices, such as Firewalls, Routers and Switches Boundary Defense Data Protection Controlled Access Based on the Need to Know Wireless Access Control Account Monitoring and Control

Tony Lewis – CIS Controls Organizational CIS Controls Implement a Security Awareness and Training Program Application Software Security Incident Response and Management Penetration Tests and Red Team Exercises

Andy Nolan – Incident Response Incident Response Stats 206 days, on average, to detect a data breach. (Ponemon, 2017) 66 days, on average, to fully contain a data breach. (Verizon, 2017)

Andy Nolan – Incident Response Something something Preparation and planning in advance Identification of true security incidents Containment of threats to minimize impact Eradication of threats at their origin Recovery of systems, applications and data Analysis of the incident for process improvement

Andy Nolan – Incident Response Storytime – The Bad, and Ugly

Andy Nolan – Incident Response Storytime – The Good!

Michael Wylie, MBA, CISSP 2018 Penetration Testing Michael Wylie, MBA, CISSP 2018

About me: Mike Wylie, MBA, CISSP Director, Cybersecurity Services Richey may Technology Solutions Additional CEH CEI Project + Security + Certifications CCNA R&S CCNA CyberOps Pentest + CHPA

About Richey May Technology Solutions Richey May Technology Solutions is a results-driven consulting firm offering the full spectrum of technology solutions for your business. Led by technology experts with decades of cumulative experience in executive IT roles, our team is able to bring you pragmatic, real-world solutions that deliver value to your business. Cybersecurity Cloud Services Governance, Risk, Compliance & Privacy Technology Management Consulting Marketing Technology

Information Security Statistics 62% of cyber incidents are Small-Mid businesses (Verizon, 2013) SMBs saw a 14% increase in cyber attacks from prior years (SEC, 2018) “Cybercrime Represents a Very Real, and Very Serious Threat to SMBs” (SEC, 2018) http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf https://www.sec.gov/news/statement/cybersecurity-challenges-for-small-midsize-businesses.html

What is Penetration Testing? Ethical hacking with client authorization Using hacking tactics, techniques, and procedures for good Systematic testing of security controls Attempt to gain access to critical data

How Will Pen Testing Benefit Customers? Exposes weaknesses before hackers do Required by several regulatory organizations - PCI-DSS - FISMA - SOX - NYDFS.NYCRR.500 - HIPAA - GLBA Actionable items to remediate Better value over vulnerability scans Far less expensive than a breach

How Will Pen-Testing Benefit MSPs? Hundreds of vulnerabilities that need to be fixed Someone has to do the remediation work A breach would get you fired Customer sees you as proactive Learn to implement better security Increased IT & security budget

Pen Test Budget It depends on multiple factors Options: Vulnerability scan ($) Security assessment ($$) White box test ($$) Grey box test ($$) Black box test ($$$) Red Team engagement ($$$$)

Make Sure You’re Getting a Good Test Everyone does “security” now Balance between technical and business skills Clearly define a “penetration test” Discuss the scope, goals, and deliverable Understand what a penetration is not You get what you pay for

Thank You! Michael Wylie Twitter: @TheMikeWylie EMAIL: MICHAEL@richeymay.com www.richeymaytech.com

Thank you for attending! For further information, please contact Bert Goodrich Vice President of Sales Bert@NetreadyIT.com 805-299-2222 (Direct Line) Cyber Security Services Network Design Cloud Solutions Business Continuity Project Management Infrastructure Monitoring

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.