Inside-Out Security: Building Castles not Warehouses Death Stars

Slides:



Advertisements
Similar presentations
Information Security Policies and Standards
Advertisements

Security+ Guide to Network Security Fundamentals
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Lecture 11 Reliability and Security in IT infrastructure.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
Introduction to Network Defense
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Agenda Do You Need to Be Concerned? Information Risk at Nationwide
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Separate your corporate environment from unknown threats of the WEB. Define trusted WEB policy. Enforce the use of WEB browsers. Automatically distribute.
Assessment Presentation Philip Robbins - July 14, 2012 University of Phoenix Hawaii Campus Fundamentals of Information Systems Security.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Module 6: Designing Security for Network Hosts
Jeff Miller Tamra Pawloski IT Procurement Summit headline news…
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Identity Assurance Emory University Security Conference March 26, 2008.
Module 11: Designing Security for Network Perimeters.
Institutional affiliation Date.  Security is very important as it keeps your secret from other know.  An insecure network exposes a business to various.
Scott Charney Cybercrime and Risk Management PwC.
06/02/06 Workshop on knowledge sharing using the new WWW tools May 30 – June 2, 2006 GROUP Presentation Group 5 Group Members Ambrose Ruyooka Emmanuel.
Security: Emerging Threats & Trends Danielle Alvarez, CISO.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
10 things you can do today to reduce your security risk.
Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.
Security and resilience for Smart Hospitals Key findings
Information Systems Security
Cybersecurity as a Business Differentiator
Your Partner for Superior Cybersecurity
Earth’s Mightiest Heroes: Combating the Evils Lurking in Cyberspace
New A.M. Best Cyber Questionnaire
Arizona Chamber Executives Conference 2017
Network Security Research Presentation
Cybersecurity - What’s Next? June 2017
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
The Game has Changed… Ready or Not! Andrew Willetts Technologies, Inc.
Security in the Workplace: Information Assurance
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
DETAILED Global CYBERSECURITY SURVEY Summary RESULTS
I have many checklists: how do I get started with cyber security?
Securing Information for a Shared Services Infrastructure
SAM Financial Services Cybersecurity Assessment
Curating an Effective Security Culture
We want to hear from you! chime16.org/evals
Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.
Prepared By : Binay Tiwari
ITP Maturity Model Survey 2018
Security week 1 Introductions Class website Syllabus review
Cybersecurity Framework For Energy Sector
THE CYBER LANDSCAPE UNCLASSIFIED CROSS DOMAIN NETWORK & INFO SHARING
Information Protection
Introduction to Course
Figuring out CyberSecurity Return On Investment
Information Protection
“Workplace Behaviour: Activating your greatest security asset”
CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com
CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com
Toward Distributed and Virtualized Enterprise Security
Presentation transcript:

Inside-Out Security: Building Castles not Warehouses Death Stars

Hacker/Researcher Security Evangelist InfoSec Professional

Story Time

Source: The Conference Board (2019) US CEOs Top Concerns 2019 1. Cyber Security 2. New Competitors 3. Recession Risk 4. Threats to Global Trade Systems 5. Declining Trust in Political and Policy Institutions The Conference Board Top External Concern for 2019 Source: The Conference Board (2019)

$177 Billion

Source: CDW/IDG Mitigating Risk Survey (2019) Security Budgets 2017-2019 Increased 22% Same 53% Decreased 25% Source: CDW/IDG Mitigating Risk Survey (2019)

Source: CDW Information Security Assessments Practice (2017-2019) Top 5 Vulnerability Themes Configuration Management 40% Account Management 27% Patch Management 13% Authentication Weaknesses 7% Software Lifecycle 5% Top 5 Findings Source: CDW Information Security Assessments Practice (2017-2019)

Compatible Time Sharing Network MIT, November, 1961 Fernando Corbató IBM 7090, using interrupts Allan Scherr 1962 – Wanted to bump up his usage time (allotted 4 hours) Printed password file, distributed to other users MIT Museum - museum.mit.edu

Fast-forward 30 years, and the internet is now a thing Corporate networks start connecting, first defense is a firewall The lazy and hurried option

How did this turn out? slashfilm.com

framepool.com

Trade Secrets Service Delivery Financial Assets People Assets Private Data

Theft FRAUD Exposed Data Interrupted Business

Detection Defenses Critical Assets Mitigation Defenses Prevention Defenses

Defend Micro-perimeters Establish micro-perimeters Wash, Rinse, Repeat Assess Defenses Defend Micro-perimeters Establish micro-perimeters Translate to IT Assets Identify business assets/threats

Defend Micro-perimeters Define micro-perimeters Wash, Rinse, Repeat Assess Defenses Defend Micro-perimeters Define micro-perimeters Translate to Application Assets Identify business assets/threats

“We cannot change where we’re headed by doing the same things that got us here” – Unknown

References: “2019 Global CEO Survey”, The Conference Board, retrieved from https://www.conference-board.org/press/pressdetail.cfm?pressid=7650 “The Cybersecurity Insight Report”, CDW Corporation https://www.cdw.com/content/cdw/en/orchestration/cyber-security-report.html “Zero Trust Networks”, Doug Barth & Evan Gillam, O’Reilly Media, Inc. https://www.oreilly.com/library/view/zero-trust-networks/9781491962183/ “Enterprise Security: A Data-Centric Approach to Securing the Enterprise”, Aaron Woody, O’Reilly Media, Inc. https://www.oreilly.com/library/view/enterprise-security-a/9781849685962/ Special Thanks To: IDG Communications, Inc., https://www.idg.com/ CDW, https://www.cdw.com/content/cdw/en/solutions/cybersecurity.html

@AlyssaM_Infosec alyssam-infosec https://alyssasec.com

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.