Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015.

Slides:



Advertisements
Similar presentations
Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
Advertisements

Georgia State University 2003 A Ten Step Approach to Developing an Information Security Program Bill Paraska Director of University Computing.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Stephen S. Yau CSE , Fall Security Strategies.
Vulnerability Assessments
Department Of Computer Engineering
Network security policy: best practices
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Website Hardening HUIT IT Security | Sep
Audit – Proof Information System Security Controls Wednesday, August 18, 2010 John R. Robles Tel:
Information Security Training for Management Complying with the HIPAA Security Law.
Information Security OECD, April 2001 International Computing Centre Managing Information Security Ed Gelbstein, International Computing Centre, Geneva.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
Michael McDonnell GIAC Certified Intrusion Analyst Creative Commons License: You are free to share and remix but you must provide.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.
Information Systems Security Operations Security Domain #9.
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.
ISS SiteProtector and Internet Scanner LanAdmin Group Meeting 12/8/2005.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.
Brandon Traffanstedt Systems Engineer - Southeast
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Computer Security By Duncan Hall.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Security ROI and Conclusions Cisco commissioned custom research project.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Trinity Industries, Inc. FEI Presentation May 31, 2012.
Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Some Great Open Source Intrusion Detection Systems (IDSs)
Risk management.
Cybersecurity - What’s Next? June 2017
Team 1 – Incident Response
Critical Security Controls
Responding to Intrusions
Capabilities Matrix Access and Authentication
Compliance with hardening standards
Joe, Larry, Josh, Susan, Mary, & Ken
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
CMGT 431 STUDY Education for Service- -cmgt431study.com.
I have many checklists: how do I get started with cyber security?
Information Security It Is Your Business
The Art of Deception.
Cyber Defense Matrix Cyber Defense Matrix
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Best Practices in Cyber Security Maggy Powell Senior Manager Real-Time Systems Security Exelon 21 March 2018.
Home Internet Vulnerabilities
IS4680 Security Auditing for Compliance
AppExchange Security Certification
Networking for Home and Small Businesses – Chapter 8
Incident response and intrusion detection
Chapter # 3 COMPUTER AND INTERNET CRIME
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Counter APT Counter APT HUNT operations combine best of breed endpoint detection response technology with an experienced cadre of cybersecurity experts.
Security intelligence: solving the puzzle for actionable insight
Presentation transcript:

Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015

Audit Details Worked with SecurIT360 in an interrogatory process to discover how IT, process / application, and physical security is handled at MED Once audit was complete, SecurIT360 presented their findings to MED’s management team with recommendations for mitigation / remediation Iterative process over 2 bi-yearly audits looking for improvements and fixes from the previous audit

Audit Details SecurIT360 documented process and procedures through staff interviews to discover levels of security risk at MED Risk levels are defined as high, medium, low and include areas such as physical, organization, policy, recovery, system access, IT operations, system changes, compliance, and HR

Network Monitoring MED contracts with LBMC Managed Security Services to monitor and block unwanted / malicious network traffic LBMC installed a server that monitors our network and DMZ network This service is manned 24/7 by a team of Intrusion Detection / Prevention Analysts and alerts them to any suspicious traffic MED worked with LBMC to establish a baseline of acceptable network traffic and then block everything else Server sits behind our firewall and monitors traffic that isn’t blocked by the firewall

Hackers are trying to get in everyday…

What are we trying to keep out?

Who are we trying to keep out?

Is this enough protection? Simple answer is no… None of this type of protection will help us if our organizations are lax in any other area of security Social Engineering - A term for non-technical or low- technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems Physical Security – If hacker gains physical access to your facility, they don’t need to get past your firewall…they are already on the inside and assumed to be trusted

What can we do? The Top 3 Recommendations from Doug… Training Security, in all its forms, is everyone’s responsibility – from the janitor to the GM and everyone in between. We owe this to our customers and payment must be made everyday…

Questions? If you want any more information about specifics, please feel free to contact me My contact information is: Doug Brown

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.