Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Risk Profiles – Tips and Tricks

Published byAshlee Bryant Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Risk Profiles – Tips and Tricks"— Presentation transcript:

1 Security Risk Profiles – Tips and Tricks
William Perry and Helen Norris California State University and Chapman University Tips and Tricks Tips and Tricks A Few (in)Famous Cyber Attacks Information Security – the Seemingly Impossible Mission It is a complex & demanding role Skillset must cover related but disparate domains Decentralized environments Organizational Culture Federated Governance Models Ever increasing cyber threats Assess Security Controls Do you have a framework? (SANS, ISO27001, NIST) Policies, standards, and guidelines aligned to framework? Perform a gap analysis Prioritize based on a risk assessment (HIPAA, PCI, etc…) Develop mitigation plan Implement & test The Morris Worm 1988 – Broke the internet The MafiaBoy DDoS Attack $1.2B in damage Teen hacks NASA 1999 – NASA stopped s during shuttle launch LA Radio Station phone lines blocked to win a Porsche – 1995 Estonian govt. networks attacked by Russians? – 2007 Israel’s Internet Infrastructure attacked (Soviets & Hamas)? – 2009 Stuxnet in Iran 2010 – Malware designed to disrupt weapons program Canadian govt.’s finance agencies attacked 2011 Office of Personnel Management 2015 – Millions of PII records stolen Gain Insight from Intelligence! Utilize information sharing services (e.g. MS-ISAC) Industry research (e.g. Verizon Data Breach) Penetration tests & compromise assessments Analyze your organization’s incidents Log & user access management Vulnerability & application scanning Locate your sensitive data There was a time when sticks and stones were advanced weapons! Develop your approach to manage threats – blocking & tackling Firewalls & Network Access Control (NAC) Physically & logically segregated networks APT, Signature based & behavioral based malware protection Encryption Secure application development practices Patch management Access management & SoD assessment, 2 Factor Authentication Incident & business continuity plans Data Loss / Leakage Prevention tools Application Whitelisting Biggest Bang for your buck – train users Computer based training Information security advisory s Articles in organizations newsletter Small groups (It’s Just Lunch) Phishing education campaign

Download ppt "Security Risk Profiles – Tips and Tricks"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.

Cyber Security Discussion Craig D’Abreo – VP Security Operations.
Security Controls – What Works

Security Controls – What Works
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Network Security and Personally Managed Computers Jordan K. Wiens Copyright Jordan K. Wiens 2004.

Network Security and Personally Managed Computers Jordan K. Wiens Copyright Jordan K. Wiens 2004.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Information Security Update CTC 18 March 2015 Julianne Tolson.

Information Security Update CTC 18 March 2015 Julianne Tolson.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Similar presentations

Ads by Google