Presentation is loading. Please wait.

Presentation is loading. Please wait.

I have many checklists: how do I get started with cyber security?

Published byBrittany Gibbs Modified over 6 years ago

Similar presentations

Presentation on theme: "I have many checklists: how do I get started with cyber security?"— Presentation transcript:

1 I have many checklists: how do I get started with cyber security?
Calvin Weeks, EnCE, CEDS, CRISC, CISSP, CISM

2 Track 2 – governance, Policy, and Compliance
There are many great resources to help any organization to secure their cyber infrastructure. So, how do you know where to get started or if you have already started then is it the right things to be doing and is it enough. The good news is that any well run organization already has the foundation to implement the right cyber security solutions that will be the right fit. The leadership only needs to understand what that foundation is and how to employ it to protect the organization.

3 Learning objectives Understanding of available checklists, guides, and best practices for Cyber Security. Define Governance, Cyber Security, Risk, and Compliance. Understand how to apply the proper strategy to simplify cyber security efforts.

4 Definitions

5 Cyber Security Definition: The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation. security Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access.

6 Risk 'Cyber risk' means any risk of financial loss, disruption or damage to the reputation of an organization from some sort of failure of its information technology systems. Cyber Risk is the potential of loss or harm related to technical infrastructure or the use of technology within an organization. Risk is identifying the threats to your assets that you are vulnerable to. You will either eliminate those threats that you are vulnerable to or mitigate the ones you cannot get rid of.

7 Compliance A common definition of the term, compliance is merely meeting the minimum standards as required by a law of industry requirement. Start with your internal policies.

8 Governance Information Governance Reference Model (IGRM) Started by EDRM.net members standards/information-governance-reference- model/ Formalized process of organizational wide efforts to manage all information and systems that contain, store, and communicate data.

9 Resources

10 Standards National Institute of Standards & Technology (FREE to public, mostly built for government, but applies to all) Everything that you do for cyber security you must reference a standard that you are following. Technical staff will use these, but it is imperative that management know and understand these standards. Management must support and embrace all actions based on a standard.

11 Hardening National Checklist Program Repository of publicly available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications. Security Technical Implementation Guides (STIG) STIG Tool Security Content Automation Protocol (SCAP) Automation-Protocol/SCAP-Releases/SCAP-1-1

12 Vulnerabilities National Vulnerability Database The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

13 Strategy

14 Framework Cyber Security Framework
A voluntary Framework that consists of standards, guidelines, and best practices to manage cybersecurity-related risk. ork-resources-0 Identify Protect Detect Respond Recovery Repeat

15 Cyber Security Best Practice
Cyber Security is a balanced approach of prevention, detection, and response to protect the confidentiality, integrity, and availability of electronic assets.

16 Governance Strategy Formalized process of organizational wide efforts to align IT/Security strategy with the business strategy. Realized benefits that are measurable and reportable to executives, management, and board members.

17 Checklist

18 Best Practice Checklist
Begin with writing customized policies, procedures, and protocols covering the following areas: Acceptable Use Data Loss Prevention Data Classifications Incident Response Passwords Personal devices Others as needed Perform a risk assessment Incident Response Plan Third party Incident Management Table top and scenario based assessments Training & Awareness for Executives, IT, and all Users Social Engineering and Phishing testing Two-Factor Authentication Password Management Centralized logging, retention, and Monitoring Updated software & hardware Backups Patch Management Malware & threat detection Encryption at rest, in transmission, and mobile Managed Firewall and IDS Third Party Risk Management

19 Cyber Liability Insurance
All insurance coverage is unique. Make sure you get all that you need to cover your risk. You will know what you are at risk for with a proper risk assessment. Make sure you have coverage to pay for the third party response to include forensics work. Make sure you are allowed to hire your own third party. The minimum coverage would be $50,000 per instance, but expect to pay up to $150,000. You would also need coverage for the loss or damage as well. Make sure that you get updated annually on the insurance since this area is very volatile right now.

20 Questions?

21 Thank You Calvin Weeks, EnCE, CEDS, CRISC, CISSP, CISM
| | forensics.eidebailly.com

Download ppt "I have many checklists: how do I get started with cyber security?"

Similar presentations

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Controls for Information Security

Controls for Information Security
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Similar presentations

Ads by Google