Presentation is loading. Please wait.

Presentation is loading. Please wait.

National Cyber Security

Published byAlberta Barker Modified over 6 years ago

Similar presentations

Presentation on theme: "National Cyber Security"— Presentation transcript:

1 National Cyber Security
Awareness Month

2 Who We Are Special Guest Zac Abdulkadir - CISSP, CISM, CRISC
President / CISO Bert Goodrich Vice President - Sales Special Guest Mike Wylie - MBA, CISSP Director, Cybersecurity Services Richey May Technology Solutions Tony Lewis Technical Account Manager Senior Engineer Andy Nolan SOC Manager

3

4 Tony Lewis – CIS Controls Basic CIS Controls
Inventory and Control of Hardware Assets Inventory and Control of Software Assets Continuous Vulnerability Management Controlled Use of Administrative Privileges Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers Maintenance, Monitoring and Analysis of Audit Logs

5 Tony Lewis – CIS Controls Foundational CIS Controls
and Web Browser Protections Malware Defenses Limitation and Control of Network Ports, Protocols and Services Data Recovery Capabilities Secure Configuration for Network Devices, such as Firewalls, Routers and Switches Boundary Defense Data Protection Controlled Access Based on the Need to Know Wireless Access Control Account Monitoring and Control

6 Tony Lewis – CIS Controls Organizational CIS Controls
Implement a Security Awareness and Training Program Application Software Security Incident Response and Management Penetration Tests and Red Team Exercises

7

8 Andy Nolan – Incident Response Incident Response Stats
206 days, on average, to detect a data breach. (Ponemon, 2017) 66 days, on average, to fully contain a data breach. (Verizon, 2017)

9 Andy Nolan – Incident Response Something something
Preparation and planning in advance Identification of true security incidents Containment of threats to minimize impact Eradication of threats at their origin Recovery of systems, applications and data Analysis of the incident for process improvement

10 Andy Nolan – Incident Response
Storytime – The Bad, and Ugly

11 Andy Nolan – Incident Response
Storytime – The Good!

12

13 Michael Wylie, MBA, CISSP 2018
Penetration Testing Michael Wylie, MBA, CISSP 2018

14 About me: Mike Wylie, MBA, CISSP Director, Cybersecurity Services
Richey may Technology Solutions Additional CEH CEI Project + Security + Certifications CCNA R&S CCNA CyberOps Pentest + CHPA

15 About Richey May Technology Solutions
Richey May Technology Solutions is a results-driven consulting firm offering the full spectrum of technology solutions for your business. Led by technology experts with decades of cumulative experience in executive IT roles, our team is able to bring you pragmatic, real-world solutions that deliver value to your business. Cybersecurity Cloud Services Governance, Risk, Compliance & Privacy Technology Management Consulting Marketing Technology

16 Information Security Statistics
62% of cyber incidents are Small-Mid businesses (Verizon, 2013) SMBs saw a 14% increase in cyber attacks from prior years (SEC, 2018) “Cybercrime Represents a Very Real, and Very Serious Threat to SMBs” (SEC, 2018)

17 What is Penetration Testing?
Ethical hacking with client authorization Using hacking tactics, techniques, and procedures for good Systematic testing of security controls Attempt to gain access to critical data

18 How Will Pen Testing Benefit Customers?
Exposes weaknesses before hackers do Required by several regulatory organizations - PCI-DSS - FISMA - SOX - NYDFS.NYCRR.500 - HIPAA - GLBA Actionable items to remediate Better value over vulnerability scans Far less expensive than a breach

19 How Will Pen-Testing Benefit MSPs?
Hundreds of vulnerabilities that need to be fixed Someone has to do the remediation work A breach would get you fired Customer sees you as proactive Learn to implement better security Increased IT & security budget

20 Pen Test Budget It depends on multiple factors Options:
Vulnerability scan ($) Security assessment ($$) White box test ($$) Grey box test ($$) Black box test ($$$) Red Team engagement ($$$$)

21 Make Sure You’re Getting a Good Test
Everyone does “security” now Balance between technical and business skills Clearly define a “penetration test” Discuss the scope, goals, and deliverable Understand what a penetration is not You get what you pay for

22 Thank You! Michael Wylie

23

24 Thank you for attending!
For further information, please contact Bert Goodrich Vice President of Sales (Direct Line) Cyber Security Services Network Design Cloud Solutions Business Continuity Project Management Infrastructure Monitoring

Download ppt "National Cyber Security"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,

Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,
Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September.

Information Security– SNO International Zanzibar, Tanzania Joe Beaulac, Sr. Manager – Cyber Defense Center & Risk/Vulnerability Management 23 September.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Copyright © 2011 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Continuous Monitoring: Diagnostics & Mitigation October 24, 2012.

Continuous Monitoring: Diagnostics & Mitigation October 24, 2012.
Nata Raju Gurrapu Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.

Nata Raju Gurrapu Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
IT Security – Scanning / Vulnerability Assessment David Geick State of Connecticut IT Security.

IT Security – Scanning / Vulnerability Assessment David Geick State of Connecticut IT Security.
Copyright © 2011 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
HO20110473 1 © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.

HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.

Similar presentations

Ads by Google