Presentation is loading. Please wait.

Presentation is loading. Please wait.

Formulating a Security Policy for the Modern IT Landscape.

Published byClinton Dixon Modified over 9 years ago

Similar presentations

Presentation on theme: "Formulating a Security Policy for the Modern IT Landscape."— Presentation transcript:

1 Formulating a Security Policy for the Modern IT Landscape

2 Founder L0pht Heavy Industries Creator Whacked Mac Archives Founder @Stake Testified to Congress on “Weak Computer Security in Government” Blackhat, Defcon, HOPE – MTV, ABC, CNN Editor Hacker News Network Strategist Tenable Network Security cthomas@tenable.comcthomas@tenable.com @spacerog Cris Thomas Space Rogue

3 How can you know if you are taking the right steps and if you are doing enough to protect your assets and business?

4 Will we be the next headline? Where are our Risks How effective is our security How do we measure success What to invest in next?

5 Best Practices The 20 Critical Security Controls from the SANS Institute and the Council on CyberSecurityCritical Security Controls The NIST Cybersecurity FrameworkNIST Cybersecurity Framework The National Campaign for Cyber Hygiene from the Center for Internet Security and the Council on CyberSecurityNational Campaign for Cyber Hygiene The PCI Data Security StandardPCI Data Security Standard

6 Best Practices The 20 Critical Security Controls from the SANS Institute and the Council on CyberSecurityCritical Security Controls The NIST Cybersecurity FrameworkNIST Cybersecurity Framework The National Campaign for Cyber Hygiene from the Center for Internet Security and the Council on CyberSecurityNational Campaign for Cyber Hygiene The PCI Data Security StandardPCI Data Security Standard

7 FUNDAMENTALS PRACTICE THE FIRST

8 TENABLE’S 5 CRITICAL CYBER CONTROLS

9 INVENTORY YOUR ASSETS 1 Software Hardware BYOD Virtual systems Cloud apps SoftwareHardwareBYOD Virtual systems Cloud apps

10 CONTINUOUSLY PATCH 2 Detect public vulnerabilities Find machines that are missing patches Operating systems Applications Infrastructure Detect public vulnerabilities Find machines that are missing patches Operating systems ApplicationsInfrastructure

11 SECURE THE NETWORK 3 Anti-virus Application white listing Intrusion prevention Access control Threat subscriptions Segment your network and data Anti-virus Application white listing Intrusion prevention Access control Threat subscriptions Segment your network and data

12 LIMIT USER ACCESS 4 No default accounts Enforce strong passwords Log all accesses Review which account have access to which resources Review which accounts have access to which resources Log all accesses Enforce strong passwords No default accounts

13 SEARCH FOR MALWARE 5 Malware Bad guys Insiders MalwareBad guysInsiders

14 The Modern Landscape Next Gen Vulnerability Management Malware Detection Compliance and Patch Monitoring Network Behavior Analysis Log Collection Forensic Analysis Incident Response Mobile, Virtual and Cloud Coverage

15

Download ppt "Formulating a Security Policy for the Modern IT Landscape."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Security Controls – What Works

Security Controls – What Works
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
IBM Security A New Era of Security for a New Era of Computing Pelin Konakcı IBM Security Software Sales Leader.

IBM Security A New Era of Security for a New Era of Computing Pelin Konakcı IBM Security Software Sales Leader.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,

Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Securing Information Systems

Securing Information Systems
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
PCI: As complicated as it sounds? Gerry Lawrence CTO

PCI: As complicated as it sounds? Gerry Lawrence CTO
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Information Assurance Program Manager U.S. Army Europe and Seventh Army Information Assurance in Large-Scale Practice International Scientific NATO PfP/PWP.

Information Assurance Program Manager U.S. Army Europe and Seventh Army Information Assurance in Large-Scale Practice International Scientific NATO PfP/PWP.
© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.

© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Similar presentations

Ads by Google