Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015.

Published byColeen Morrison Modified over 9 years ago

Similar presentations

Presentation on theme: "Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015."— Presentation transcript:

1 Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015

2 Audit Details Worked with SecurIT360 in an interrogatory process to discover how IT, process / application, and physical security is handled at MED Once audit was complete, SecurIT360 presented their findings to MED’s management team with recommendations for mitigation / remediation Iterative process over 2 bi-yearly audits looking for improvements and fixes from the previous audit

3 Audit Details SecurIT360 documented process and procedures through staff interviews to discover levels of security risk at MED Risk levels are defined as high, medium, low and include areas such as physical, organization, policy, recovery, system access, IT operations, system changes, compliance, and HR

4 Network Monitoring MED contracts with LBMC Managed Security Services to monitor and block unwanted / malicious network traffic LBMC installed a server that monitors our network and DMZ network This service is manned 24/7 by a team of Intrusion Detection / Prevention Analysts and alerts them to any suspicious traffic MED worked with LBMC to establish a baseline of acceptable network traffic and then block everything else Server sits behind our firewall and monitors traffic that isn’t blocked by the firewall

5 Hackers are trying to get in everyday…

6 What are we trying to keep out?

7 Who are we trying to keep out?

8 Is this enough protection? Simple answer is no… None of this type of protection will help us if our organizations are lax in any other area of security Social Engineering - A term for non-technical or low- technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems Physical Security – If hacker gains physical access to your facility, they don’t need to get past your firewall…they are already on the inside and assumed to be trusted

9 What can we do? The Top 3 Recommendations from Doug… Training Security, in all its forms, is everyone’s responsibility – from the janitor to the GM and everyone in between. We owe this to our customers and payment must be made everyday…

10 Questions? If you want any more information about specifics, please feel free to contact me My contact information is: Doug Brown dbrown@medtn.com 615-893-5514

Download ppt "Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015."

Similar presentations

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
Georgia State University 2003 A Ten Step Approach to Developing an Information Security Program Bill Paraska Director of University Computing.

Georgia State University 2003 A Ten Step Approach to Developing an Information Security Program Bill Paraska Director of University Computing.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Cyber Security Discussion Craig D’Abreo – VP Security Operations.

Cyber Security Discussion Craig D’Abreo – VP Security Operations.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Vulnerability Assessments

Vulnerability Assessments
Department Of Computer Engineering

Department Of Computer Engineering
Network security policy: best practices

Network security policy: best practices
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.

Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Audit – Proof Information System Security Controls Wednesday, August 18, 2010 John R. Robles Tel: 787-647-3961.

Audit – Proof Information System Security Controls Wednesday, August 18, 2010 John R. Robles Tel:
Information Security Training for Management Complying with the HIPAA Security Law.

Information Security Training for Management Complying with the HIPAA Security Law.
Information Security OECD, April 2001 International Computing Centre Managing Information Security Ed Gelbstein, International Computing Centre, Geneva.

Information Security OECD, April 2001 International Computing Centre Managing Information Security Ed Gelbstein, International Computing Centre, Geneva.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
Michael McDonnell GIAC Certified Intrusion Analyst Creative Commons License: You are free to share and remix but you must provide.

Michael McDonnell GIAC Certified Intrusion Analyst Creative Commons License: You are free to share and remix but you must provide.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.
1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.

1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.

Similar presentations

Ads by Google