Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Creating Security Through Policy and Practice
Transcript of Creating Security Through Policy and Practice
Impact Per Industry
Through Policy and Practice
Governance - P and P
It Starts with
What Can We Do?
What Can I Do?
Why does it matter?
Basics of Cyber security and Threats
Best practices to reduce risk
How to ensure your employees don't mess things up!
Who IS this guy?
Security is a BOARDROOM Issue
A large number of CEOs, board members and other executives don't understnad how breaches happen or how to respond!
Ugh. Worst offenders
are SENIOR Management!
76% of US companies had a cybersecurity incident during the last 12 months
71% of incidents happened in companies <100 people
80% of businesses that experience data breach suffer serious financial losses
Security has become a BOARDROOM issue
Ask questions when they hit you
You cannot endow even the best machine with
; the jolliest steamroller (or LOOM!) will not plant flowers.
-Walter Lippmann -Author
“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.”
– Kevin Mitnick
“The only truly secure system is one that is powered off,
cast in a block of concrete and sealed in a lead-lined room with armed guards.”
– Gene Spafford"
75% of employees
upload work stuff to personal email
Do you know your organization's data flow?
10% of breaches
70% of those that cost
Days to typically discover there has been a breach
Accidently send to wrong person
Take files when leaving jobs
Upload files to personal email or cloud accounts
Loss of productivity
Loss of market share
Make sure your policies exist
and are current
Make sure these are
to all stakeholders!
Change Passwords/pw Mgrs
2 factor authentication
Secure mobile devices
Protect Your Data - encryption
Be aware when on Wifi
Don't click stuff
Monitor, manage, analyze
and update systems
Develop and review
Who gets called if
there is a breach?
Recruit andTrain staff
on how to recognize
Develop a recovery plan
to run after a breach
of recovery to all affected
People Are The
Attempt to exploit systems not by
attacking the technology, but by exposing
the vulnerabilities of the humans using it
How to Fight social Engineering
Don't give out confidential info - verify with trusted source
Safeguard even inconsequential info about yourself
Lie to security questions and remember your lies
View every password reset email (phishing) with skepticism but change passwords often
Watch account and activity closely
Follow "PROTECT" steps - Passwords, AV, etc
Coordinate ongoing social engineering training with your teams
Social Engineering Fraud insurance coverage
Policies, standards and guidelines
Passwords are like underwear. You don't let people see it, you change it often and you don't let strangers have it.
If you think technology can solve your
computer security problems, then you
don't understand the technology and
you don't understand your problems.
Unlawful acts where the computer
is a tool, target or both.
Security Response plan
End User encryption key protection
Router and Switch Security
Wireless Communication Standard
Web Application Security
- A document that outlines specific req or rules
= a collection of system specific or procedural requirements that must be met by everyone
= a collection of system specific "suggestions" for best practice
Technology Equipment Disposal
Information Logging Standard
Workstation Security (HIPAA)
Strong Vs Weak
Who Are YOU?
Loss of life
Human Error 31%
Malicious Attack 29%
System Glitches 31%
Hoaxes use weaknesses in human behavior to ensure they are replicated and distributed. In other words, hoaxes prey on the
Human Operating System.
**** **** **** 0987
**** **** **** 0987
RoboForm - www.roboform.com
Keepass (free) -keepass.info
LastPass - lastpass.com
Dashlane - www.dashlane.com
Disaster Recovery Guidelines
Business Resumption Plan
Disaster Recovery Plan
You may be heckled if you take a phone call
Do not throw things at me
How to Create a Strong Password
27 Security Policies
Don't Reinvent The Wheel
OWASP (open web application security project)