Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Creating Security Through Policy and Practice

The demand for information by employees combined with the increasing monetary value of this data has made organizations more vulnerable to cybercrime. In this session you will learn the history and principals of modern information security, how your
by

Ken Satkunam

on 8 March 2016

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Creating Security Through Policy and Practice

Business Impact!
Impact Per Industry
Creating Security
Through Policy and Practice

ND SHRM
Governance - P and P
Risk Management
Risk Management
Housekeeping
It Starts with
The People

What Can We Do?
What Can I Do?
1820.
Why does it matter?
Grocery List
spam
Milk
Eggs
Take Aways
Basics of Cyber security and Threats
Best practices to reduce risk
How to ensure your employees don't mess things up!
Who IS this guy?
Security is a BOARDROOM Issue
A large number of CEOs, board members and other executives don't understnad how breaches happen or how to respond!
The Threats
Ugh. Worst offenders
are SENIOR Management!
76% of US companies had a cybersecurity incident during the last 12 months
71% of incidents happened in companies <100 people
80% of businesses that experience data breach suffer serious financial losses
Security has become a BOARDROOM issue
The Cost
Insiders
BYOD
Informal!
Ask questions when they hit you
To Do:
Finish presentation
Practice presentation
Questions?
Thank you!
You cannot endow even the best machine with
initiative
; the jolliest steamroller (or LOOM!) will not plant flowers.

-Walter Lippmann -Author
“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.”

– Kevin Mitnick
“The only truly secure system is one that is powered off,
cast in a block of concrete and sealed in a lead-lined room with armed guards.”

– Gene Spafford"
75% of employees
upload work stuff to personal email
Do you know your organization's data flow?
10% of breaches
70% of those that cost
Days to typically discover there has been a breach
Accidently send to wrong person
Take files when leaving jobs
Upload files to personal email or cloud accounts
Destroy reputation
Loss of productivity
Loss of market share
Bankruptcy
IDENTIFY
PROTECT
DETECT
RESPOND
RECOVER
Make sure your policies exist
and are current
Make sure these are
communicted
to all stakeholders!
IDENTIFY
PROTECT
Update Software/patch
Antivirus/Antimalware
Change Passwords/pw Mgrs
2 factor authentication
Secure mobile devices
Protect Your Data - encryption
Be aware when on Wifi
Don't click stuff
DETECT
Monitor, manage, analyze
and update systems
RESPOND
Develop and review
Action plans
Who gets called if
there is a breach?
Recruit andTrain staff
on how to recognize
abnormal behavior
RECOVER
Develop a recovery plan
to run after a breach
Prepare communication
of recovery to all affected
parties
People Are The
Weakest Link
Social engineering
Attempt to exploit systems not by
attacking the technology, but by exposing
the vulnerabilities of the humans using it
How to Fight social Engineering
Don't give out confidential info - verify with trusted source
Safeguard even inconsequential info about yourself
Lie to security questions and remember your lies
View every password reset email (phishing) with skepticism but change passwords often
Watch account and activity closely
Follow "PROTECT" steps - Passwords, AV, etc
Coordinate ongoing social engineering training with your teams
Social Engineering Fraud insurance coverage
Policies, standards and guidelines

www.sans.org/security-resources/policies
Passwords are like underwear. You don't let people see it, you change it often and you don't let strangers have it.

-Chris Pirillo
If you think technology can solve your
computer security problems, then you
don't understand the technology and
you don't understand your problems.

-Bruce Schneier
Cybercrime Defined
Unlawful acts where the computer
is a tool, target or both.
Contact Info
ken.satkunam@northstar-tg.com
www.facebook.com/NorthStarTechno
www.twitter.com/NorthStartecho
www.linkedin.com/in/kensatkunam
Hackers,
You're FIRED!
General Computing
Encryption
Acceptable use
Clean Desk
Disaster Recovery
Digital signature
Email
Ethics
Pandemic response
Passwords construction
Pasword protection
Security Response plan
End User encryption key protection
Network Security
Acquistion assessment
Bluetooth baseline
Remote access
Router and Switch Security
Wireless Communication
Wireless Communication Standard
Web Applications
Web Application Security
Policy
- A document that outlines specific req or rules
Standard
= a collection of system specific or procedural requirements that must be met by everyone
Guideline
= a collection of system specific "suggestions" for best practice
Server Security
Database credentials
Technology Equipment Disposal
Information Logging Standard
Lab Security
Server Security
Software Installation
Workstation Security (HIPAA)
Strong Vs Weak
Password1
06/04/79
Advan!age0us!
$wanR!ceRedD00r
510152025
MsAw3yO!D
Whoa.
www.northstar-tg.com
Who Are YOU?
Lawsuits
Loss of life
Human Error 31%
Malicious Attack 29%
System Glitches 31%
Hoaxes use weaknesses in human behavior to ensure they are replicated and distributed. In other words, hoaxes prey on the
Human Operating System.

-Stewart Kirkpatrick
BACKUP/DR
BUSINESS CONTINUITY
SYSTEMS/PLANS
**** **** **** 0987
**** **** **** 0987
Password Managers
RoboForm - www.roboform.com
Keepass (free) -keepass.info
LastPass - lastpass.com
Dashlane - www.dashlane.com
Disaster Recovery Guidelines
https://www.sans.org/reading-room/whitepapers/recovery/disaster-recovery-plan-strategies-processes-564
http://www.sans.org/reading-room/whitepapers/recovery/business-resumption-planning-progressive-approach-562
Business Resumption Plan
Disaster Recovery Plan
You may be heckled if you take a phone call
Do not throw things at me
HOusekeeping, continued...
Policy Format
How to Create a Strong Password
27 Security Policies
Don't Reinvent The Wheel
OWASP (open web application security project)
Full transcript