SlideShare a Scribd company logo

Cyber security

Download as PPTX, PDF
Peter Henley
Peter Henley

For Executives, not technicians

Technology
1 of 17
Protecting Your Not-For-Profit Cyber Security
Approach • Understand the issues • Evaluate your risks • Protect your company • React to a breach Title of Slide Deck 2
Technology Profile • IT as a strategic asset not a cost • IT Spending levels • Security • Governance • Your place on the adoption curve • Training • Constituent touch points Title of Slide Deck 3
Security Profile • Risk aversion • User technical expertise • Presence of PII • Security budget – Outsourced services – Equipment • Use of remote access and the cloud • Number of In-house IT staff and expertise • Whether laptops are used • Physical characteristics of offices; stand alone, high rise • Specific password policy: – Length – Complexity – Expiration – Number of attempts before lockout – Lockout time length – Number of password changes before reuse Title of Slide Deck 4
Anatomy Of A Breach • Compromise credentials • Escalate permissions • Search and access data • Exfiltration • Sale of data Cyber Security 5
Know The Basics • Security is all about perception • Balance – Cost, user access, protection complexity • Physical, logical, social • Data at rest, and data in transit • Components – Inventory, Risk, Assessment Title of Slide Deck 6
Security Plan Components • Inventory – Data – Hardware – Software – Policies – Skills and Knowledge • Internal, consultants • Risks • Assessment – Action Items – Policy Changes – User Education • Breach Response Plan • Ongoing Maintenance – Priorities – Accountability Title of Slide Deck 7
Data Inventory • Where is the data and who has access to it? – Low risk vs. High business impact (HBI) – Personally Identifiable Information (PII) – Product designs – Customer database, AR – Financial information – E-mail – Vendor contracts – Software configurations Title of Slide Deck 8
Cloud • Inventory • AICPA SOC 2 report (formerly SAS70, now SSAE16 ) • Pass-through reports • Applications’ data locations Title of Slide Deck 9
Mobile • Inventory • Device encryption • Password • Time out • Ability to wipe device Title of Slide Deck 10
Mitigation Examples – Before And After • Account retry lockout • Pass phrases instead of complex passwords • Signed security policies • Two factor authentication • Training • Hard drive encryption • Web site certificates • Inactivity timeout with password required • Disallowing personally identifiable information (PII) Title of Slide Deck 11
Data Breach Insurance • Identify the cause and the individuals affected • Notification • Credit monitoring for individuals affected • Public relations management • Legal expenses to work with regulators Title of Slide Deck 12
Action Items • Inventory personally identifiable information (PII) • Assess the likelihood of a breach of PII • Encrypt all laptops and other selected computers • Have an outside security assessment performed • Implement an Intrusion Detection System • Purchase insurance • Develop an after-breach plan – tech and non-tech • Training, awareness Title of Slide Deck 13
Questions • peterhenley@clarknuber.com • 425-454-4919 • http://slideshare.net/peterhenley Title of Slide Deck 14
Resources • Washington state notification law: http://apps.leg.wa.gov/rcw/default.aspx?cite=19.255 .010 • Sample privacy policy: http://www.privacyaffiliates.com/ps/ps0709192337. html • Sample IT policy: http://slideshare.net/peterhenley Title of Slide Deck 15
Logical Security Terms • Confidentiality—who should have access to the data? – Username and password (pass phrase) – Encryption • Authorization—what permissions does the user have for working with the data? – Data classification • Accountability—what has the recipient done with the data? – System logs, policy • Integrity—how do you know if the data has been altered? – Data attributes – time stamp, size, author • Authenticity—how do you know where the data came from? Title of Slide Deck 16
More Security Terms • Physical Security, "In the Room" - the ability to physically protect and secure systems and components from theft • User Security, "At the Keyboard" - the processes and policies used to assure user authentication • System Security, "In the Box" - the ability to protect the integrity of a system from malicious attack • Network Security, "On the Net" - the ability to interact with internal and external users and remote systems in a secure manner Title of Slide Deck 17

Recommended

Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016Tomppa Järvinen
 
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesFuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesSparkrock
 
Database forensics
Database forensicsDatabase forensics
Database forensicsDenys A. Flores, PhD
 
Data Security
Data SecurityData Security
Data Securityankita_kashyap
 
03 cia
03 cia03 cia
03 ciaJadavsejal
 
Data Security
Data SecurityData Security
Data SecurityqmsWrapper
 
Threats
ThreatsThreats
ThreatsMentalist Akram
 
Database security
Database securityDatabase security
Database securityPrabhat gangwar
 

Recommended

Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016Tomppa Järvinen
 
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesFuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesSparkrock
 
Database forensics
Database forensicsDatabase forensics
Database forensicsDenys A. Flores, PhD
 
Data Security
Data SecurityData Security
Data Securityankita_kashyap
 
03 cia
03 cia03 cia
03 ciaJadavsejal
 
Data Security
Data SecurityData Security
Data SecurityqmsWrapper
 
Threats
ThreatsThreats
ThreatsMentalist Akram
 
Database security
Database securityDatabase security
Database securityPrabhat gangwar
 
Lesson10 Database security
Lesson10 Database security Lesson10 Database security
Lesson10 Database security Muhammad Sikandar Mustafa
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Carver IT Security for Librarians
Carver IT Security for LibrariansCarver IT Security for Librarians
Carver IT Security for LibrariansNational Information Standards Organization (NISO)
 
Brochure Imperva Vormetric
Brochure Imperva VormetricBrochure Imperva Vormetric
Brochure Imperva VormetricMichelle Guerrero Montalvo
 
BOMA
BOMABOMA
BOMAjdemone
 
Carver-IT Security for Librarians
Carver-IT Security for LibrariansCarver-IT Security for Librarians
Carver-IT Security for LibrariansNational Information Standards Organization (NISO)
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Techsylvania
 
Logs in Security and Compliance flare
Logs in Security and Compliance flareLogs in Security and Compliance flare
Logs in Security and Compliance flarezilberberg
 
Data security
Data securityData security
Data securityTapan Khilar
 
Database security
Database securityDatabase security
Database securityMaryamAsghar9
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security ExplainedHappiest Minds Technologies
 
Two Become One Conference Keynote: Encryption and Key Management
Two Become One Conference Keynote: Encryption and Key Management Two Become One Conference Keynote: Encryption and Key Management
Two Become One Conference Keynote: Encryption and Key Management Access Group
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecuritySam Bowne
 
Database Security Management
Database Security Management Database Security Management
Database Security Management Ahsin Yousaf
 
Database Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database SecurityDatabase Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database SecurityRaj vardhan
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacySolix Technologies, Inc
 
Data Security
Data SecurityData Security
Data SecurityMark Waltzer
 
Hh customer presentation web
Hh customer presentation webHh customer presentation web
Hh customer presentation webVirginia Mushkatblat
 
NACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansNACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansMaurice Dawson
 
SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016SolarWinds
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 

More Related Content

What's hot

Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Techsylvania
 
Logs in Security and Compliance flare
Logs in Security and Compliance flareLogs in Security and Compliance flare
Logs in Security and Compliance flarezilberberg
 
Two Become One Conference Keynote: Encryption and Key Management
Two Become One Conference Keynote: Encryption and Key Management Two Become One Conference Keynote: Encryption and Key Management
Two Become One Conference Keynote: Encryption and Key Management Access Group
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecuritySam Bowne
 
Database Security Management
Database Security Management Database Security Management
Database Security Management Ahsin Yousaf
 
Database Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database SecurityDatabase Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database SecurityRaj vardhan
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacySolix Technologies, Inc
 

What's hot (19)

Lesson10 Database security
Lesson10 Database security Lesson10 Database security
Lesson10 Database security
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Carver IT Security for Librarians
Carver IT Security for LibrariansCarver IT Security for Librarians
Carver IT Security for Librarians
 
Brochure Imperva Vormetric
Brochure Imperva VormetricBrochure Imperva Vormetric
Brochure Imperva Vormetric
 
BOMA
BOMABOMA
BOMA
 
Carver-IT Security for Librarians
Carver-IT Security for LibrariansCarver-IT Security for Librarians
Carver-IT Security for Librarians
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
 
Logs in Security and Compliance flare
Logs in Security and Compliance flareLogs in Security and Compliance flare
Logs in Security and Compliance flare
 
Data security
Data securityData security
Data security
 
Database security
Database securityDatabase security
Database security
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
 
Two Become One Conference Keynote: Encryption and Key Management
Two Become One Conference Keynote: Encryption and Key Management Two Become One Conference Keynote: Encryption and Key Management
Two Become One Conference Keynote: Encryption and Key Management
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset Security
 
Database Security Management
Database Security Management Database Security Management
Database Security Management
 
Database Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database SecurityDatabase Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database Security
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacy
 
Data Security
Data SecurityData Security
Data Security
 
Hh customer presentation web
Hh customer presentation webHh customer presentation web
Hh customer presentation web
 

Viewers also liked

NACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansNACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansMaurice Dawson
 
SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016SolarWinds
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 

Viewers also liked (7)

NACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansNACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New Orleans
 
SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Similar to Cyber security

Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOAPeter Henley
 
Session4807.ppt
Session4807.pptSession4807.ppt
Session4807.ppttalkaton
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
Trust in a Digital World
Trust in a Digital WorldTrust in a Digital World
Trust in a Digital Worlditnewsafrica
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Aptera Inc
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmontscm24
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySabra Goldick
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...David Cunningham
 
educational content,educational content,educational content,
educational content,educational content,educational content,educational content,educational content,educational content,
educational content,educational content,educational content,Olajide Kuku
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Precisely
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilitiesPeter Henley
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008Denny Lee
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataPrecisely
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfBabyBoy55
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 

Similar to Cyber security (20)

Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOA
 
Security Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android AppsSecurity Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android Apps
 
Session4807.ppt
Session4807.pptSession4807.ppt
Session4807.ppt
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
Trust in a Digital World
Trust in a Digital WorldTrust in a Digital World
Trust in a Digital World
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013
 
Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmont
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...
 
educational content,educational content,educational content,
educational content,educational content,educational content,educational content,educational content,educational content,
educational content,educational content,educational content,
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilities
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdf
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
 

More from Peter Henley

Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsPeter Henley
 
IT Policy Template
IT Policy TemplateIT Policy Template
IT Policy TemplatePeter Henley
 
Advice to graduates
Advice to graduatesAdvice to graduates
Advice to graduatesPeter Henley
 
Strategic role of the CIO
Strategic role of the CIOStrategic role of the CIO
Strategic role of the CIOPeter Henley
 
eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879Peter Henley
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital SignaturesPeter Henley
 
Cloud Computing Discussion Points
Cloud Computing Discussion PointsCloud Computing Discussion Points
Cloud Computing Discussion PointsPeter Henley
 
Cloud Computing Classifications
Cloud Computing ClassificationsCloud Computing Classifications
Cloud Computing ClassificationsPeter Henley
 
Paperless Best Practices 2014
Paperless Best Practices 2014Paperless Best Practices 2014
Paperless Best Practices 2014Peter Henley
 
CPA Firm CIO Job Description
CPA Firm CIO Job DescriptionCPA Firm CIO Job Description
CPA Firm CIO Job DescriptionPeter Henley
 
2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USA2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USAPeter Henley
 
Clark Nuber IT Policy
Clark Nuber IT PolicyClark Nuber IT Policy
Clark Nuber IT PolicyPeter Henley
 
Technology Profile of a Company
Technology Profile of a CompanyTechnology Profile of a Company
Technology Profile of a CompanyPeter Henley
 
Killer Interview Questions
Killer Interview QuestionsKiller Interview Questions
Killer Interview QuestionsPeter Henley
 
CIO skills evaluation
CIO skills evaluationCIO skills evaluation
CIO skills evaluationPeter Henley
 
Business continuity
Business continuityBusiness continuity
Business continuityPeter Henley
 

More from Peter Henley (20)

Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response Excerpts
 
IT Policy Template
IT Policy TemplateIT Policy Template
IT Policy Template
 
Advice to graduates
Advice to graduatesAdvice to graduates
Advice to graduates
 
Strategic role of the CIO
Strategic role of the CIOStrategic role of the CIO
Strategic role of the CIO
 
eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879
 
Cloud Plan 2014
Cloud Plan 2014Cloud Plan 2014
Cloud Plan 2014
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
Cloud Computing Discussion Points
Cloud Computing Discussion PointsCloud Computing Discussion Points
Cloud Computing Discussion Points
 
Cloud Computing Classifications
Cloud Computing ClassificationsCloud Computing Classifications
Cloud Computing Classifications
 
Cloud slides
Cloud slidesCloud slides
Cloud slides
 
Paperless Best Practices 2014
Paperless Best Practices 2014Paperless Best Practices 2014
Paperless Best Practices 2014
 
CPA Firm CIO Job Description
CPA Firm CIO Job DescriptionCPA Firm CIO Job Description
CPA Firm CIO Job Description
 
2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USA2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USA
 
Clark Nuber IT Policy
Clark Nuber IT PolicyClark Nuber IT Policy
Clark Nuber IT Policy
 
Technology Profile of a Company
Technology Profile of a CompanyTechnology Profile of a Company
Technology Profile of a Company
 
Killer Interview Questions
Killer Interview QuestionsKiller Interview Questions
Killer Interview Questions
 
CIO Role
CIO RoleCIO Role
CIO Role
 
CIO skills evaluation
CIO skills evaluationCIO skills evaluation
CIO skills evaluation
 
Business continuity
Business continuityBusiness continuity
Business continuity
 
IT Decision model
IT Decision modelIT Decision model
IT Decision model
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Cyber security

  • 2. Approach • Understand the issues • Evaluate your risks • Protect your company • React to a breach Title of Slide Deck 2
  • 3. Technology Profile • IT as a strategic asset not a cost • IT Spending levels • Security • Governance • Your place on the adoption curve • Training • Constituent touch points Title of Slide Deck 3
  • 4. Security Profile • Risk aversion • User technical expertise • Presence of PII • Security budget – Outsourced services – Equipment • Use of remote access and the cloud • Number of In-house IT staff and expertise • Whether laptops are used • Physical characteristics of offices; stand alone, high rise • Specific password policy: – Length – Complexity – Expiration – Number of attempts before lockout – Lockout time length – Number of password changes before reuse Title of Slide Deck 4
  • 5. Anatomy Of A Breach • Compromise credentials • Escalate permissions • Search and access data • Exfiltration • Sale of data Cyber Security 5
  • 6. Know The Basics • Security is all about perception • Balance – Cost, user access, protection complexity • Physical, logical, social • Data at rest, and data in transit • Components – Inventory, Risk, Assessment Title of Slide Deck 6
  • 7. Security Plan Components • Inventory – Data – Hardware – Software – Policies – Skills and Knowledge • Internal, consultants • Risks • Assessment – Action Items – Policy Changes – User Education • Breach Response Plan • Ongoing Maintenance – Priorities – Accountability Title of Slide Deck 7
  • 8. Data Inventory • Where is the data and who has access to it? – Low risk vs. High business impact (HBI) – Personally Identifiable Information (PII) – Product designs – Customer database, AR – Financial information – E-mail – Vendor contracts – Software configurations Title of Slide Deck 8
  • 9. Cloud • Inventory • AICPA SOC 2 report (formerly SAS70, now SSAE16 ) • Pass-through reports • Applications’ data locations Title of Slide Deck 9
  • 10. Mobile • Inventory • Device encryption • Password • Time out • Ability to wipe device Title of Slide Deck 10
  • 11. Mitigation Examples – Before And After • Account retry lockout • Pass phrases instead of complex passwords • Signed security policies • Two factor authentication • Training • Hard drive encryption • Web site certificates • Inactivity timeout with password required • Disallowing personally identifiable information (PII) Title of Slide Deck 11
  • 12. Data Breach Insurance • Identify the cause and the individuals affected • Notification • Credit monitoring for individuals affected • Public relations management • Legal expenses to work with regulators Title of Slide Deck 12
  • 13. Action Items • Inventory personally identifiable information (PII) • Assess the likelihood of a breach of PII • Encrypt all laptops and other selected computers • Have an outside security assessment performed • Implement an Intrusion Detection System • Purchase insurance • Develop an after-breach plan – tech and non-tech • Training, awareness Title of Slide Deck 13
  • 14. Questions • peterhenley@clarknuber.com • 425-454-4919 • http://slideshare.net/peterhenley Title of Slide Deck 14
  • 15. Resources • Washington state notification law: http://apps.leg.wa.gov/rcw/default.aspx?cite=19.255 .010 • Sample privacy policy: http://www.privacyaffiliates.com/ps/ps0709192337. html • Sample IT policy: http://slideshare.net/peterhenley Title of Slide Deck 15
  • 16. Logical Security Terms • Confidentiality—who should have access to the data? – Username and password (pass phrase) – Encryption • Authorization—what permissions does the user have for working with the data? – Data classification • Accountability—what has the recipient done with the data? – System logs, policy • Integrity—how do you know if the data has been altered? – Data attributes – time stamp, size, author • Authenticity—how do you know where the data came from? Title of Slide Deck 16
  • 17. More Security Terms • Physical Security, "In the Room" - the ability to physically protect and secure systems and components from theft • User Security, "At the Keyboard" - the processes and policies used to assure user authentication • System Security, "In the Box" - the ability to protect the integrity of a system from malicious attack • Network Security, "On the Net" - the ability to interact with internal and external users and remote systems in a secure manner Title of Slide Deck 17