Secure Your Business 2009


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Secure Your Business 2009

  1. 1. Secure Your Business!A Blueprint for a Healthy Technology Plan <br />2009<br />Presented by:<br />Robert CioffiDirector of Technology<br /><br />Copyright © 2009, Robert Cioffi, Progressive Computing Inc.<br />
  2. 2. Installing confidencein your network<br />We are Trusted Technology Advisors for small and mid-sized businesses throughout the NYC metro area.<br />We design, install and maintainMicrosoft Windows based networks.<br />We help customers who are…<br /> Overwhelmed or confused by technology problems.<br /> Frustrated by poor and unresponsive support.<br /> Feeling helpless when faced with new IT challenges.<br /><br />2<br />
  3. 3. Secure Your Business: Objectives<br /><ul><li> Increase Awareness of Threats</li></ul>What are the potential threats to my financial transactions, intellectual property, customer database, images, etc?<br /><ul><li> Understand Pressures on IT</li></ul>What are the dynamic forces affecting IT?<br /><ul><li> Understand Protection Strategies</li></ul>How do I protect my business?<br />3<br />Copyright © 2009, Robert Cioffi, Progressive Computing Inc.<br />
  4. 4. Secure Your Business: IT Mgmt Mistakes<br />It’s the economy, stupid!<br />“Companies using their 2009 performance as a guide are more likely to see 2010 as another down year, perhaps even lower than 2008…”<br />“…unlike past recessions, CIOs report that transaction and storage volumes continue to grow.  This means that enterprises have to work smarter by working in new ways than working harder by doing more with less. ”<br />Source: Gartner, The context for 2010 planning will be challenging, June 22, 2009<br />Pressure leads to Mistakes<br />IT is a Cost Center<br />Hyper focus on apps<br />IT is not well understood<br />If it ain’t broke, don’t fix it<br />4<br />Copyright © 2009, Robert Cioffi, Progressive Computing Inc.<br />
  5. 5. Secure Your Business: Traditional Threats<br />Recent Focus<br />}<br />Most Common<br />F.U.D.<br />Most Dangerous<br />5<br />Copyright © 2009, Robert Cioffi, Progressive Computing Inc.<br />
  6. 6. Secure Your Business: Threats 2009<br />Specific threats affecting business…<br />Phishing<br />Attacks<br />Spyware<br />Computer<br />Abuse<br />Data<br />Leakage<br />(Accidental)<br />Data<br />Loss<br />(Malicious)<br />Theft & Loss<br />Rising Costs & Less Resources<br />6<br />Copyright © 2009, Robert Cioffi, Progressive Computing Inc.<br />
  7. 7. Secure Your Business: Budgets<br />Data<br />Protection<br />Access<br />Controls<br />Risk Assessmentprovides clear direction onResource Expenditures<br />Power<br />Asset<br />Protection<br />Threat<br />Mgmt<br />Policies &<br />Procedures<br />7<br />Copyright © 2009, Robert Cioffi, Progressive Computing Inc.<br />
  8. 8. Secure Your Business: Data Protection<br />What’s the most important part of your computer system?<br />The Data!<br />What’s the right way to protect my data?<br />Traditional<br />Innovative<br />HYBRID<br />8<br />Copyright © 2009, Robert Cioffi, Progressive Computing Inc.<br />
  9. 9. Secure Your Business: Data Protection<br />Data Protection Technologies – 2009/10<br />Server Virtualization<br /> Reduce cost.<br /><ul><li> Maximize resource utilization.
  10. 10. Greater system availability.</li></ul>Online Backups<br /><ul><li> Near real-time backup.
  11. 11. Versioning and quick recovery.
  12. 12. Low operating costs.</li></ul>9<br />Copyright © 2009, Robert Cioffi, Progressive Computing Inc.<br />
  13. 13. Secure Your Business: Power<br />Rising costs of energy saps business.<br />Datacenters are running out of power<br /><ul><li> Costs to build power plants on the rise.
  14. 14. Government regulations making it harder.
  15. 15. Microsoft acquires local power plant for datacenter.</li></ul>Do more with less – Virtualization?<br />US power: Prone to failure & attack<br />10<br />Copyright © 2009, Robert Cioffi, Progressive Computing Inc.<br />
  16. 16. Secure Your Business: Threat Mgmt<br />Depth in Defense<br /><ul><li> Prevention
  17. 17. Protection
  18. 18. Detection
  19. 19. Response</li></ul>11<br />Copyright © 2009, Robert Cioffi, Progressive Computing Inc.<br />
  20. 20. Secure Your Business: Access Controls<br /> Who Has Access to What?<br />1. Define resources, and users; what can they access?<br />2. Force users to enter logon credentials to access resources.<br />3. Segregate data into logical areas & assign appropriate access.<br />4. Passwords should be hard to guess & changed periodically.<br />5. Educate users about dangers of social engineering.<br />6. Periodically check for and install software patches & updates.<br />7. Bio-Scan Technology: Hand readers, Retina scanners, etc.<br />Windows Group Policy is an excellent and powerful tool for implementing centralized Logical Security on your network: desktop lockdown, password policies, application options control, and more.<br />12<br />Copyright © 2009, Robert Cioffi, Progressive Computing Inc.<br />
  21. 21. Secure Your Business: Asset Controls<br /> How do I control & manage assets?<br /> Secure critical components behind locked doors.<br /><ul><li> Computer rooms should be well ventilated and properly cooled.
  22. 22. Restrict access to sensitive equipment to relevant personnel.
  23. 23. Computer workstations can be secured to walls or furniture.
  24. 24. Laptop users should keep an “eye” on their computer at all times.
  25. 25. Asset management systems help keep track of inventory. </li></ul> Technology Goes Hollywood<br /> Remote Device Wipe for Windows Mobile 6.x Devices<br /><ul><li> Windows Vista/7 Bit-Locker – Encrypt the entire drive
  26. 26. “Homing Pigeon” Software for lost or stolen equipment</li></ul>13<br />Copyright © 2009, Robert Cioffi, Progressive Computing Inc.<br />
  27. 27. Secure Your Business: Policies<br /> Corporate Policies & Procedures<br /><ul><li> Policies are guidelines for protecting assets.
  28. 28. Should be routinely reviewed and revised.
  29. 29. Good risk assessment will drive good security policies.
  30. 30. Makes expectations of employee behavior & accountability clear. </li></ul> Examples<br /> Dangers<br /><ul><li> Email & Internet Usage
  31. 31. Email signature disclaimers
  32. 32. Don’t Ask, Don’t Tell Passwords
  33. 33. Policies are platitudes rather than a decision or direction
  34. 34. Too restrictive – people bypass</li></ul>14<br />Copyright © 2009, Robert Cioffi, Progressive Computing Inc.<br />
  35. 35. Secure Your Business!<br />Q & A<br />15<br />Copyright © 2009, Robert Cioffi, Progressive Computing Inc.<br />