Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vanderburg
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vanderburg

on

  • 202 views

Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vanderburg

Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vanderburg

Statistics

Views

Total Views
202
Views on SlideShare
202
Embed Views
0

Actions

Likes
0
Downloads
10
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vanderburg Presentation Transcript

  • 1. Security Awareness: 360 degree empowerment for cyber defense February 27, 2014 Dr. Eric Vanderburg Director, Cybersecurity and Information Systems eav@jurinnov.com @evanderburg 216-664-1100 © 2014 JurInnov, Ltd. All Rights Reserved
  • 2. JurInnov: We know data. We… Protect it from harm Document it for evidence Cyber Security Forensics Obtain for discovery Organize it for litigation eDiscovery © 2014 JurInnov, Ltd. All Rights Reserved Lit Support 1
  • 3. Cybersecurity Maturity: Where are You? Elements of Effective Cybersecurity Culture of Security Legal Requirements Training and Education Policy, Procedure and Controls Monitor and Auditing Response and Documentation Information Management Accountability Leading Optimizing Practicing Developing Ad Hoc • Defined controls • Documented standards • Consistent performance • Likely repeatable • Some consistency • Lacks rigorous process discipline • Informal • Reactive • Inconsistent performance © 2014 JurInnov, Ltd. All Rights Reserved • Effective controls • Uses process metrics • Targeted improvement 2 • Integrated strategies • Innovative changes • Seamless controls
  • 4. How Security is comprised 90% People Process Technology 10% © 2014 JurInnov, Ltd. All Rights Reserved 3
  • 5. Computer Use • • • • Secure browsing Popups and warnings Certificate errors Suspicious links © 2014 JurInnov, Ltd. All Rights Reserved 4
  • 6. It’s ok to discriminate against data • You can’t treat it all the same – PHI – Personal information – Financial information – Trade secrets – Public information • Where is all the data? – Head, paper, computer, server, backup, email • What if we got rid of it? © 2014 JurInnov, Ltd. All Rights Reserved 5
  • 7. Malware • Viruses – Detection – Defense © 2014 JurInnov, Ltd. All Rights Reserved 6
  • 8. Phishing • • • • • Email Text Chat Craigslist Dating sites © 2014 JurInnov, Ltd. All Rights Reserved 7
  • 9. Passwords • Passwords are like underwear – Change them often – Showing them to others can get you in trouble – Don’t leave them lying around • • • • Use different passwords for different purposes Complexity Passphrase http://www.passwordmeter.com/ © 2014 JurInnov, Ltd. All Rights Reserved 8
  • 10. Things your mother probably told you • Don’t accept candy from strangers – Infected devices • It’s ok to ask questions – Challenge • Don’t leave your things lying around – Clean desk and locked screen • Be careful who your friends are – Social networking © 2014 JurInnov, Ltd. All Rights Reserved 9
  • 11. Business Integration InfoSec Strategy Business Strategy • Priorities • Roles and responsibilities • Targeted capabilities • Specific goals (timeframe) © 2014 JurInnov, Ltd. All Rights Reserved • • • • • • • • • 10 Core values Purpose Capabilities Client promise Business targets Specific goals Initiatives Action items Assignments and accountabilities
  • 12. Q&A Don’t be shy… © 2014 JurInnov, Ltd. All Rights Reserved 11