Nonprofit Security Matters: It's Not About the Network

Security Matters It’s not about the network

What’s Your Biggest Threat? http://flickr.com/photos/mikeygottawa/533355476/

The Top 12 Security Threats Reported by CTOs
12. Extortion
11. Denial of Service (DoS)
10. Vandalism
9. Pharming
8. Phishing
7. Fraudulent Transaction

The Top 12 Security Threats Reported by CTOs
6. Physical Loss
5. Unauthorized Access by Outsiders
4. Malware
3. Spam
2. Unauthorized Access by Insiders
1. Insider Misuse
Source: http://www.computereconomics.com/article.cfm?id=1214

The Top 2 (and #6) Security Threats The Cost of an “Inside Job”
Four in ten IT managers report incidents involving non-compliance while another 27 percent have seen unintentional release of corporate information.
A typical incident requires 22 IT employee hours to remediate.

Security Philosophy Control What You Can
0’s and 1’s, not people.
Network, workstations, devices, applications, files.

Control What You Can Networks
NAT Routers
Integrated VPN
Dynamic IP addresses
Wireless - closed
http://flickr.com/photos/abbyladybug/930518276/

Control What You Can Workstations
Firewalls
Antivirus
Anti-spyware
Spam filtering
Internet filtering (?)
Backups
http://flickr.com/photos/53088165@N00/579761138/

Control What You Can In the Cloud
Enough seats for all users
Independent passwords
Automatic logout
Required password changes
http://flickr.com/photos/86778817@N00/88641569/

Control What You Can Devices / Drives
Passwords for all devices and drives
Encryption for files stored on devices and drives
http://flickr.com/photos/ian-s/2152798588/

Security Philosophy IT’s More than Digital
In 2008…each man, woman, and child will use 4,847 sheets of the office paper, 36 sheets fewer than 2007.
Source: http://www.entrepreneur.com/tradejournals/article/184744007.html

Security Philosophy Plug the Biggest Holes
Prioritize!
Risk = Value of Asset x Severity of Vulnerability x Likelihood of Attack
Source: http://h71028.www7.hp.com/ERC/cache/568165-0-0-0-121.html

Security Philosophy Plan for Failure
Know how you will respond to security breaches in terms of IT
Plan for notifying important parties - it’s the law!

Security Philosophy Train for Success
Ultimately, your success relies on your people
Try Disaster Days trainings (make it fun!)
Make security issues part of your regular communications

Security Resources
HP Security Risk Assessment
http://h71028.www7.hp.com/ERC/cache/568165-0-0-0-121.html
TechSoup Healthy and Secure Computing
http://www.techsoup.org/hsc/
CERT Octave
http://www.cert.org/octave/
SANS Reading Room
http://sans.org/
Security Focus
http://www.securityfocus.com/
NSA Security Confirguration Guides
http://www.nsa.gov/snac/

As we look ahead into the next century, leaders will be those who empower others. - Bill Gates, founder Microsoft

Nonprofit Security Matters: It's Not About the Network

by Holly Ross on Jan 21, 2009

Accessibility

Categories

Tags

Upload Details

Usage Rights

Statistics

Nonprofit Security Matters: It’s Not About the Network — Presentation Transcript