Data Security:
What every leader needs to know
Roger Hagedorn
Security Consultant
•CISSP - Certified Information Systems Security Professional
•GIAC Security Essentials ...
Agenda

•

Roger’s 5 Key Components of a
Security Program
What Can You Do Now?
How to Tell You’ve Been Breached
Action Ste...
More Introductions
• Who are you and what brings you to this
presentation?
• What are your security concerns?
Why Are We Here?
Security Breaches so far in 2013:
Approximately 10.6 million records
compromised and 483 breaches reporte...
Why Are We Here?
According to the Verizon 2013 Data Breach
Investigations Report (DBIR), organizations
with fewer than 100...
Why Are We Here?
Why do people hack?
•Notoriety—basic intrusions, early viruses
•Fame—creative or widespread malware
•Fina...
Why Are We Here?
The “Professionalization” of CyberCrime in
the form of large, organized criminal
syndicates
•Exploit auct...
Why Are We Here?
A Common Misconception:
“Our organization would never be a target of
hackers.”
– We do good work
– We’re ...
Why Are We Here?
What small organizations may not realize:
– Hackers use automated tools. They don’t
pick their targets; t...
Why We Are Here
This situation makes us all a target.
Key Components of a
Security Program
Key Components of a
Security Program
No. 1 is you.
Key Components of a
Security Program
Support from upper management is critical.
Without that, no program or initiative wil...
Key Components of a
Security Program
No. 2 is Data.

https://www.icts.uiowa.edu/content/integrated-reposit
Key Components of a
Security Program
An in-depth understanding of an
organization’s data and how it’s protected.
Compare t...
Key Components of a
Security Program

http://education-portal.com/academy/lesson/what-is-cloud-comp
Key Components of a
Security Program

http://education-portal.com/academy/lesson/what-is-cloud-comp
Intermission
Plucked from the Sept. 27 headlines:
Last week's arrest of eight men in
connection with a £1.3 million ($2.08...
Intermission
Plucked from the Sept. 27 headlines:
The arrest of 12 men in connection with a
scheme to
boobytrap computers ...
Key Components of a
Security Program
That in-depth understanding of your
organization’s data must include where it is
stor...
Key Components of a
Security Program
It is not enough to safeguard important data
—from HR-related data to financial
infor...
Key Components of a
Security Program
No. 3 is IT.
Now many people consider information
security an IT issue, which it is n...
Key Components of a
Security Program
But if your organization has one IT admin,
this is a challenge. Security is important...
Key Components of a
Security Program
•
•
•
•
•
•
•

Active Directory and Servers
Firewall
Wireless access points
Anti-Malw...
Key Components of a
Security Program
Also part of IT’s role in security is the
implementation of some basic practices:
•
•...
Key Components of a
Security Program
No. 4 is Policies and Procedures.
The scope and key elements of an overall
security p...
Key Components of a
Security Program
Then, from this broad basis, more granular
policies and procedures need to be
develop...
Key Components of a
Security Program
Example Policies:
•Computing Acceptable Use
•Remote Access
•Password Usage
•Data Rete...
Key Components of a
Security Program
Once the policies and procedures are in
place, they need to be regularly checked in
o...
Key Components of a
Security Program
No. 5 is Staff Involvement, especially
because staff are sometimes the weakest
link b...
Key Components of a
Security Program
Offer training programs, newsletters, brown
bag lunch sessions, posters, campaigns,
i...
What Can You Do Now?
Invest in prevention—implement Defense-inDepth
Educate your staff
Prepare an Incident Response Plan
T...
How to Tell You’ve Been
Breached
The top indicators are:
•Unusual Outbound Network Traffic
•Anomalies in Privileged User A...
Action Steps if Breached
•
•
•
•
•

Identify the Attack*
Quarantine the Damage**
Disinfect
Employ your Communication Strat...
And
remember
to
•

•
•
•

Recap
Roger’s 5 Key Components:

– Support from Upper Management
– Know your Data
– IT Controls and Monitoring
–...
Q and A
• Thanks very much for your attention.
• Any questions or commnents?
Roger Hagedorn
Email: roger@cultivatingsecuri...
Information Security Resources
The SANS Institute’s 20 Security Controls
http://www.sans.org/critical-security-controls/
I...
Information Security Resources
Top 15 Indicators Of Compromise
http://www.darkreading.com/attacks-breaches/top-15-indicato...
Upcoming SlideShare
Loading in …5
×

Data Security: What Every Leader Needs to Know

238
-1

Published on

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
238
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
10
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Data Security: What Every Leader Needs to Know

  1. 1. Data Security: What every leader needs to know
  2. 2. Roger Hagedorn Security Consultant •CISSP - Certified Information Systems Security Professional •GIAC Security Essentials (GSEC) Member: •(ISC)2 Twin Cities Area Chapter (isc2tc.org) •Upper Midwest Security Alliance (UMSA) – Board Member
  3. 3. Agenda • Roger’s 5 Key Components of a Security Program What Can You Do Now? How to Tell You’ve Been Breached Action Steps if Breached Please feel free to ask questions at any time. This session is for you. • • •
  4. 4. More Introductions • Who are you and what brings you to this presentation? • What are your security concerns?
  5. 5. Why Are We Here? Security Breaches so far in 2013: Approximately 10.6 million records compromised and 483 breaches reported. According to statistics compiled by the Privacy Rights Clearinghouse http://www.darkreading.com/database/lessons-learned-
  6. 6. Why Are We Here? According to the Verizon 2013 Data Breach Investigations Report (DBIR), organizations with fewer than 100 employees comprised 31% of data breach incidents investigated in 2012. http://www.verizonenterprise.com/DBIR/2013/
  7. 7. Why Are We Here? Why do people hack? •Notoriety—basic intrusions, early viruses •Fame—creative or widespread malware •Financial—theft and damage •Political Reasons—hactivism •National Interests—spying
  8. 8. Why Are We Here? The “Professionalization” of CyberCrime in the form of large, organized criminal syndicates •Exploit auction houses (WabiSabiLabi) •Forums and IRC (#Vxers, cybermafia.cc) •Botnet rental (5socks.net) •Identity auctions (76service) http://money.cnn.com/2011/07/27/technology/organi /
  9. 9. Why Are We Here? A Common Misconception: “Our organization would never be a target of hackers.” – We do good work – We’re too small to be noticed – We have nothing of value
  10. 10. Why Are We Here? What small organizations may not realize: – Hackers use automated tools. They don’t pick their targets; they find vulnerabilities. – All organizations have things of value: • Computing power (botnets) • Email contacts (other potential victims) • Personal information (identity theft)
  11. 11. Why We Are Here This situation makes us all a target.
  12. 12. Key Components of a Security Program
  13. 13. Key Components of a Security Program No. 1 is you.
  14. 14. Key Components of a Security Program Support from upper management is critical. Without that, no program or initiative will be fully successful. But with it, work processes can be adjusted, staff can learn, funds can be obtained, and attitudes can change.
  15. 15. Key Components of a Security Program No. 2 is Data. https://www.icts.uiowa.edu/content/integrated-reposit
  16. 16. Key Components of a Security Program An in-depth understanding of an organization’s data and how it’s protected. Compare the “Good Old Days” to today. . .
  17. 17. Key Components of a Security Program http://education-portal.com/academy/lesson/what-is-cloud-comp
  18. 18. Key Components of a Security Program http://education-portal.com/academy/lesson/what-is-cloud-comp
  19. 19. Intermission Plucked from the Sept. 27 headlines: Last week's arrest of eight men in connection with a £1.3 million ($2.08 million) bank heist carried out with a remote-control device they had the brass to plug into a Barclays branch computer http://nakedsecurity.sophos.com/2013/09/21/bank-robbers-pose-as-
  20. 20. Intermission Plucked from the Sept. 27 headlines: The arrest of 12 men in connection with a scheme to boobytrap computers at Santander, one of the UK's largest banks, by rigging the same type of remote-control device found in Barclays - devices that enable remote bank robbery. http://nakedsecurity.sophos.com/2013/09/13/12-arrested-a
  21. 21. Key Components of a Security Program That in-depth understanding of your organization’s data must include where it is stored, how it is classified—e.g., public, inhouse only, confidential—who can access it, and how this is being monitored.
  22. 22. Key Components of a Security Program It is not enough to safeguard important data —from HR-related data to financial information, and especially Personal Health Information—it is necessary to be able to demonstrate that appropriate controls are in place and effective.
  23. 23. Key Components of a Security Program No. 3 is IT. Now many people consider information security an IT issue, which it is not because it involves much more than IT, but it is true that hardware and software controls are a significant part of any security system.
  24. 24. Key Components of a Security Program But if your organization has one IT admin, this is a challenge. Security is important but only part of the job. There’s no dedicated security analyst. There’s no way IT can monitor everything. And it’s easy to waste time on logs and events that aren’t important. So what to monitor?
  25. 25. Key Components of a Security Program • • • • • • • Active Directory and Servers Firewall Wireless access points Anti-Malware In-house applications Data storage (file server, NAS or whatever) Any cloud services?
  26. 26. Key Components of a Security Program Also part of IT’s role in security is the implementation of some basic practices: • • • • • user accounts strong passwords locking screen-savers use a firewall and VPN update operating systems and applications • • • • • WPA2 encryption for WiFi separate guest WiFi encrypt data dispose of data policies See the SANS Institute’s 20 Security Controls
  27. 27. Key Components of a Security Program No. 4 is Policies and Procedures. The scope and key elements of an overall security policy need to be developed by a team that pulls from several areas of the organization, so that the diversity of divisions, end-users, and procedures are accounted for.
  28. 28. Key Components of a Security Program Then, from this broad basis, more granular policies and procedures need to be developed to deal with specific aspects of the enterprise.
  29. 29. Key Components of a Security Program Example Policies: •Computing Acceptable Use •Remote Access •Password Usage •Data Retention and Destruction •Flashdrive Usage •Cloud Storage
  30. 30. Key Components of a Security Program Once the policies and procedures are in place, they need to be regularly checked in order to verify that they are being followed and that they actually provide the security controls needed; if not, then they will have to be revised. And all policies and procedures need to be revised on a regular basis, generally annually.
  31. 31. Key Components of a Security Program No. 5 is Staff Involvement, especially because staff are sometimes the weakest link but can also be the first line of defense.
  32. 32. Key Components of a Security Program Offer training programs, newsletters, brown bag lunch sessions, posters, campaigns, informational lectures, news updates, and the like. While regulations like HIPAA mandate formal trainings, experience suggests that a combination of approaches works best.
  33. 33. What Can You Do Now? Invest in prevention—implement Defense-inDepth Educate your staff Prepare an Incident Response Plan Test your systems Whitelist applications
  34. 34. How to Tell You’ve Been Breached The top indicators are: •Unusual Outbound Network Traffic •Anomalies in Privileged User Account Activity •Geographical Irregularities http://www.darkreading.com/attacks-breaches/top-15-indicators-of-compromise/2401
  35. 35. Action Steps if Breached • • • • • Identify the Attack* Quarantine the Damage** Disinfect Employ your Communication Strategy Re-secure the Network • If you are lucky. Most learn from outside sources after the fact. ** But first ask if this is actionable; if so, consult a forensic specialist
  36. 36. And remember to
  37. 37. • • • • Recap Roger’s 5 Key Components: – Support from Upper Management – Know your Data – IT Controls and Monitoring – Policies and Procedures – Staff Involvement What Can You Do Now? How to Tell You’ve Been Breached Action Steps if Breached
  38. 38. Q and A • Thanks very much for your attention. • Any questions or commnents? Roger Hagedorn Email: roger@cultivatingsecurity.com Blog: www.cultivatingsecurity.com
  39. 39. Information Security Resources The SANS Institute’s 20 Security Controls http://www.sans.org/critical-security-controls/ Information Security Policy Templates http://www.sans.org/security-resources/policies/ The Australian Government’s 35 Controls http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm The Center for Internet Security http://www.cisecurity.org Ten Steps to Planning an Effective Cyber-Incident Response http://blogs.hbr.org/2013/07/ten-steps-to-planning-an-effect/
  40. 40. Information Security Resources Top 15 Indicators Of Compromise http://www.darkreading.com/attacks-breaches/top-15-indicators-ofcompromise/240162469?itc=edit_in_body_cross SonicWALL Phishing IQ Test http://www.sonicwall.com/furl/phishing/ Sophos 1-Minute Security Tips for the Workplace http://www.youtube.com/playlist?list=PLD88EACF404839195
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×