Data Security for Nonprofits

622 views

Published on

Presentation on data security for nonprofit organizations presented by Ken Robey, CISSP, of Security in Focus, Inc., as part of the Project Ignite forum series.

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
622
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • 2 GbytesAnd these are the ones you can see. Others are just programs that install on your PC and continuously send back info.
  • Qualitative – rate the likelihood and impact of each threat you’ve identified.Look at Hugo:Likelihood – RareImpact – Material, maybe Catastrophic
  • Banking example from malwareBrowser overlay with keyloggerInformation captured and transmitted to criminals, but not bankAccount emptied within 3 minutes of user login while user being delayed by bogus error messagesUser then given false display showing old balance, and transaction list omitting those that emptied accountUser never actually connects with bank
  • Now you have one of these grids for each of the threats you identified and can make better decisions on which ones to mitigate.
  • If you decide to mitigate, there are two basic typesBehavioral (policy, process, education) – very effective for many threatsTechnological (anti-virus, firewall, intrusion detection, SPAM filters, …) – fairly effective in fighting yesterday’s threats; generally reacting to known threats; some new threat recognitionProbably need to do both. Avoid over reliance on technology.
  • ×