SlideShare a Scribd company logo

Cyber security

Download as PPTX, PDF
Peter Henley
Peter Henley

For Executives, not technicians

Technology
1 of 17
Protecting Your Not-For-Profit Cyber Security
Approach • Understand the issues • Evaluate your risks • Protect your company • React to a breach Title of Slide Deck 2
Technology Profile • IT as a strategic asset not a cost • IT Spending levels • Security • Governance • Your place on the adoption curve • Training • Constituent touch points Title of Slide Deck 3
Security Profile • Risk aversion • User technical expertise • Presence of PII • Security budget – Outsourced services – Equipment • Use of remote access and the cloud • Number of In-house IT staff and expertise • Whether laptops are used • Physical characteristics of offices; stand alone, high rise • Specific password policy: – Length – Complexity – Expiration – Number of attempts before lockout – Lockout time length – Number of password changes before reuse Title of Slide Deck 4
Anatomy Of A Breach • Compromise credentials • Escalate permissions • Search and access data • Exfiltration • Sale of data Cyber Security 5
Know The Basics • Security is all about perception • Balance – Cost, user access, protection complexity • Physical, logical, social • Data at rest, and data in transit • Components – Inventory, Risk, Assessment Title of Slide Deck 6
Security Plan Components • Inventory – Data – Hardware – Software – Policies – Skills and Knowledge • Internal, consultants • Risks • Assessment – Action Items – Policy Changes – User Education • Breach Response Plan • Ongoing Maintenance – Priorities – Accountability Title of Slide Deck 7
Data Inventory • Where is the data and who has access to it? – Low risk vs. High business impact (HBI) – Personally Identifiable Information (PII) – Product designs – Customer database, AR – Financial information – E-mail – Vendor contracts – Software configurations Title of Slide Deck 8
Cloud • Inventory • AICPA SOC 2 report (formerly SAS70, now SSAE16 ) • Pass-through reports • Applications’ data locations Title of Slide Deck 9
Mobile • Inventory • Device encryption • Password • Time out • Ability to wipe device Title of Slide Deck 10
Mitigation Examples – Before And After • Account retry lockout • Pass phrases instead of complex passwords • Signed security policies • Two factor authentication • Training • Hard drive encryption • Web site certificates • Inactivity timeout with password required • Disallowing personally identifiable information (PII) Title of Slide Deck 11
Data Breach Insurance • Identify the cause and the individuals affected • Notification • Credit monitoring for individuals affected • Public relations management • Legal expenses to work with regulators Title of Slide Deck 12
Action Items • Inventory personally identifiable information (PII) • Assess the likelihood of a breach of PII • Encrypt all laptops and other selected computers • Have an outside security assessment performed • Implement an Intrusion Detection System • Purchase insurance • Develop an after-breach plan – tech and non-tech • Training, awareness Title of Slide Deck 13
Questions • peterhenley@clarknuber.com • 425-454-4919 • http://slideshare.net/peterhenley Title of Slide Deck 14
Resources • Washington state notification law: http://apps.leg.wa.gov/rcw/default.aspx?cite=19.255 .010 • Sample privacy policy: http://www.privacyaffiliates.com/ps/ps0709192337. html • Sample IT policy: http://slideshare.net/peterhenley Title of Slide Deck 15
Logical Security Terms • Confidentiality—who should have access to the data? – Username and password (pass phrase) – Encryption • Authorization—what permissions does the user have for working with the data? – Data classification • Accountability—what has the recipient done with the data? – System logs, policy • Integrity—how do you know if the data has been altered? – Data attributes – time stamp, size, author • Authenticity—how do you know where the data came from? Title of Slide Deck 16
More Security Terms • Physical Security, "In the Room" - the ability to physically protect and secure systems and components from theft • User Security, "At the Keyboard" - the processes and policies used to assure user authentication • System Security, "In the Box" - the ability to protect the integrity of a system from malicious attack • Network Security, "On the Net" - the ability to interact with internal and external users and remote systems in a secure manner Title of Slide Deck 17

Recommended

Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016Tomppa Järvinen
 
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesFuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesSparkrock
 
Database forensics
Database forensicsDatabase forensics
Database forensicsDenys A. Flores, PhD
 
Data Security
Data SecurityData Security
Data Securityankita_kashyap
 
03 cia
03 cia03 cia
03 ciaJadavsejal
 
Data Security
Data SecurityData Security
Data SecurityqmsWrapper
 
Threats
ThreatsThreats
ThreatsMentalist Akram
 
Database security
Database securityDatabase security
Database securityPrabhat gangwar
 

Recommended

Information security - what is going on 2016
Information security - what is going on 2016Information security - what is going on 2016
Information security - what is going on 2016Tomppa Järvinen
 
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesFuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best Practices
Fuel Good 2018: Is your Nonprofit at Risk? Security and Privacy Best PracticesSparkrock
 
Database forensics
Database forensicsDatabase forensics
Database forensicsDenys A. Flores, PhD
 
Data Security
Data SecurityData Security
Data Securityankita_kashyap
 
03 cia
03 cia03 cia
03 ciaJadavsejal
 
Data Security
Data SecurityData Security
Data SecurityqmsWrapper
 
Threats
ThreatsThreats
ThreatsMentalist Akram
 
Database security
Database securityDatabase security
Database securityPrabhat gangwar
 
Lesson10 Database security
Lesson10 Database security Lesson10 Database security
Lesson10 Database security Muhammad Sikandar Mustafa
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Carver IT Security for Librarians
Carver IT Security for LibrariansCarver IT Security for Librarians
Carver IT Security for LibrariansNational Information Standards Organization (NISO)
 
Brochure Imperva Vormetric
Brochure Imperva VormetricBrochure Imperva Vormetric
Brochure Imperva VormetricMichelle Guerrero Montalvo
 
BOMA
BOMABOMA
BOMAjdemone
 
Carver-IT Security for Librarians
Carver-IT Security for LibrariansCarver-IT Security for Librarians
Carver-IT Security for LibrariansNational Information Standards Organization (NISO)
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Techsylvania
 
Logs in Security and Compliance flare
Logs in Security and Compliance flareLogs in Security and Compliance flare
Logs in Security and Compliance flarezilberberg
 
Data security
Data securityData security
Data securityTapan Khilar
 
Database security
Database securityDatabase security
Database securityMaryamAsghar9
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security ExplainedHappiest Minds Technologies
 
Two Become One Conference Keynote: Encryption and Key Management
Two Become One Conference Keynote: Encryption and Key Management Two Become One Conference Keynote: Encryption and Key Management
Two Become One Conference Keynote: Encryption and Key Management Access Group
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecuritySam Bowne
 
Database Security Management
Database Security Management Database Security Management
Database Security Management Ahsin Yousaf
 
Database Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database SecurityDatabase Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database SecurityRaj vardhan
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacySolix Technologies, Inc
 
Data Security
Data SecurityData Security
Data SecurityMark Waltzer
 
Hh customer presentation web
Hh customer presentation webHh customer presentation web
Hh customer presentation webVirginia Mushkatblat
 
NACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansNACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansMaurice Dawson
 
SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016SolarWinds
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 

More Related Content

What's hot

Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Techsylvania
 
Logs in Security and Compliance flare
Logs in Security and Compliance flareLogs in Security and Compliance flare
Logs in Security and Compliance flarezilberberg
 
Two Become One Conference Keynote: Encryption and Key Management
Two Become One Conference Keynote: Encryption and Key Management Two Become One Conference Keynote: Encryption and Key Management
Two Become One Conference Keynote: Encryption and Key Management Access Group
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecuritySam Bowne
 
Database Security Management
Database Security Management Database Security Management
Database Security Management Ahsin Yousaf
 
Database Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database SecurityDatabase Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database SecurityRaj vardhan
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacySolix Technologies, Inc
 

What's hot (19)

Lesson10 Database security
Lesson10 Database security Lesson10 Database security
Lesson10 Database security
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Carver IT Security for Librarians
Carver IT Security for LibrariansCarver IT Security for Librarians
Carver IT Security for Librarians
 
Brochure Imperva Vormetric
Brochure Imperva VormetricBrochure Imperva Vormetric
Brochure Imperva Vormetric
 
BOMA
BOMABOMA
BOMA
 
Carver-IT Security for Librarians
Carver-IT Security for LibrariansCarver-IT Security for Librarians
Carver-IT Security for Librarians
 
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
Karel Obluk (Evolution Equity Partners) - Cybersecurity: Challenges and Oppor...
 
Logs in Security and Compliance flare
Logs in Security and Compliance flareLogs in Security and Compliance flare
Logs in Security and Compliance flare
 
Data security
Data securityData security
Data security
 
Database security
Database securityDatabase security
Database security
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
 
Two Become One Conference Keynote: Encryption and Key Management
Two Become One Conference Keynote: Encryption and Key Management Two Become One Conference Keynote: Encryption and Key Management
Two Become One Conference Keynote: Encryption and Key Management
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset Security
 
Database Security Management
Database Security Management Database Security Management
Database Security Management
 
Database Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database SecurityDatabase Security Concepts | Introduction to Database Security
Database Security Concepts | Introduction to Database Security
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacy
 
Data Security
Data SecurityData Security
Data Security
 
Hh customer presentation web
Hh customer presentation webHh customer presentation web
Hh customer presentation web
 

Viewers also liked

NACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansNACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansMaurice Dawson
 
SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016SolarWinds
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 

Viewers also liked (7)

NACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansNACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New Orleans
 
SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016SolarWinds Federal Cybersecurity Survey 2016
SolarWinds Federal Cybersecurity Survey 2016
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Similar to Cyber security

Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOAPeter Henley
 
Session4807.ppt
Session4807.pptSession4807.ppt
Session4807.ppttalkaton
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
Trust in a Digital World
Trust in a Digital WorldTrust in a Digital World
Trust in a Digital Worlditnewsafrica
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Aptera Inc
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmontscm24
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySabra Goldick
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...David Cunningham
 
educational content,educational content,educational content,
educational content,educational content,educational content,educational content,educational content,educational content,
educational content,educational content,educational content,Olajide Kuku
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Precisely
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilitiesPeter Henley
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008Denny Lee
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataPrecisely
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfBabyBoy55
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetPerforce
 

Similar to Cyber security (20)

Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOA
 
Security Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android AppsSecurity Imeprative for iOS and Android Apps
Security Imeprative for iOS and Android Apps
 
Session4807.ppt
Session4807.pptSession4807.ppt
Session4807.ppt
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
Trust in a Digital World
Trust in a Digital WorldTrust in a Digital World
Trust in a Digital World
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013Widepoint orc thales webinar 111313d - nov 2013
Widepoint orc thales webinar 111313d - nov 2013
 
Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365
 
Securing your esi_piedmont
Securing your esi_piedmontSecuring your esi_piedmont
Securing your esi_piedmont
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...
 
educational content,educational content,educational content,
educational content,educational content,educational content,educational content,educational content,educational content,
educational content,educational content,educational content,
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilities
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i Data
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
CIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdfCIA-Triad-Presentation.pdf
CIA-Triad-Presentation.pdf
 
Protecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and IntersetProtecting Your IP with Perforce Helix and Interset
Protecting Your IP with Perforce Helix and Interset
 

More from Peter Henley

Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsPeter Henley
 
IT Policy Template
IT Policy TemplateIT Policy Template
IT Policy TemplatePeter Henley
 
Advice to graduates
Advice to graduatesAdvice to graduates
Advice to graduatesPeter Henley
 
Strategic role of the CIO
Strategic role of the CIOStrategic role of the CIO
Strategic role of the CIOPeter Henley
 
eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879Peter Henley
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital SignaturesPeter Henley
 
Cloud Computing Discussion Points
Cloud Computing Discussion PointsCloud Computing Discussion Points
Cloud Computing Discussion PointsPeter Henley
 
Cloud Computing Classifications
Cloud Computing ClassificationsCloud Computing Classifications
Cloud Computing ClassificationsPeter Henley
 
Paperless Best Practices 2014
Paperless Best Practices 2014Paperless Best Practices 2014
Paperless Best Practices 2014Peter Henley
 
CPA Firm CIO Job Description
CPA Firm CIO Job DescriptionCPA Firm CIO Job Description
CPA Firm CIO Job DescriptionPeter Henley
 
2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USA2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USAPeter Henley
 
Clark Nuber IT Policy
Clark Nuber IT PolicyClark Nuber IT Policy
Clark Nuber IT PolicyPeter Henley
 
Technology Profile of a Company
Technology Profile of a CompanyTechnology Profile of a Company
Technology Profile of a CompanyPeter Henley
 
Killer Interview Questions
Killer Interview QuestionsKiller Interview Questions
Killer Interview QuestionsPeter Henley
 
CIO skills evaluation
CIO skills evaluationCIO skills evaluation
CIO skills evaluationPeter Henley
 
Business continuity
Business continuityBusiness continuity
Business continuityPeter Henley
 

More from Peter Henley (20)

Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response Excerpts
 
IT Policy Template
IT Policy TemplateIT Policy Template
IT Policy Template
 
Advice to graduates
Advice to graduatesAdvice to graduates
Advice to graduates
 
Strategic role of the CIO
Strategic role of the CIOStrategic role of the CIO
Strategic role of the CIO
 
eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879
 
Cloud Plan 2014
Cloud Plan 2014Cloud Plan 2014
Cloud Plan 2014
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
Cloud Computing Discussion Points
Cloud Computing Discussion PointsCloud Computing Discussion Points
Cloud Computing Discussion Points
 
Cloud Computing Classifications
Cloud Computing ClassificationsCloud Computing Classifications
Cloud Computing Classifications
 
Cloud slides
Cloud slidesCloud slides
Cloud slides
 
Paperless Best Practices 2014
Paperless Best Practices 2014Paperless Best Practices 2014
Paperless Best Practices 2014
 
CPA Firm CIO Job Description
CPA Firm CIO Job DescriptionCPA Firm CIO Job Description
CPA Firm CIO Job Description
 
2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USA2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USA
 
Clark Nuber IT Policy
Clark Nuber IT PolicyClark Nuber IT Policy
Clark Nuber IT Policy
 
Technology Profile of a Company
Technology Profile of a CompanyTechnology Profile of a Company
Technology Profile of a Company
 
Killer Interview Questions
Killer Interview QuestionsKiller Interview Questions
Killer Interview Questions
 
CIO Role
CIO RoleCIO Role
CIO Role
 
CIO skills evaluation
CIO skills evaluationCIO skills evaluation
CIO skills evaluation
 
Business continuity
Business continuityBusiness continuity
Business continuity
 
IT Decision model
IT Decision modelIT Decision model
IT Decision model
 

Recently uploaded

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Recently uploaded (20)

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

Cyber security

  • 2. Approach • Understand the issues • Evaluate your risks • Protect your company • React to a breach Title of Slide Deck 2
  • 3. Technology Profile • IT as a strategic asset not a cost • IT Spending levels • Security • Governance • Your place on the adoption curve • Training • Constituent touch points Title of Slide Deck 3
  • 4. Security Profile • Risk aversion • User technical expertise • Presence of PII • Security budget – Outsourced services – Equipment • Use of remote access and the cloud • Number of In-house IT staff and expertise • Whether laptops are used • Physical characteristics of offices; stand alone, high rise • Specific password policy: – Length – Complexity – Expiration – Number of attempts before lockout – Lockout time length – Number of password changes before reuse Title of Slide Deck 4
  • 5. Anatomy Of A Breach • Compromise credentials • Escalate permissions • Search and access data • Exfiltration • Sale of data Cyber Security 5
  • 6. Know The Basics • Security is all about perception • Balance – Cost, user access, protection complexity • Physical, logical, social • Data at rest, and data in transit • Components – Inventory, Risk, Assessment Title of Slide Deck 6
  • 7. Security Plan Components • Inventory – Data – Hardware – Software – Policies – Skills and Knowledge • Internal, consultants • Risks • Assessment – Action Items – Policy Changes – User Education • Breach Response Plan • Ongoing Maintenance – Priorities – Accountability Title of Slide Deck 7
  • 8. Data Inventory • Where is the data and who has access to it? – Low risk vs. High business impact (HBI) – Personally Identifiable Information (PII) – Product designs – Customer database, AR – Financial information – E-mail – Vendor contracts – Software configurations Title of Slide Deck 8
  • 9. Cloud • Inventory • AICPA SOC 2 report (formerly SAS70, now SSAE16 ) • Pass-through reports • Applications’ data locations Title of Slide Deck 9
  • 10. Mobile • Inventory • Device encryption • Password • Time out • Ability to wipe device Title of Slide Deck 10
  • 11. Mitigation Examples – Before And After • Account retry lockout • Pass phrases instead of complex passwords • Signed security policies • Two factor authentication • Training • Hard drive encryption • Web site certificates • Inactivity timeout with password required • Disallowing personally identifiable information (PII) Title of Slide Deck 11
  • 12. Data Breach Insurance • Identify the cause and the individuals affected • Notification • Credit monitoring for individuals affected • Public relations management • Legal expenses to work with regulators Title of Slide Deck 12
  • 13. Action Items • Inventory personally identifiable information (PII) • Assess the likelihood of a breach of PII • Encrypt all laptops and other selected computers • Have an outside security assessment performed • Implement an Intrusion Detection System • Purchase insurance • Develop an after-breach plan – tech and non-tech • Training, awareness Title of Slide Deck 13
  • 14. Questions • peterhenley@clarknuber.com • 425-454-4919 • http://slideshare.net/peterhenley Title of Slide Deck 14
  • 15. Resources • Washington state notification law: http://apps.leg.wa.gov/rcw/default.aspx?cite=19.255 .010 • Sample privacy policy: http://www.privacyaffiliates.com/ps/ps0709192337. html • Sample IT policy: http://slideshare.net/peterhenley Title of Slide Deck 15
  • 16. Logical Security Terms • Confidentiality—who should have access to the data? – Username and password (pass phrase) – Encryption • Authorization—what permissions does the user have for working with the data? – Data classification • Accountability—what has the recipient done with the data? – System logs, policy • Integrity—how do you know if the data has been altered? – Data attributes – time stamp, size, author • Authenticity—how do you know where the data came from? Title of Slide Deck 16
  • 17. More Security Terms • Physical Security, "In the Room" - the ability to physically protect and secure systems and components from theft • User Security, "At the Keyboard" - the processes and policies used to assure user authentication • System Security, "In the Box" - the ability to protect the integrity of a system from malicious attack • Network Security, "On the Net" - the ability to interact with internal and external users and remote systems in a secure manner Title of Slide Deck 17