Veterans in Business (VIB) Network Conference
Left Brain Professionals Inc.
All businesses face cybersecurity issues. Defense contractors must meet the requirements outlined in NIST (SP) 800-171 R1 by December 31, 2017. Learn best practices all businesses can use to secure their networks and protect their data. We guarantee you’ll walk away with tools you can easily implement today.
6. Incident % of
Organizations
Phishing attack successful in infecting network with malware 37%
Successful ransomware attack 24%
Malware infiltrated system, unknown entry point 22%
Sensitive info accidently leaked through email 22%
Successful drive-by attack from employee web surfing 21%
Senior executive tricked into fraud by email scheme 12%
Senior executive systems infected with malware 10%
Sensitive info maliciously leaked through email 7%
Sensitive info leaked through cloud service such as Dropbox 6%
Sensitive info leaked through social media/cloud application 2%
Sensitive info leaked, unknown cause or source 2%
None of the above occurred or unaware of occurrence 25%
13. Common Framework Categories
Access Control
Awareness and Training
Audit and Accountability
Configuration Management
Identification and Authentication
Incident Response
Maintenance
14. Common Framework Categories
Media Protection
Personnel Security
Physical Protection
Risk Assessment
Security Assessment
System and Communications Protection
System and Information Integrity
15. What to Protect
Corporate Network
Email
Mobile Devices
Cloud Storage
Online Accounts
Social Media
Apps and IoT
16. How to Protect
A number of free and inexpensive tools
Security enhanced and some compliance achieved
simply by activating tools provided
17. Physical Security
Secure the perimeter and entryways
Secure interior access
Beyond lobby
Sensitive areas
Server room
Visitor logs and badges
29. MFA/2FA
Multifactor authentication
2 out of 3:
Something you know
Something you are
Something you have
Yubico
Digital Certificate
Text Messages
Authenticator
App
33. Audits & Certification
US Government does not accept any audit report
or third-party certification
Many primes require an audit or third-party
verification
Security may be as simple as a keyed lock or as complex as an access management system with ID cards or key fobs.
Should include intrusion alarms.
Likely includes fire alarms.
OS updates often fix security vulnerabilities. Apply these in a timely manner.
Ensure program and virus definition are updated regularly. Virus definitions often updated daily as new threats identified.