Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vanderburg

2,317 views

Published on

Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vanderburg

Published in: Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,317
On SlideShare
0
From Embeds
0
Number of Embeds
1,512
Actions
Shares
0
Downloads
26
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vanderburg

  1. 1. Security Awareness: 360 degree empowerment for cyber defense February 27, 2014 Dr. Eric Vanderburg Director, Cybersecurity and Information Systems eav@jurinnov.com @evanderburg 216-664-1100 © 2014 JurInnov, Ltd. All Rights Reserved
  2. 2. JurInnov: We know data. We… Protect it from harm Document it for evidence Cyber Security Forensics Obtain for discovery Organize it for litigation eDiscovery © 2014 JurInnov, Ltd. All Rights Reserved Lit Support 1
  3. 3. Cybersecurity Maturity: Where are You? Elements of Effective Cybersecurity Culture of Security Legal Requirements Training and Education Policy, Procedure and Controls Monitor and Auditing Response and Documentation Information Management Accountability Leading Optimizing Practicing Developing Ad Hoc • Defined controls • Documented standards • Consistent performance • Likely repeatable • Some consistency • Lacks rigorous process discipline • Informal • Reactive • Inconsistent performance © 2014 JurInnov, Ltd. All Rights Reserved • Effective controls • Uses process metrics • Targeted improvement 2 • Integrated strategies • Innovative changes • Seamless controls
  4. 4. How Security is comprised 90% People Process Technology 10% © 2014 JurInnov, Ltd. All Rights Reserved 3
  5. 5. Computer Use • • • • Secure browsing Popups and warnings Certificate errors Suspicious links © 2014 JurInnov, Ltd. All Rights Reserved 4
  6. 6. It’s ok to discriminate against data • You can’t treat it all the same – PHI – Personal information – Financial information – Trade secrets – Public information • Where is all the data? – Head, paper, computer, server, backup, email • What if we got rid of it? © 2014 JurInnov, Ltd. All Rights Reserved 5
  7. 7. Malware • Viruses – Detection – Defense © 2014 JurInnov, Ltd. All Rights Reserved 6
  8. 8. Phishing • • • • • Email Text Chat Craigslist Dating sites © 2014 JurInnov, Ltd. All Rights Reserved 7
  9. 9. Passwords • Passwords are like underwear – Change them often – Showing them to others can get you in trouble – Don’t leave them lying around • • • • Use different passwords for different purposes Complexity Passphrase http://www.passwordmeter.com/ © 2014 JurInnov, Ltd. All Rights Reserved 8
  10. 10. Things your mother probably told you • Don’t accept candy from strangers – Infected devices • It’s ok to ask questions – Challenge • Don’t leave your things lying around – Clean desk and locked screen • Be careful who your friends are – Social networking © 2014 JurInnov, Ltd. All Rights Reserved 9
  11. 11. Business Integration InfoSec Strategy Business Strategy • Priorities • Roles and responsibilities • Targeted capabilities • Specific goals (timeframe) © 2014 JurInnov, Ltd. All Rights Reserved • • • • • • • • • 10 Core values Purpose Capabilities Client promise Business targets Specific goals Initiatives Action items Assignments and accountabilities
  12. 12. Q&A Don’t be shy… © 2014 JurInnov, Ltd. All Rights Reserved 11

×