Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vanderburg

3,290 views

Published on

Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vanderburg

Published in: Education
  • Be the first to comment

Security Awareness: 360 empowerment for cyber defense - JurInnov - Eric Vanderburg

  1. 1. Security Awareness: 360 degree empowerment for cyber defense February 27, 2014 Dr. Eric Vanderburg Director, Cybersecurity and Information Systems eav@jurinnov.com @evanderburg 216-664-1100 © 2014 JurInnov, Ltd. All Rights Reserved
  2. 2. JurInnov: We know data. We… Protect it from harm Document it for evidence Cyber Security Forensics Obtain for discovery Organize it for litigation eDiscovery © 2014 JurInnov, Ltd. All Rights Reserved Lit Support 1
  3. 3. Cybersecurity Maturity: Where are You? Elements of Effective Cybersecurity Culture of Security Legal Requirements Training and Education Policy, Procedure and Controls Monitor and Auditing Response and Documentation Information Management Accountability Leading Optimizing Practicing Developing Ad Hoc • Defined controls • Documented standards • Consistent performance • Likely repeatable • Some consistency • Lacks rigorous process discipline • Informal • Reactive • Inconsistent performance © 2014 JurInnov, Ltd. All Rights Reserved • Effective controls • Uses process metrics • Targeted improvement 2 • Integrated strategies • Innovative changes • Seamless controls
  4. 4. How Security is comprised 90% People Process Technology 10% © 2014 JurInnov, Ltd. All Rights Reserved 3
  5. 5. Computer Use • • • • Secure browsing Popups and warnings Certificate errors Suspicious links © 2014 JurInnov, Ltd. All Rights Reserved 4
  6. 6. It’s ok to discriminate against data • You can’t treat it all the same – PHI – Personal information – Financial information – Trade secrets – Public information • Where is all the data? – Head, paper, computer, server, backup, email • What if we got rid of it? © 2014 JurInnov, Ltd. All Rights Reserved 5
  7. 7. Malware • Viruses – Detection – Defense © 2014 JurInnov, Ltd. All Rights Reserved 6
  8. 8. Phishing • • • • • Email Text Chat Craigslist Dating sites © 2014 JurInnov, Ltd. All Rights Reserved 7
  9. 9. Passwords • Passwords are like underwear – Change them often – Showing them to others can get you in trouble – Don’t leave them lying around • • • • Use different passwords for different purposes Complexity Passphrase http://www.passwordmeter.com/ © 2014 JurInnov, Ltd. All Rights Reserved 8
  10. 10. Things your mother probably told you • Don’t accept candy from strangers – Infected devices • It’s ok to ask questions – Challenge • Don’t leave your things lying around – Clean desk and locked screen • Be careful who your friends are – Social networking © 2014 JurInnov, Ltd. All Rights Reserved 9
  11. 11. Business Integration InfoSec Strategy Business Strategy • Priorities • Roles and responsibilities • Targeted capabilities • Specific goals (timeframe) © 2014 JurInnov, Ltd. All Rights Reserved • • • • • • • • • 10 Core values Purpose Capabilities Client promise Business targets Specific goals Initiatives Action items Assignments and accountabilities
  12. 12. Q&A Don’t be shy… © 2014 JurInnov, Ltd. All Rights Reserved 11

×