1. Introductions 2. The Security Landscape 3. 7 Easy Steps to Be More SecureOverview of Session 4. Resource Sharing 5. Q/A Questions Sprinkled Throughout
1. Name 2. Organization 3. Mission 4. Approx. Number of Staff 5. Why are you here?Introductions • Get some idea of what security is about • It’s something I need to know about • Other reason?
User Oriented Levels of Security Web Cloud Network (WAN) Network (LAN) Workstation + Mobile
Security is all about Balance The Iron Triangle • Cost • Time • QualityBalancing Needs Main Factors for Most Groups • Limited Budget + Lack of Awareness • Forget to sharpen the saw • No good sources for information
QuestionWhat has your experiencebeen with balancing needs?
Seven Steps to a More Secure Organization 1. Keep All Software Updated 2. Get Enterprise Antivirus 3. Cultivate Aware Users 4. Balance Privacy, Security, and Productivity 5. Know Your Compliance Needs 6. Establish a Strong Password PolicyOverview 7. Stay Informed
1. Keep Software Updated Workstation Software Updates • OS (Windows, Mac OS X) • Microsoft Office • Adobe (Acrobat, Flash, Air) • Browsers (Chrome, Firefox, IE) • Email Client (Outlook, Thunderbird) • Anti-Virus/Anti-Malware/Anti-Spyware • iTunes and Device Firmware • Remote Access/VPN
1. Keep Software Updated Server Software Updates • BIOS • Device Drivers (Especially RAID) • Windows Server • Exchange Server (Email) • SQL Server (Database) • Endpoint Protection (such as Symantec) • Backup Software (such as BackupExec) • Proprietary Systems
2. Get Enterprise Antivirus Techsoup – Symantec Endpoint Protection • $5/system • Server-based Management Option • Integrates with BackupExec • Anti-virus • Anti-malware • Anti-spyware • Firewall (Software) • Protect ALL Systems (Incl. Volunteer, etc)
QuestionWhat is your anti-virusexperience? Product story?
3. Cultivate Aware Users Everyone is responsible for security! • Know your software • Read prompts, don’t just click Ok • Installation Approval Process • Dangers of USB Drives, Mobiles, iPods, etc • Explain why, not just how and what • Recruit your tech savvy users to help • Encourage them to speak up!
QuestionHow does your organizationcultivate an aware team?
4. Privacy, Security, Productivity Balance is the key to Security • Be Real - If it ain’t used, it don’t work! • Be Honest – Tell users what to expect • Privacy – Tell users what you monitor • Balance Risk Prevention vs Recovery • Address Complaints with solutions
QuestionWhat are your privacyconcerns (org and individual)?
Secure Passwords: • At least 8 characters6. Strong Password Policy • At least one each of: • Uppercase Letter • Lowercase Letter • Number • Symbol (!@#$%^&*()) Example: P@ssw0rdsSuck!
Use a password database for ease • KeePass (Free and Open Source)6. Strong Password Policy • SplashID (Syncs between devices) Use browsers to store passwords • Set master password • Only on your system (which is password protected) Protect your systems and devices
QuestionWhat tips can you share forpassword success?
Top Resources for Security Information • NTEN • US CERT • Symantec7. Stay Informed • Techrepublic • Techsoup Security Forum* • http://501cybersecurity.com/* • EDUCAUSE* * Thanks to Robert Weiner for these resources