SlideShare a Scribd company logo
1 of 18
Download to read offline
Technology Issues and
Cybersecurity Strategies
(Using People, Policies, and
Technology in Seeking Cyber
Resilience)
Crucial Points
• Security Did Not Come Bundled with the
Internet
• Security is a Process, Not a Product (Security
is not “Done”)
• “If you think security is a technology problem,
then you don’t understand the problem, and
you don’t understand technology.”
• Tension Between Security and Convenience
(and Collaboration)
Because That’s Where the
Money Is
Identify Data Assets
• What is confidential or sensitive?
• Where does it reside?
• Who can access it?
Layered Security
Layered Security- Malware
• Anti-Malware Detection (signature-based and
more)
• Strong passwords
• Security Awareness Training (potential attacks
and proper information handling)
• Control of the network (mobile devices, social
networks)
• Hardened Software and Operating Systems
(protect endpoints)
Why is Awareness Important?
Because Everybody Clicks
Creating Awareness
Strong Authentication Policies
and Practices
• “weak passwords contributed to 31 percent
of compromises we investigated.” 2014
Trustwave Global Security Report
• Lots of characters or passphrases
• Multi-factor authentication
• Remote Access and Mobile Devices
Protecting Data Assets
• 88 % of companies analyzed experienced at least one
potential data loss event, meaning a piece of sensitive
data was sent outside the organization via email or
uploaded via a web browser. Every day an
organization experiences 29 events of potential
exposure of sensitive data. Every 49 minutes sensitive
data is sent outside the organization.
• In 33% of financial institutions scanned, credit card
information was sent outside of the organization.
Check Point Security Report 2014
Manage Insider Threats
• Access Control- Principle of Least Privilege
• Dual Control
• Segmentation/Air-Gapping
• Monitor and Analyze- Data Loss Prevention
Manage Vendor Risk
• Can’t Outsource Responsibility
• OCC Bulletin 2013-29 “Third-Party
Relationships”
– “Holistic” approach to risk management
– Life Cycle of a vendor relationship
• Strengthening the Resilience of Outsourced
Technology Services
Other Useful Tools
• Encryption
– At rest (hard drives, documents, removable
media, devices)
– In transport
• Security Information and Event
Management (SIEM)
• Penetration Testing
Prepare for Incident Response
• Create and test an incident response plan
periodically
• Consider advance arrangements for third-party
services
• Response and Investigation may coincide
• Notification/Reporting
• Crisis Management
• Cyberinsurance
Indicia of Security Readiness
• Executive Leadership that Prioritizes Security
• Executive Directly Responsible for Security
• Internal Incident Response Teams
• Clear, well-documented policies and procedures
• Regular Training
• Disciplinary Measures and Access Restrictions
• Tools that Work Together
Conclusion
• “It is preferable to take risks one
understands than understand risks
one is taking.”
- Nassim Nicholas Taleb
Questions?
Jack Pringle
Adams and Reese LLP
(803) 343-1270
jack.pringle@arlaw.com
http://www.linkedin.com/pub/jack-pringle/4/455/583/
@jjpringlesc
1501 Main Street, 5th Floor
Columbia, SC 29201
www.adamsandreese.com
Resources
Cisco 2015 Annual Security Report
http://www.cisco.com/web/offers/lp/2015-annual-security-report/index.html
2014 Trustwave Global Security Report
https://www2.trustwave.com/rs/trustwave/images/2014_Trustwave_Global_Security_Report.pdf
“2014 Cost of Cybercrime Study,” Ponemon Institute, 15 October 2014, http://www8.hp.com/us/en/software-solutions/ponemon-
cyber-security-report/index.htm
Check Point Security Report 2014 , http://www.checkpoint.com/2014-security-report/index.html
2013 Data Breach Investigations Report, Verizon Risk Team, available at http://www.verizonenterprise.com/DBIR/2013/
Top 20 Critical Security Controls, SANS Institute, available at http://www.sans.org/critical-security-controls/
Security and Privacy Controls for Federal Information Systems and Organizations, NIST Special Publication 800-53, Revision 4,
available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
OCC Bulletin 2013-29, “Third-Party Relationships,” issued October 20, 2013, http://occ.gov/news-
issuances/bulletins/2013/bulletin-2013-29.html
Appendix J: Strengthening the Resilience of Outsourced Technology Services, FFIEC IT Examination Handbook,
http://ithandbook.ffiec.gov/it-booklets/business-continuity-planning/appendix-j-strengthening-the-resilience-of-outsourced-
technology-services.aspx

More Related Content

What's hot

Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security Attacks
Tripwire
 

What's hot (20)

NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security Continuum
 
isicg - 3 r's v4
isicg - 3 r's v4isicg - 3 r's v4
isicg - 3 r's v4
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
Isys20261 lecture 01
Isys20261 lecture 01Isys20261 lecture 01
Isys20261 lecture 01
 
Developing an Information Security Roadmap
Developing an Information Security RoadmapDeveloping an Information Security Roadmap
Developing an Information Security Roadmap
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...
NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...
NTXISSACSC2 - Texas CISO Council - Information Security Program Essential Gui...
 
NTXISSACSC2 - Social Engineering 101 or The Art of How You Got Owned by That ...
NTXISSACSC2 - Social Engineering 101 or The Art of How You Got Owned by That ...NTXISSACSC2 - Social Engineering 101 or The Art of How You Got Owned by That ...
NTXISSACSC2 - Social Engineering 101 or The Art of How You Got Owned by That ...
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security Attacks
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1
 
Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical Hacking
 
Martin_Leroux_2014
Martin_Leroux_2014Martin_Leroux_2014
Martin_Leroux_2014
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Information security principles
Information security principlesInformation security principles
Information security principles
 
Fundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurityFundamentals of threats and risk management course, cybersecurity
Fundamentals of threats and risk management course, cybersecurity
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency Solutions
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 

Viewers also liked

Viewers also liked (6)

Bit by Bit: A Framework for Building Technological Competence as a Lawyer
Bit by Bit: A Framework for Building Technological Competence as a LawyerBit by Bit: A Framework for Building Technological Competence as a Lawyer
Bit by Bit: A Framework for Building Technological Competence as a Lawyer
 
Building Resilience: Practical Tools for Keeping Your Head While Navigating a...
Building Resilience: Practical Tools for Keeping Your Head While Navigating a...Building Resilience: Practical Tools for Keeping Your Head While Navigating a...
Building Resilience: Practical Tools for Keeping Your Head While Navigating a...
 
Getting Comfortable With Discomfort: Practical Tools for Keeping Your Head Wh...
Getting Comfortable With Discomfort: Practical Tools for Keeping Your Head Wh...Getting Comfortable With Discomfort: Practical Tools for Keeping Your Head Wh...
Getting Comfortable With Discomfort: Practical Tools for Keeping Your Head Wh...
 
Making Sure the Tool Isn't You: Train Your Brain to Use Technology (So That N...
Making Sure the Tool Isn't You: Train Your Brain to Use Technology (So That N...Making Sure the Tool Isn't You: Train Your Brain to Use Technology (So That N...
Making Sure the Tool Isn't You: Train Your Brain to Use Technology (So That N...
 
Creating Space
Creating SpaceCreating Space
Creating Space
 
Courage, Curiosity, and Connection
Courage, Curiosity, and ConnectionCourage, Curiosity, and Connection
Courage, Curiosity, and Connection
 

Similar to Technology Issues and Cybersecurity Strategies

Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
dotco
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
Nicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security background
Nicholas Davis
 
Cause 11 im final
Cause 11   im finalCause 11   im final
Cause 11 im final
cavapyta
 
Cause 11 im final
Cause 11   im finalCause 11   im final
Cause 11 im final
cavapyta
 

Similar to Technology Issues and Cybersecurity Strategies (20)

Cervone uof t - nist framework (1)
Cervone   uof t - nist framework (1)Cervone   uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Introduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdfIntroduction to Cybersecurity.pdf
Introduction to Cybersecurity.pdf
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptx
 
1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf1678784047-mid_sem-2.pdf
1678784047-mid_sem-2.pdf
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
Information Security
Information Security Information Security
Information Security
 
Information Security
Information SecurityInformation Security
Information Security
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security background
Information security backgroundInformation security background
Information security background
 
internet security and cyber lawUnit1
internet security and  cyber lawUnit1internet security and  cyber lawUnit1
internet security and cyber lawUnit1
 
information security management
information security managementinformation security management
information security management
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
 
Cause 11 im final
Cause 11   im finalCause 11   im final
Cause 11 im final
 
Cause 11 im final
Cause 11   im finalCause 11   im final
Cause 11 im final
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 

More from Jack Pringle

Consider Your Own Black Box: Evaluating Human Intelligence Alongside Artifici...
Consider Your Own Black Box: Evaluating Human Intelligence Alongside Artifici...Consider Your Own Black Box: Evaluating Human Intelligence Alongside Artifici...
Consider Your Own Black Box: Evaluating Human Intelligence Alongside Artifici...
Jack Pringle
 
2012 03-15 corporate policies for technology and social media use
2012 03-15 corporate policies for technology and social media use2012 03-15 corporate policies for technology and social media use
2012 03-15 corporate policies for technology and social media use
Jack Pringle
 

More from Jack Pringle (20)

2024-02-16 Building Soul Force- Changing to Stay Stable in Challenging Times.pdf
2024-02-16 Building Soul Force- Changing to Stay Stable in Challenging Times.pdf2024-02-16 Building Soul Force- Changing to Stay Stable in Challenging Times.pdf
2024-02-16 Building Soul Force- Changing to Stay Stable in Challenging Times.pdf
 
Consider Your Own Black Box: Evaluating Human Intelligence Alongside Artifici...
Consider Your Own Black Box: Evaluating Human Intelligence Alongside Artifici...Consider Your Own Black Box: Evaluating Human Intelligence Alongside Artifici...
Consider Your Own Black Box: Evaluating Human Intelligence Alongside Artifici...
 
People, Processes, AND Technology: Use All Three to Avoid Missing a Filing De...
People, Processes, AND Technology: Use All Three to Avoid Missing a Filing De...People, Processes, AND Technology: Use All Three to Avoid Missing a Filing De...
People, Processes, AND Technology: Use All Three to Avoid Missing a Filing De...
 
2022 Resources to Create Space and Build Resilience
2022 Resources to Create Space and Build Resilience2022 Resources to Create Space and Build Resilience
2022 Resources to Create Space and Build Resilience
 
Effects of Recent U.S. Supreme Court Decisions on Arbitrations and Class Acti...
Effects of Recent U.S. Supreme Court Decisions on Arbitrations and Class Acti...Effects of Recent U.S. Supreme Court Decisions on Arbitrations and Class Acti...
Effects of Recent U.S. Supreme Court Decisions on Arbitrations and Class Acti...
 
From Breaking Down Doors to Building Back Doors
From Breaking Down Doors to Building Back DoorsFrom Breaking Down Doors to Building Back Doors
From Breaking Down Doors to Building Back Doors
 
Make Sure the Tool Isn't You
Make Sure the Tool Isn't YouMake Sure the Tool Isn't You
Make Sure the Tool Isn't You
 
Because It's Like That ... and That's The Way It Is
Because It's Like That ... and That's The Way It IsBecause It's Like That ... and That's The Way It Is
Because It's Like That ... and That's The Way It Is
 
Check your head
Check your headCheck your head
Check your head
 
Summon Your Dayman (or Daywoman): Seven Ways to Use Technology to Become a Ma...
Summon Your Dayman (or Daywoman): Seven Ways to Use Technology to Become a Ma...Summon Your Dayman (or Daywoman): Seven Ways to Use Technology to Become a Ma...
Summon Your Dayman (or Daywoman): Seven Ways to Use Technology to Become a Ma...
 
Grace and Gratitude: Arthur Morehead and Living Well
Grace and Gratitude: Arthur Morehead and Living WellGrace and Gratitude: Arthur Morehead and Living Well
Grace and Gratitude: Arthur Morehead and Living Well
 
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect..."We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...
 
We Have Met the Enemy, and He is Us: The Role of the "Human Factor" in Protec...
We Have Met the Enemy, and He is Us: The Role of the "Human Factor" in Protec...We Have Met the Enemy, and He is Us: The Role of the "Human Factor" in Protec...
We Have Met the Enemy, and He is Us: The Role of the "Human Factor" in Protec...
 
Resources for Lawyers to Help Create Space
Resources for Lawyers to Help Create SpaceResources for Lawyers to Help Create Space
Resources for Lawyers to Help Create Space
 
When Thinking Like a Lawyer Gets You Stuck: Practical Tools for Creating Spac...
When Thinking Like a Lawyer Gets You Stuck: Practical Tools for Creating Spac...When Thinking Like a Lawyer Gets You Stuck: Practical Tools for Creating Spac...
When Thinking Like a Lawyer Gets You Stuck: Practical Tools for Creating Spac...
 
Yes, We're Talking About Process: Blockchains and How Lawyers Might Use Them
Yes, We're Talking About Process: Blockchains and How Lawyers Might Use ThemYes, We're Talking About Process: Blockchains and How Lawyers Might Use Them
Yes, We're Talking About Process: Blockchains and How Lawyers Might Use Them
 
Courage, Curiosity, and Connection: Practical Tools for Keeping Your Head Whi...
Courage, Curiosity, and Connection: Practical Tools for Keeping Your Head Whi...Courage, Curiosity, and Connection: Practical Tools for Keeping Your Head Whi...
Courage, Curiosity, and Connection: Practical Tools for Keeping Your Head Whi...
 
Using Social Media Ethically
Using Social Media EthicallyUsing Social Media Ethically
Using Social Media Ethically
 
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
 
2012 03-15 corporate policies for technology and social media use
2012 03-15 corporate policies for technology and social media use2012 03-15 corporate policies for technology and social media use
2012 03-15 corporate policies for technology and social media use
 

Recently uploaded

一比一原版(UW毕业证书)西雅图华盛顿大学毕业证原件一模一样
一比一原版(UW毕业证书)西雅图华盛顿大学毕业证原件一模一样一比一原版(UW毕业证书)西雅图华盛顿大学毕业证原件一模一样
一比一原版(UW毕业证书)西雅图华盛顿大学毕业证原件一模一样
doypbe
 
一比一原版(York毕业证书)约克大学毕业证原件一模一样
一比一原版(York毕业证书)约克大学毕业证原件一模一样一比一原版(York毕业证书)约克大学毕业证原件一模一样
一比一原版(York毕业证书)约克大学毕业证原件一模一样
F La
 
一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样
一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样
一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样
mefyqyn
 
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
mefyqyn
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
ZurliaSoop
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
F La
 
一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样
一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样
一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样
doypbe
 
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
doypbe
 
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
F La
 

Recently uploaded (20)

一比一原版(UW毕业证书)西雅图华盛顿大学毕业证原件一模一样
一比一原版(UW毕业证书)西雅图华盛顿大学毕业证原件一模一样一比一原版(UW毕业证书)西雅图华盛顿大学毕业证原件一模一样
一比一原版(UW毕业证书)西雅图华盛顿大学毕业证原件一模一样
 
一比一原版(York毕业证书)约克大学毕业证原件一模一样
一比一原版(York毕业证书)约克大学毕业证原件一模一样一比一原版(York毕业证书)约克大学毕业证原件一模一样
一比一原版(York毕业证书)约克大学毕业证原件一模一样
 
一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样
一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样
一比一原版(Indiana State毕业证书)印第安纳州立大学毕业证成绩单原件一模一样
 
Embed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekp
Embed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekpEmbed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekp
Embed-4-2.pdf vk[di-[sd[0edKP[p-[kedkpodekp
 
MERGERS & ACQUISITION - PPT.ppt PRESENTATION
MERGERS & ACQUISITION - PPT.ppt  PRESENTATIONMERGERS & ACQUISITION - PPT.ppt  PRESENTATION
MERGERS & ACQUISITION - PPT.ppt PRESENTATION
 
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
 
Mischief Rule of Interpretation of statutes
Mischief Rule of Interpretation of statutesMischief Rule of Interpretation of statutes
Mischief Rule of Interpretation of statutes
 
The Main Steps on Starting a Business in Spain
The Main Steps on Starting a Business in SpainThe Main Steps on Starting a Business in Spain
The Main Steps on Starting a Business in Spain
 
一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样
一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样
一比一原版(UC Berkeley毕业证书)加利福尼亚大学伯克利分校毕业证原件一模一样
 
Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?
 
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
 
5-6-24 David Kennedy Article Law 360.pdf
5-6-24 David Kennedy Article Law 360.pdf5-6-24 David Kennedy Article Law 360.pdf
5-6-24 David Kennedy Article Law 360.pdf
 
ORane M Cornish affidavit statement for New Britain court proving Wentworth'...
ORane M Cornish affidavit statement  for New Britain court proving Wentworth'...ORane M Cornish affidavit statement  for New Britain court proving Wentworth'...
ORane M Cornish affidavit statement for New Britain court proving Wentworth'...
 
Embed-1-1.pdfohediooieoiehohoiefoloeohefoi
Embed-1-1.pdfohediooieoiehohoiefoloeohefoiEmbed-1-1.pdfohediooieoiehohoiefoloeohefoi
Embed-1-1.pdfohediooieoiehohoiefoloeohefoi
 
Asif_Sultan_Syeda_vs_UT_of_J_K.pdf op[ke[k
Asif_Sultan_Syeda_vs_UT_of_J_K.pdf op[ke[kAsif_Sultan_Syeda_vs_UT_of_J_K.pdf op[ke[k
Asif_Sultan_Syeda_vs_UT_of_J_K.pdf op[ke[k
 
Dematerialisation of securities of private companies
Dematerialisation of securities of private companiesDematerialisation of securities of private companies
Dematerialisation of securities of private companies
 
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
一比一原版(Essex毕业证书)埃塞克斯大学毕业证学位证书
 
Embed-2-2.pdf[[app[r[prf[-rk;lme;[ed[prp[
Embed-2-2.pdf[[app[r[prf[-rk;lme;[ed[prp[Embed-2-2.pdf[[app[r[prf[-rk;lme;[ed[prp[
Embed-2-2.pdf[[app[r[prf[-rk;lme;[ed[prp[
 

Technology Issues and Cybersecurity Strategies

  • 1. Technology Issues and Cybersecurity Strategies (Using People, Policies, and Technology in Seeking Cyber Resilience)
  • 2. Crucial Points • Security Did Not Come Bundled with the Internet • Security is a Process, Not a Product (Security is not “Done”) • “If you think security is a technology problem, then you don’t understand the problem, and you don’t understand technology.” • Tension Between Security and Convenience (and Collaboration)
  • 3. Because That’s Where the Money Is
  • 4. Identify Data Assets • What is confidential or sensitive? • Where does it reside? • Who can access it?
  • 6. Layered Security- Malware • Anti-Malware Detection (signature-based and more) • Strong passwords • Security Awareness Training (potential attacks and proper information handling) • Control of the network (mobile devices, social networks) • Hardened Software and Operating Systems (protect endpoints)
  • 7. Why is Awareness Important? Because Everybody Clicks
  • 9. Strong Authentication Policies and Practices • “weak passwords contributed to 31 percent of compromises we investigated.” 2014 Trustwave Global Security Report • Lots of characters or passphrases • Multi-factor authentication • Remote Access and Mobile Devices
  • 10. Protecting Data Assets • 88 % of companies analyzed experienced at least one potential data loss event, meaning a piece of sensitive data was sent outside the organization via email or uploaded via a web browser. Every day an organization experiences 29 events of potential exposure of sensitive data. Every 49 minutes sensitive data is sent outside the organization. • In 33% of financial institutions scanned, credit card information was sent outside of the organization. Check Point Security Report 2014
  • 11. Manage Insider Threats • Access Control- Principle of Least Privilege • Dual Control • Segmentation/Air-Gapping • Monitor and Analyze- Data Loss Prevention
  • 12. Manage Vendor Risk • Can’t Outsource Responsibility • OCC Bulletin 2013-29 “Third-Party Relationships” – “Holistic” approach to risk management – Life Cycle of a vendor relationship • Strengthening the Resilience of Outsourced Technology Services
  • 13. Other Useful Tools • Encryption – At rest (hard drives, documents, removable media, devices) – In transport • Security Information and Event Management (SIEM) • Penetration Testing
  • 14. Prepare for Incident Response • Create and test an incident response plan periodically • Consider advance arrangements for third-party services • Response and Investigation may coincide • Notification/Reporting • Crisis Management • Cyberinsurance
  • 15. Indicia of Security Readiness • Executive Leadership that Prioritizes Security • Executive Directly Responsible for Security • Internal Incident Response Teams • Clear, well-documented policies and procedures • Regular Training • Disciplinary Measures and Access Restrictions • Tools that Work Together
  • 16. Conclusion • “It is preferable to take risks one understands than understand risks one is taking.” - Nassim Nicholas Taleb
  • 17. Questions? Jack Pringle Adams and Reese LLP (803) 343-1270 jack.pringle@arlaw.com http://www.linkedin.com/pub/jack-pringle/4/455/583/ @jjpringlesc 1501 Main Street, 5th Floor Columbia, SC 29201 www.adamsandreese.com
  • 18. Resources Cisco 2015 Annual Security Report http://www.cisco.com/web/offers/lp/2015-annual-security-report/index.html 2014 Trustwave Global Security Report https://www2.trustwave.com/rs/trustwave/images/2014_Trustwave_Global_Security_Report.pdf “2014 Cost of Cybercrime Study,” Ponemon Institute, 15 October 2014, http://www8.hp.com/us/en/software-solutions/ponemon- cyber-security-report/index.htm Check Point Security Report 2014 , http://www.checkpoint.com/2014-security-report/index.html 2013 Data Breach Investigations Report, Verizon Risk Team, available at http://www.verizonenterprise.com/DBIR/2013/ Top 20 Critical Security Controls, SANS Institute, available at http://www.sans.org/critical-security-controls/ Security and Privacy Controls for Federal Information Systems and Organizations, NIST Special Publication 800-53, Revision 4, available at http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf OCC Bulletin 2013-29, “Third-Party Relationships,” issued October 20, 2013, http://occ.gov/news- issuances/bulletins/2013/bulletin-2013-29.html Appendix J: Strengthening the Resilience of Outsourced Technology Services, FFIEC IT Examination Handbook, http://ithandbook.ffiec.gov/it-booklets/business-continuity-planning/appendix-j-strengthening-the-resilience-of-outsourced- technology-services.aspx