SlideShare a Scribd company logo

a48f81cc-3e85-4e00-9a3c-5ed63821797e-160716160704

Download as PPTX, PDF
R
Ricky Truong
1 of 11
• STAKEHOLDERS • Internal • External • RISK ASSESSMENT Assets Probability (P) Impact (I) Inherent Risk = P x I Compensating Controls Residual Risk Software Medium High High • Patch Management • White Listing Medium Databases Medium High High • Encryption Medium Hardware Low Medium Medium • Blocking External Devices Low Network Medium Medium Medium • Monitoring Low Human Factor Medium High High • Training & Awareness • Reporting Structure • Anti-Retaliation Policy • Open-Door Policy Medium Access Control Medium High High • Least User Privileges Medium
• Patch Management • Whitelisting • Removal of RDP • Hardware-based Firewalls • Two-step authentication • Awareness • Training
• Background Checks/Ongoing Employee Screening • Cyber Vetting • Monitoring user activity • Unauthorized use of personal devices • Security Information and Event Management • Policies on Confidential Reporting • Anti-retaliation Policy • Open-door Policy
Plan and Protect • Create an Incident Response Team Containing the Incident • Isolate affected files or networks • Backup files on servers and hard drives • Remove access upon termination Communication to Stakeholders • Internal Stakeholders • Business Operations • Oversight • Board of Directors • External Stakeholders • Law Enforcement • Regulatory Agencies
Technical Aspect: • Encryption • New Intrusion Prevention Systems • Anti-malware tools Third Party Involvement: • Legal and Insurance Assessments • Notifications of Incidents to: • S&E, FTC, FBI Behavioral: • Revamped Employee Training Modules Press Involvement: • Press Statements • Maintains the integrity of the company Looking Towards The Future!
Current Topology Enhanced Topology • Eliminates Path to E-trading System • Redundancy • Smaller subsets allow for easy management
Identify Place: • Red-Amber-Green Protect Street: • Hardware • Software • Employee Behavior Protection Detect Square: • Screening Process • Flagging Respond Park: • Incident Response Plan Recover Blvd: • Reassessment
a48f81cc-3e85-4e00-9a3c-5ed63821797e-160716160704

Recommended

The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security ContinuumMartin Hingley
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionVivek Maurya
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)Sam Bowne
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionMLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
2. Asset Security
2. Asset Security2. Asset Security
2. Asset SecuritySam Bowne
 

Recommended

The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security ContinuumMartin Hingley
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionVivek Maurya
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)CNIT 125: Ch 2. Security and Risk Management (Part 1)
CNIT 125: Ch 2. Security and Risk Management (Part 1)Sam Bowne
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionMLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
2. Asset Security
2. Asset Security2. Asset Security
2. Asset SecuritySam Bowne
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security OperationsSam Bowne
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk ManagmentMLG College of Learning, Inc
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and TestingSam Bowne
 
CNIT 160 Ch 4b: Security Program Management
CNIT 160 Ch 4b: Security Program ManagementCNIT 160 Ch 4b: Security Program Management
CNIT 160 Ch 4b: Security Program ManagementSam Bowne
 
CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)Sam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesSam Bowne
 
CNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy DevelopmentCNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy DevelopmentSam Bowne
 
CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)Sam Bowne
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingSam Bowne
 
CNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life CycleCNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life CycleSam Bowne
 
3. Security Engineering
3. Security Engineering3. Security Engineering
3. Security EngineeringSam Bowne
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSMLG College of Learning, Inc
 
CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)Sam Bowne
 
CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)Sam Bowne
 
CNIT 160: 3. Information Risk Management (Part 4)
CNIT 160: 3. Information Risk Management (Part 4)CNIT 160: 3. Information Risk Management (Part 4)
CNIT 160: 3. Information Risk Management (Part 4)Sam Bowne
 
CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)Sam Bowne
 
CISSP Prep: Ch 2. Security and Risk Management I (part 2)
CISSP Prep: Ch 2. Security and Risk Management I (part 2)CISSP Prep: Ch 2. Security and Risk Management I (part 2)
CISSP Prep: Ch 2. Security and Risk Management I (part 2)Sam Bowne
 
CNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecurityCNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecuritySam Bowne
 
Prevention is not enough
Prevention is not enoughPrevention is not enough
Prevention is not enoughNovosco
 
Creating a Security Plan for Your Agency - Laird Rixford
Creating a Security Plan for Your Agency - Laird RixfordCreating a Security Plan for Your Agency - Laird Rixford
Creating a Security Plan for Your Agency - Laird RixfordInsurance Technologies Corporation (ITC)
 
CNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsCNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsSam Bowne
 

More Related Content

What's hot

7. Security Operations
7. Security Operations7. Security Operations
7. Security OperationsSam Bowne
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and TestingSam Bowne
 
CNIT 160 Ch 4b: Security Program Management
CNIT 160 Ch 4b: Security Program ManagementCNIT 160 Ch 4b: Security Program Management
CNIT 160 Ch 4b: Security Program ManagementSam Bowne
 
CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)Sam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesSam Bowne
 
CNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy DevelopmentCNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy DevelopmentSam Bowne
 
CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)Sam Bowne
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingSam Bowne
 
CNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life CycleCNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life CycleSam Bowne
 
3. Security Engineering
3. Security Engineering3. Security Engineering
3. Security EngineeringSam Bowne
 
CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)Sam Bowne
 
CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)Sam Bowne
 
CNIT 160: 3. Information Risk Management (Part 4)
CNIT 160: 3. Information Risk Management (Part 4)CNIT 160: 3. Information Risk Management (Part 4)
CNIT 160: 3. Information Risk Management (Part 4)Sam Bowne
 
CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)Sam Bowne
 
CISSP Prep: Ch 2. Security and Risk Management I (part 2)
CISSP Prep: Ch 2. Security and Risk Management I (part 2)CISSP Prep: Ch 2. Security and Risk Management I (part 2)
CISSP Prep: Ch 2. Security and Risk Management I (part 2)Sam Bowne
 
CNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecurityCNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecuritySam Bowne
 
Prevention is not enough
Prevention is not enoughPrevention is not enough
Prevention is not enoughNovosco
 

What's hot (20)

7. Security Operations
7. Security Operations7. Security Operations
7. Security Operations
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
 
6. Security Assessment and Testing
6. Security Assessment and Testing6. Security Assessment and Testing
6. Security Assessment and Testing
 
CNIT 160 Ch 4b: Security Program Management
CNIT 160 Ch 4b: Security Program ManagementCNIT 160 Ch 4b: Security Program Management
CNIT 160 Ch 4b: Security Program Management
 
CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
 
CNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy DevelopmentCNIT 160: Ch 2b: Security Strategy Development
CNIT 160: Ch 2b: Security Strategy Development
 
CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)CNIT 160 Ch 4 Information Security Program Development (Part 3)
CNIT 160 Ch 4 Information Security Program Development (Part 3)
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and Testing
 
CNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life CycleCNIT 160: Ch 3c: The Risk Management Life Cycle
CNIT 160: Ch 3c: The Risk Management Life Cycle
 
3. Security Engineering
3. Security Engineering3. Security Engineering
3. Security Engineering
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
 
CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)
 
CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)CNIT 160 4d Security Program Management (Part 4)
CNIT 160 4d Security Program Management (Part 4)
 
CNIT 160: 3. Information Risk Management (Part 4)
CNIT 160: 3. Information Risk Management (Part 4)CNIT 160: 3. Information Risk Management (Part 4)
CNIT 160: 3. Information Risk Management (Part 4)
 
CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)
 
CISSP Prep: Ch 2. Security and Risk Management I (part 2)
CISSP Prep: Ch 2. Security and Risk Management I (part 2)CISSP Prep: Ch 2. Security and Risk Management I (part 2)
CISSP Prep: Ch 2. Security and Risk Management I (part 2)
 
CNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecurityCNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset Security
 
Prevention is not enough
Prevention is not enoughPrevention is not enough
Prevention is not enough
 

Similar to a48f81cc-3e85-4e00-9a3c-5ed63821797e-160716160704

CNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsCNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsSam Bowne
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsSam Bowne
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5sabtolinux
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version Brian Pichman
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)Sam Bowne
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresJose L. Quiñones-Borrero
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas IndonesiaIGN MANTRA
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsSam Bowne
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsSpyglass Security
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are comingErnest Staats
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 

Similar to a48f81cc-3e85-4e00-9a3c-5ed63821797e-160716160704 (20)

Creating a Security Plan for Your Agency - Laird Rixford
Creating a Security Plan for Your Agency - Laird RixfordCreating a Security Plan for Your Agency - Laird Rixford
Creating a Security Plan for Your Agency - Laird Rixford
 
CNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security OperationsCNIT 125 Ch 8. Security Operations
CNIT 125 Ch 8. Security Operations
 
CISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security OperationsCISSP Prep: Ch 8. Security Operations
CISSP Prep: Ch 8. Security Operations
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
 
Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5Latihan6 comp-forensic-bab5
Latihan6 comp-forensic-bab5
 
Operations Security
Operations SecurityOperations Security
Operations Security
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)CNIT 160 4e Security Program Management (Part 5)
CNIT 160 4e Security Program Management (Part 5)
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and Countermeasures
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM Operations
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark Arts
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are coming
 
css ppt.ppt
css ppt.pptcss ppt.ppt
css ppt.ppt
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 

a48f81cc-3e85-4e00-9a3c-5ed63821797e-160716160704

  • 1.
  • 2.
  • 3.
  • 4. • STAKEHOLDERS • Internal • External • RISK ASSESSMENT Assets Probability (P) Impact (I) Inherent Risk = P x I Compensating Controls Residual Risk Software Medium High High • Patch Management • White Listing Medium Databases Medium High High • Encryption Medium Hardware Low Medium Medium • Blocking External Devices Low Network Medium Medium Medium • Monitoring Low Human Factor Medium High High • Training & Awareness • Reporting Structure • Anti-Retaliation Policy • Open-Door Policy Medium Access Control Medium High High • Least User Privileges Medium
  • 5. • Patch Management • Whitelisting • Removal of RDP • Hardware-based Firewalls • Two-step authentication • Awareness • Training
  • 6. • Background Checks/Ongoing Employee Screening • Cyber Vetting • Monitoring user activity • Unauthorized use of personal devices • Security Information and Event Management • Policies on Confidential Reporting • Anti-retaliation Policy • Open-door Policy
  • 7. Plan and Protect • Create an Incident Response Team Containing the Incident • Isolate affected files or networks • Backup files on servers and hard drives • Remove access upon termination Communication to Stakeholders • Internal Stakeholders • Business Operations • Oversight • Board of Directors • External Stakeholders • Law Enforcement • Regulatory Agencies
  • 8. Technical Aspect: • Encryption • New Intrusion Prevention Systems • Anti-malware tools Third Party Involvement: • Legal and Insurance Assessments • Notifications of Incidents to: • S&E, FTC, FBI Behavioral: • Revamped Employee Training Modules Press Involvement: • Press Statements • Maintains the integrity of the company Looking Towards The Future!
  • 9. Current Topology Enhanced Topology • Eliminates Path to E-trading System • Redundancy • Smaller subsets allow for easy management
  • 10. Identify Place: • Red-Amber-Green Protect Street: • Hardware • Software • Employee Behavior Protection Detect Square: • Screening Process • Flagging Respond Park: • Incident Response Plan Recover Blvd: • Reassessment