Community IT Innovators, profile picture
Uploaded byCommunity IT Innovators
PPTX, PDF1,821 views

Community IT - Crafting Nonprofit IT Security Policy

The IT security policy webinar series from July 2017, presented by Matthew Eshleman, highlights the importance of effective technology use for community IT and discusses various security policies that organizations should adopt. Key topics include acceptable use policies, identity management, data classification, and the significance of executive support in policy implementation. Additionally, the webinar emphasizes the need for ongoing training and the establishment of a proactive security culture within organizations.

Embed presentation

Downloaded 24 times
IT Security Policy Webinar Series July 2017
About Community IT Advancing mission through the effective use of technology. 100% Employee Owned
Presenter Matthew Eshleman CTO
Background Reading • Co-sponsored Idealware Security Report in 2016 • http://www.idealware.org/reports/nonprofits- need-know-security-practical-guide-managing- risk/ • Community IT Security Playbook • http://www.communityit.com/blog/security- playbook/ • Security webinars • http://www.communityit.com/resources/2016- jan-it-security-threats/ • http://www.communityit.com/resources/webi nar-february-18-2016-backups-and-disaster- recovery-for-nonprofits/ • http://www.communityit.com/resources/2017- march-webinar-security-readiness/ • SANS Security Policy Templates • https://www.sans.org/security- resources/policies/
Community IT Innovators approach to Security Written & Updated Policies Predictive Intelligence Security Training & Awareness Passwords Antivirus Backups Patches
Terminology Policy – principles, rules and guidelines formulated or adopted by an organization to reach its long-term goals Guideline – recommended practice that allows some discretion or leeway in its interpretation, implementation or use Standard – universally accepted or established meaning determining what something should be Procedures – specific methods employed to express policies in action in the day-to-day operations of the organization
Security Policies • What policies to have and where to start? • Acceptable use policy • Computer equipment • Web browsing • Mobile Devices • Data policy • Identity and account policy • HIPAA
CIA Inventory Confidentiality Integrity Availability Sensitive Data Medical Records High High High Donor Contacts Moderate High Moderate Financial System Moderate High Moderate HR Records High Moderate Low Less Sensitive Email Moderate High High Grant Proposals Low Moderate High Program Mgmt Low Moderate Moderate
IT Security Policy Process Senior Management (Board) Support Draft Policy Colleague Support Define Monitoring Implementation
Important Considerations • Policies require executive support • Start with the policy first • Determine level of investment to meet policy requirements • IT Policies are living documents • Start from scratch or start from a template? • How will policies be monitored? • Ongoing training
Organizational Adoption • Determine implementation approach • Big Bang or Phased Deployment • Set a realistic date • Expect some issues
Our approach to policies • Generally Permissive • Default is to ALLOW • No Administrative Access • Require good passwords and MFA • Encourage Security Awareness • Require AV • Weekly Patching • Backups for everything • Monitor and audit logins • Don’t monitor web browsing • Defense in Depth (moving toward Assume Breach)
Microsoft Cyber Security and Defense Strategy
Where to invest Acceptable Use Policy Clear backup and data retention policy Strong Identity and Account Policy Align technology with policy
Acceptable Use Policy Computers are for organizational use Encourage good computer stewardship Umbrella policy that can reference other Policies
Data Policy Includes data in multiple systems Include Data Classification - CIA Define retention requirements
Identity and Account Policy Password Policy • 8 characters minimum • 90 day age • Account lockout after 5 failed attempts, 10 min reset • 2FA for Cloud SSO for Cloud Applications Rename Admin Account Complex Service Account Passwords
Questions?
Upcoming Webinar We are all Data Managers. Learn how to up your game. Wednesday August 23 4:00 – 5:00 PM EST

More Related Content

PPTX
IT Security Incident Response for Nonprofits
byCommunity IT Innovators
 
PPTX
Security and Compliance Initial Roadmap
byAnshu Gupta
 
PPT
Roadmap to IT Security Best Practices
byGreenway Health
 
PPTX
Roadmap to security operations excellence
byErik Taavila
 
PPTX
Community IT Webinar: Working with an Outsourced IT Manager
byCommunity IT Innovators
 
PPTX
Developing an Information Security Roadmap
byAustin Songer
 
PPSX
Security policies
byNishant Pahad
 
PPTX
Cybersecurity Training for Nonprofits
byCommunity IT Innovators
 
IT Security Incident Response for Nonprofits
byCommunity IT Innovators
 
Security and Compliance Initial Roadmap
byAnshu Gupta
 
Roadmap to IT Security Best Practices
byGreenway Health
 
Roadmap to security operations excellence
byErik Taavila
 
Community IT Webinar: Working with an Outsourced IT Manager
byCommunity IT Innovators
 
Developing an Information Security Roadmap
byAustin Songer
 
Security policies
byNishant Pahad
 
Cybersecurity Training for Nonprofits
byCommunity IT Innovators
 

What's hot

PPTX
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
byNorth Texas Chapter of the ISSA
 
PDF
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
PPTX
Cybersecurity Audit
byEC-Council
 
PPTX
Edgescan 2021 Vulnerability Stats Report
byEoin Keary
 
PPTX
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
bycentralohioissa
 
PPTX
Tictaclabs Managed Cyber Security Services
byTicTac Data Recovery
 
PDF
isicg - 3 r's v4
byElliott Franklin
 
PPTX
Gain Visibility & Control of IT Assets in a Perimeterless World
byQualys
 
PPT
IT Security Strategy
byLaura Vanassche
 
PPT
Supplement To Student Guide Seminar 03 A 3 Nov09
byTammy Clark
 
PPTX
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
byTripwire
 
ODP
Active Network Monitoring brings Peace of Mind
byThe Lorenzi Group
 
PPTX
10 Steps to Better Security Incident Detection
byTripwire
 
PPTX
ComResource Agency Solutions
byAnthony Dials
 
PPTX
Effective security monitoring mp 2014
byRicardo Resnik
 
PPTX
Security operation center
byMuthuKumaran267
 
PPTX
ComResource Business Solutions
byAnthony Dials
 
PPTX
6 Biggest Cyber Security Risks and How You Can Fight Back
byMTG IT Professionals
 
PPTX
Security architecture, engineering and operations
byPiyush Jain
 
PPSX
The myth of secure computing; management information system; MIS
bySaazan Shrestha
 
NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...
byNorth Texas Chapter of the ISSA
 
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
Cybersecurity Audit
byEC-Council
 
Edgescan 2021 Vulnerability Stats Report
byEoin Keary
 
Gabriel Gumbs - A Capability Maturity Model for Sustainable Data Loss Protection
bycentralohioissa
 
Tictaclabs Managed Cyber Security Services
byTicTac Data Recovery
 
isicg - 3 r's v4
byElliott Franklin
 
Gain Visibility & Control of IT Assets in a Perimeterless World
byQualys
 
IT Security Strategy
byLaura Vanassche
 
Supplement To Student Guide Seminar 03 A 3 Nov09
byTammy Clark
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
byTripwire
 
Active Network Monitoring brings Peace of Mind
byThe Lorenzi Group
 
10 Steps to Better Security Incident Detection
byTripwire
 
ComResource Agency Solutions
byAnthony Dials
 
Effective security monitoring mp 2014
byRicardo Resnik
 
Security operation center
byMuthuKumaran267
 
ComResource Business Solutions
byAnthony Dials
 
6 Biggest Cyber Security Risks and How You Can Fight Back
byMTG IT Professionals
 
Security architecture, engineering and operations
byPiyush Jain
 
The myth of secure computing; management information system; MIS
bySaazan Shrestha
 

Similar to Community IT - Crafting Nonprofit IT Security Policy

PPT
Information security policy_2011
bycodka
 
PPT
Information security policy_2011
bycodka
 
PDF
How to write your company's it security policy it-toolkits
byIT-Toolkits.org
 
PPTX
12 security policies
bySaqib Raza
 
PPT
Security policy
byDhani Ahmad
 
PDF
Security policy.pdf
byMd. Sajjat Hossain
 
PPTX
Cyber Security unit-4.pptx for computers
by2k24mca2412994
 
PPT
Policy-1.pptznlaldjwodmwlznalpqjdc ktpanV
bywardaabbas1
 
PPT
It Policies
byJames Sutter
 
PPTX
Policy Writing (1).pptx for the ISMS and risk assessment GRC
byHaiqaHashmi
 
PPTX
Building a Secure and Compliant IT Environment The Role of IT Policies.pptx
byAltius IT
 
PPTX
Importance Of A Security Policy
bycharlesgarrett
 
PPT
develop security policy
byInfo-Tech Research Group
 
PDF
Building and implementing a successful information security policy
byRossMob1
 
PPTX
Security Governance Primer - Eric Vanderburg - JURINNOV
byEric Vanderburg
 
PDF
For our discussion question, we focus on recent trends in security t.pdf
byalokkesh
 
PDF
Information security policy how to writing
byPasangdolmoTamang
 
PDF
Lecture 12 security policy
byTanveer Malik
 
PPT
Policy Management: An Overview
byMarco Casassa Mont
 
PDF
Protecting business interests with policies for it asset management it-tool...
byIT-Toolkits.org
 
Information security policy_2011
bycodka
 
Information security policy_2011
bycodka
 
How to write your company's it security policy it-toolkits
byIT-Toolkits.org
 
12 security policies
bySaqib Raza
 
Security policy
byDhani Ahmad
 
Security policy.pdf
byMd. Sajjat Hossain
 
Cyber Security unit-4.pptx for computers
by2k24mca2412994
 
Policy-1.pptznlaldjwodmwlznalpqjdc ktpanV
bywardaabbas1
 
It Policies
byJames Sutter
 
Policy Writing (1).pptx for the ISMS and risk assessment GRC
byHaiqaHashmi
 
Building a Secure and Compliant IT Environment The Role of IT Policies.pptx
byAltius IT
 
Importance Of A Security Policy
bycharlesgarrett
 
develop security policy
byInfo-Tech Research Group
 
Building and implementing a successful information security policy
byRossMob1
 
Security Governance Primer - Eric Vanderburg - JURINNOV
byEric Vanderburg
 
For our discussion question, we focus on recent trends in security t.pdf
byalokkesh
 
Information security policy how to writing
byPasangdolmoTamang
 
Lecture 12 security policy
byTanveer Malik
 
Policy Management: An Overview
byMarco Casassa Mont
 
Protecting business interests with policies for it asset management it-tool...
byIT-Toolkits.org
 

More from Community IT Innovators

PPTX
Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?
byCommunity IT Innovators
 
PPTX
2021 Nonprofit Cybersecurity Incident Report
byCommunity IT Innovators
 
PPTX
SharePoint Online for Nonprofits
byCommunity IT Innovators
 
PPTX
Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...
byCommunity IT Innovators
 
PPTX
Nonprofit Cybersecurity Risk Assessment Basics
byCommunity IT Innovators
 
PPTX
Does Your Organization Need a Better Technology Roadmap?
byCommunity IT Innovators
 
PPTX
2020 Nonprofit Technology Trends Roundtable
byCommunity IT Innovators
 
PPTX
5 Security Tips to Protect Your Login Credentials and More
byCommunity IT Innovators
 
PPTX
How Data Quality Defines Your Organization Webinar November 2019
byCommunity IT Innovators
 
PPTX
Nonprofit Cybersecurity Readiness - Community IT Innovators Webinar
byCommunity IT Innovators
 
PPTX
5 Steps to Create an Information Strategy for Your Organization
byCommunity IT Innovators
 
PPTX
Server 2008 and Windows 7 End of Life: 3 Things You Need to Know
byCommunity IT Innovators
 
PPTX
What Makes Nonprofit Tech Projects Succeed?
byCommunity IT Innovators
 
PDF
Nonprofit Cybersecurity Incident Report
byCommunity IT Innovators
 
PPTX
Improving Nonprofit CRM Data Management in 2019 - Build Consulting and Commun...
byCommunity IT Innovators
 
PPTX
Community IT Innovators Technology Trends Round Table 2019
byCommunity IT Innovators
 
PPTX
Selecting Nonprofit Software: Technology Comes Last
byCommunity IT Innovators
 
PPTX
Office 365 Security Best Practices
byCommunity IT Innovators
 
PPTX
Nonprofit Development, Meet Accounting!
byCommunity IT Innovators
 
PPTX
IT Management Fundamentals
byCommunity IT Innovators
 
Slack, Microsoft Teams, Zoom: What Works Best for Nonprofits?
byCommunity IT Innovators
 
2021 Nonprofit Cybersecurity Incident Report
byCommunity IT Innovators
 
SharePoint Online for Nonprofits
byCommunity IT Innovators
 
Microsoft Dynamics and Salesforce: What You Need To Know Before Choosing a Pl...
byCommunity IT Innovators
 
Nonprofit Cybersecurity Risk Assessment Basics
byCommunity IT Innovators
 
Does Your Organization Need a Better Technology Roadmap?
byCommunity IT Innovators
 
2020 Nonprofit Technology Trends Roundtable
byCommunity IT Innovators
 
5 Security Tips to Protect Your Login Credentials and More
byCommunity IT Innovators
 
How Data Quality Defines Your Organization Webinar November 2019
byCommunity IT Innovators
 
Nonprofit Cybersecurity Readiness - Community IT Innovators Webinar
byCommunity IT Innovators
 
5 Steps to Create an Information Strategy for Your Organization
byCommunity IT Innovators
 
Server 2008 and Windows 7 End of Life: 3 Things You Need to Know
byCommunity IT Innovators
 
What Makes Nonprofit Tech Projects Succeed?
byCommunity IT Innovators
 
Nonprofit Cybersecurity Incident Report
byCommunity IT Innovators
 
Improving Nonprofit CRM Data Management in 2019 - Build Consulting and Commun...
byCommunity IT Innovators
 
Community IT Innovators Technology Trends Round Table 2019
byCommunity IT Innovators
 
Selecting Nonprofit Software: Technology Comes Last
byCommunity IT Innovators
 
Office 365 Security Best Practices
byCommunity IT Innovators
 
Nonprofit Development, Meet Accounting!
byCommunity IT Innovators
 
IT Management Fundamentals
byCommunity IT Innovators
 

Recently uploaded

PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
PDF
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PPTX
communication-skills-with-technology tools
byJaleto Sunkemo
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PDF
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
PDF
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Technology Consulting _ by Slidesgo.pptx
byfh82277
 
WHITE PAPER_ Ransomware Payment Policy and Resilience Strategy_ A Framework f...
byssuser0d171c
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Day 4 - Access, Deployments, and Monitoring - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
communication-skills-with-technology tools
byJaleto Sunkemo
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
API-First Architecture in Financial Systems
bycyy111112
 
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
Fundamentals and Frontiers of Post Quantum Cryptography
byGokul Alex
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Lab 1.5 - Sharing Secrets with GPG ~ 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 

Community IT - Crafting Nonprofit IT Security Policy

  • 1.
  • 2.
    About Community IT Advancingmission through the effective use of technology. 100% Employee Owned
  • 3.
  • 4.
    Background Reading • Co-sponsoredIdealware Security Report in 2016 • http://www.idealware.org/reports/nonprofits- need-know-security-practical-guide-managing- risk/ • Community IT Security Playbook • http://www.communityit.com/blog/security- playbook/ • Security webinars • http://www.communityit.com/resources/2016- jan-it-security-threats/ • http://www.communityit.com/resources/webi nar-february-18-2016-backups-and-disaster- recovery-for-nonprofits/ • http://www.communityit.com/resources/2017- march-webinar-security-readiness/ • SANS Security Policy Templates • https://www.sans.org/security- resources/policies/
  • 5.
    Community IT Innovatorsapproach to Security Written & Updated Policies Predictive Intelligence Security Training & Awareness Passwords Antivirus Backups Patches
  • 6.
    Terminology Policy – principles,rules and guidelines formulated or adopted by an organization to reach its long-term goals Guideline – recommended practice that allows some discretion or leeway in its interpretation, implementation or use Standard – universally accepted or established meaning determining what something should be Procedures – specific methods employed to express policies in action in the day-to-day operations of the organization
  • 7.
    Security Policies • What policiesto have and where to start? • Acceptable use policy • Computer equipment • Web browsing • Mobile Devices • Data policy • Identity and account policy • HIPAA
  • 8.
    CIA Inventory Confidentiality IntegrityAvailability Sensitive Data Medical Records High High High Donor Contacts Moderate High Moderate Financial System Moderate High Moderate HR Records High Moderate Low Less Sensitive Email Moderate High High Grant Proposals Low Moderate High Program Mgmt Low Moderate Moderate
  • 9.
    IT Security PolicyProcess Senior Management (Board) Support Draft Policy Colleague Support Define Monitoring Implementation
  • 10.
    Important Considerations • Policies requireexecutive support • Start with the policy first • Determine level of investment to meet policy requirements • IT Policies are living documents • Start from scratch or start from a template? • How will policies be monitored? • Ongoing training
  • 11.
    Organizational Adoption • Determine implementationapproach • Big Bang or Phased Deployment • Set a realistic date • Expect some issues
  • 12.
    Our approach to policies •Generally Permissive • Default is to ALLOW • No Administrative Access • Require good passwords and MFA • Encourage Security Awareness • Require AV • Weekly Patching • Backups for everything • Monitor and audit logins • Don’t monitor web browsing • Defense in Depth (moving toward Assume Breach)
  • 13.
  • 14.
    Where to invest AcceptableUse Policy Clear backup and data retention policy Strong Identity and Account Policy Align technology with policy
  • 15.
    Acceptable Use Policy Computers arefor organizational use Encourage good computer stewardship Umbrella policy that can reference other Policies
  • 16.
    Data Policy Includes datain multiple systems Include Data Classification - CIA Define retention requirements
  • 17.
    Identity and Account Policy Password Policy •8 characters minimum • 90 day age • Account lockout after 5 failed attempts, 10 min reset • 2FA for Cloud SSO for Cloud Applications Rename Admin Account Complex Service Account Passwords
  • 18.
  • 19.
    Upcoming Webinar We are allData Managers. Learn how to up your game. Wednesday August 23 4:00 – 5:00 PM EST

Editor's Notes

  • #19 - What is your best guidance for balancing security, with reasonable policies that do not unreasonably impede team productivity?