SlideShare a Scribd company logo

Creating a Culture of Security

TechSoup
TechSoup

This document outlines Michael Enos' presentation on creating a culture of security. The presentation introduces common cyber threats facing non-profits, such as ransomware, DDoS attacks, and malware. It then discusses the NIST Cybersecurity Framework and how TechSoup has implemented it to identify, protect, detect, respond to, and recover from cyber incidents. The framework guides TechSoup's asset management, risk assessment, access control, data security, and monitoring practices. The presentation concludes by listing additional cybersecurity resources available to non-profits.

Government & Nonprofit
1 of 14
Download to read offline
Creating a Culture of Security Michael Enos Sr Director Community & Platform
2 © TechSoup Global. All Rights Reserved. Presentation Outline Topic Intros Cyber Threats facing NGOs and Civil Society Organizations (Ransomware, DDoS, Malware, Cryptomining, Botnets, etc.) Cyber Security Frameworks & Methodologies in Practice Cyber Security Frameworks & Methodologies in Practice (NIST) TechSoup: A Case Study in the NIST Framework Implementation Resources available for NGOs + Partner Networks Questions / Discussion
3 © TechSoup Global. All Rights Reserved. Michael Enos Senior Director of Community and Platform • Michael Enos is Senior Director of Community and Platform for TechSoup. In his role, Michael directs dev-ops, enterprise infrastructure, information and technology security, and software development teams that build and support platform products and services.
4 © TechSoup Global. All Rights Reserved. Phishing Data Breach Service Disruption Malware Ransomware Cyber Threats NGOs Face NGOs have specific types of data that if compromised, could impede our mission and lose the trust of the communities we serve • Vulnerable Population’s Personal Information • Donor Data • Financial Information
5 © TechSoup Global. All Rights Reserved.
6 © TechSoup Global. All Rights Reserved. Cyber Security Frameworks & Methodologies in Practice Purpose: • To use proven guidance from Institutional Leadership bodies • Audit controls and organization performance standards are derived from these Frameworks • As stewards of data reflecting the critical infrastructure of Civil Society, it is our duty and responsibility
NIST Cybersecurity Framework • What is the Framework? • The Framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.
Cyber Security Framework version 1.1 Breakdown
o Asset Management o Business Environment o Governance o Risk Assessment o Risk Management Strategy o Access Control o Training and Awareness o Data Security o Information Protection Processes o Maintenance
o Anomalies and Events o Security Continuous Monitoring o Detection Processes o Response Planning o Communications o Analysis o Mitigation
11 © TechSoup Global. All Rights Reserved. • Application Asset Inventory Management • Mobile Device Management • Policy-based Governance • Infrastructure and System Architecture documentation Case Study: TechSoup • Cloud Web Application Firewalls • Endpoint Protection • Encryption • MFA • Disaster Recovery – Data Loss Protection • Security Awareness Training • Privileged Access Management (PAM) Identify Protect
12 © TechSoup Global. All Rights Reserved. • Continuous Vulnerability Monitoring and Assessment • Attack surface monitoring • Alerting and Escalation Protocols • Security Information and Event Management Case Study: TechSoup • Incident Response Policy • Incident Containment • Disaster Response Protocol • Internal and External Communication • Root Cause Analysis • Future Prevention Learnings Detect Respond/Recover
Resources • National Cyber Awareness System bulletins from the Cybersecurity and Infrastructure Security Agency. • Both Google and Microsoft update their security- related blogs frequently and are a great resource even if your organization does not use these platforms. • Security-focused firms that have excellent technical coverage of cyberthreats include Volexity, Rapid7, and Trend Micro. KrebsOnSecurity is a very well- known and respected leader in journalistic coverage of cybersecurity. Zero Day, from the journal ZDNet, and Threatpost are other excellent online resources for staying informed about the cybersecurity threat landscape. • https://www.techsoup.org/security Leverage your engagement with Techsoup through the generous partnership of our Corporate Donors such as Cisco, Microsoft, Norton, Avast, and Bitdefender.
Thank You! Michael Enos menos@techsoup.org

Recommended

Improving cyber security using biosecurity experience
Improving cyber security using biosecurity experienceImproving cyber security using biosecurity experience
Improving cyber security using biosecurity experienceNorman Johnson
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterpriseQuick Heal Technologies Ltd.
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
CP Expo 2014: Cybersecurity and Cybercrime
CP Expo 2014: Cybersecurity and CybercrimeCP Expo 2014: Cybersecurity and Cybercrime
CP Expo 2014: Cybersecurity and CybercrimeLeonardo
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0Ferenc Fresz
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 

Recommended

Improving cyber security using biosecurity experience
Improving cyber security using biosecurity experienceImproving cyber security using biosecurity experience
Improving cyber security using biosecurity experienceNorman Johnson
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterpriseQuick Heal Technologies Ltd.
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
CP Expo 2014: Cybersecurity and Cybercrime
CP Expo 2014: Cybersecurity and CybercrimeCP Expo 2014: Cybersecurity and Cybercrime
CP Expo 2014: Cybersecurity and CybercrimeLeonardo
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0Cyber_Services_2015_company_intro_ENG_v2p0
Cyber_Services_2015_company_intro_ENG_v2p0Ferenc Fresz
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Cyber security event
Cyber security eventCyber security event
Cyber security eventTryzens
 
Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015Dr Robert D. Childs
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceShiva Bissessar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.pptssusera76ea9
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan PerspectiveCybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan PerspectiveIvan Sang
 
UN Singapore Cyber Programme 15 july19
UN Singapore Cyber Programme 15 july19UN Singapore Cyber Programme 15 july19
UN Singapore Cyber Programme 15 july19consultancyss
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...Andris Soroka
 
CCA study group
CCA study groupCCA study group
CCA study groupIIBA UK Chapter
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxbakhtinasiriav
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingJisc
 
2015 Year to Date Security Trends
2015 Year to Date Security Trends2015 Year to Date Security Trends
2015 Year to Date Security TrendsTerra Verde
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
 
Executive Directors Chat Embracing Diversity and Cultural Differences
Executive Directors Chat Embracing Diversity and Cultural DifferencesExecutive Directors Chat Embracing Diversity and Cultural Differences
Executive Directors Chat Embracing Diversity and Cultural DifferencesTechSoup
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 

More Related Content

Similar to Creating a Culture of Security

Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Stephen Abram
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceShiva Bissessar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurityMatthew Rosenquist
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.pptssusera76ea9
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkJack Shaffer
 
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan PerspectiveCybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan PerspectiveIvan Sang
 
UN Singapore Cyber Programme 15 july19
UN Singapore Cyber Programme 15 july19UN Singapore Cyber Programme 15 july19
UN Singapore Cyber Programme 15 july19consultancyss
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...Andris Soroka
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxbakhtinasiriav
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingJisc
 
2015 Year to Date Security Trends
2015 Year to Date Security Trends2015 Year to Date Security Trends
2015 Year to Date Security TrendsTerra Verde
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
 

Similar to Creating a Culture of Security (20)

Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)Cervone uof t - nist framework (1)
Cervone uof t - nist framework (1)
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
dataProtection_p3.ppt
dataProtection_p3.pptdataProtection_p3.ppt
dataProtection_p3.ppt
 
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity FrameworkAdvantage Technology - Ransomware and the NIST Cybersecurity Framework
Advantage Technology - Ransomware and the NIST Cybersecurity Framework
 
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan PerspectiveCybercrime and Cybersecurity Governance: A Kenyan Perspective
Cybercrime and Cybersecurity Governance: A Kenyan Perspective
 
UN Singapore Cyber Programme 15 july19
UN Singapore Cyber Programme 15 july19UN Singapore Cyber Programme 15 july19
UN Singapore Cyber Programme 15 july19
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
 
CCA study group
CCA study groupCCA study group
CCA study group
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharing
 
2015 Year to Date Security Trends
2015 Year to Date Security Trends2015 Year to Date Security Trends
2015 Year to Date Security Trends
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptx
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 

More from TechSoup

Executive Directors Chat Embracing Diversity and Cultural Differences
Executive Directors Chat Embracing Diversity and Cultural DifferencesExecutive Directors Chat Embracing Diversity and Cultural Differences
Executive Directors Chat Embracing Diversity and Cultural DifferencesTechSoup
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Building the Commons: Community Archiving & Decentralized Storage
Building the Commons: Community Archiving & Decentralized StorageBuilding the Commons: Community Archiving & Decentralized Storage
Building the Commons: Community Archiving & Decentralized StorageTechSoup
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Welcome to TechSoup - New Member Orientation and Q & A (April 2024)
Welcome to TechSoup - New Member Orientation and Q & A (April 2024)Welcome to TechSoup - New Member Orientation and Q & A (April 2024)
Welcome to TechSoup - New Member Orientation and Q & A (April 2024)TechSoup
 
Executive Directors Chat Initiating Equity for Impact.pdf
Executive Directors Chat Initiating Equity for Impact.pdfExecutive Directors Chat Initiating Equity for Impact.pdf
Executive Directors Chat Initiating Equity for Impact.pdfTechSoup
 
Set the Path Forward with Smart Technology Decisions.pdf
Set the Path Forward with Smart Technology Decisions.pdfSet the Path Forward with Smart Technology Decisions.pdf
Set the Path Forward with Smart Technology Decisions.pdfTechSoup
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?TechSoup
 
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfTechSoup
 
Hitting the Inbox: Email Authentication Changes and What You Need to Know
Hitting the Inbox: Email Authentication Changes and What You Need to KnowHitting the Inbox: Email Authentication Changes and What You Need to Know
Hitting the Inbox: Email Authentication Changes and What You Need to KnowTechSoup
 
Welcome to TechSoup New Member Orientation March 2024
Welcome to TechSoup New Member Orientation March 2024Welcome to TechSoup New Member Orientation March 2024
Welcome to TechSoup New Member Orientation March 2024TechSoup
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
 
Celebrate National Library Lovers Month with TechSoup! We love libraries!.pdf
Celebrate National Library Lovers Month with TechSoup! We love libraries!.pdfCelebrate National Library Lovers Month with TechSoup! We love libraries!.pdf
Celebrate National Library Lovers Month with TechSoup! We love libraries!.pdfTechSoup
 
Google Ad Grants Services at TechSoup.pdf
Google Ad Grants Services at TechSoup.pdfGoogle Ad Grants Services at TechSoup.pdf
Google Ad Grants Services at TechSoup.pdfTechSoup
 
Techsoup_ Prompt Strategy _ Template.docx.pdf
Techsoup_ Prompt Strategy _ Template.docx.pdfTechsoup_ Prompt Strategy _ Template.docx.pdf
Techsoup_ Prompt Strategy _ Template.docx.pdfTechSoup
 
Ask the Exerts - Focus on AI Prompt Engineering.pdf
Ask the Exerts - Focus on AI Prompt Engineering.pdfAsk the Exerts - Focus on AI Prompt Engineering.pdf
Ask the Exerts - Focus on AI Prompt Engineering.pdfTechSoup
 
Introduction to TechSoup’s Digital Marketing Services and Use Cases
Introduction to TechSoup’s Digital Marketing Services and Use CasesIntroduction to TechSoup’s Digital Marketing Services and Use Cases
Introduction to TechSoup’s Digital Marketing Services and Use CasesTechSoup
 
Grantseeking Solo- Securing Awards with Limited Staff PDF.pdf
Grantseeking Solo- Securing Awards with Limited Staff PDF.pdfGrantseeking Solo- Securing Awards with Limited Staff PDF.pdf
Grantseeking Solo- Securing Awards with Limited Staff PDF.pdfTechSoup
 
Welcome to TechSoup New Member Orientation and Q & A (February 2024)
Welcome to TechSoup New Member Orientation and Q & A (February 2024)Welcome to TechSoup New Member Orientation and Q & A (February 2024)
Welcome to TechSoup New Member Orientation and Q & A (February 2024)TechSoup
 
Choosing the Right CRM for your Website, Fundraising, and Marketing _ TechSou...
Choosing the Right CRM for your Website, Fundraising, and Marketing _ TechSou...Choosing the Right CRM for your Website, Fundraising, and Marketing _ TechSou...
Choosing the Right CRM for your Website, Fundraising, and Marketing _ TechSou...TechSoup
 

More from TechSoup (20)

Executive Directors Chat Embracing Diversity and Cultural Differences
Executive Directors Chat Embracing Diversity and Cultural DifferencesExecutive Directors Chat Embracing Diversity and Cultural Differences
Executive Directors Chat Embracing Diversity and Cultural Differences
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Building the Commons: Community Archiving & Decentralized Storage
Building the Commons: Community Archiving & Decentralized StorageBuilding the Commons: Community Archiving & Decentralized Storage
Building the Commons: Community Archiving & Decentralized Storage
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Welcome to TechSoup - New Member Orientation and Q & A (April 2024)
Welcome to TechSoup - New Member Orientation and Q & A (April 2024)Welcome to TechSoup - New Member Orientation and Q & A (April 2024)
Welcome to TechSoup - New Member Orientation and Q & A (April 2024)
 
Executive Directors Chat Initiating Equity for Impact.pdf
Executive Directors Chat Initiating Equity for Impact.pdfExecutive Directors Chat Initiating Equity for Impact.pdf
Executive Directors Chat Initiating Equity for Impact.pdf
 
Set the Path Forward with Smart Technology Decisions.pdf
Set the Path Forward with Smart Technology Decisions.pdfSet the Path Forward with Smart Technology Decisions.pdf
Set the Path Forward with Smart Technology Decisions.pdf
 
What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?What is the Future of QuickBooks DeskTop?
What is the Future of QuickBooks DeskTop?
 
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdfMaximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
Maximizing Impact_ Nonprofit Website Planning, Budgeting, and Design.pdf
 
Hitting the Inbox: Email Authentication Changes and What You Need to Know
Hitting the Inbox: Email Authentication Changes and What You Need to KnowHitting the Inbox: Email Authentication Changes and What You Need to Know
Hitting the Inbox: Email Authentication Changes and What You Need to Know
 
Welcome to TechSoup New Member Orientation March 2024
Welcome to TechSoup New Member Orientation March 2024Welcome to TechSoup New Member Orientation March 2024
Welcome to TechSoup New Member Orientation March 2024
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
Celebrate National Library Lovers Month with TechSoup! We love libraries!.pdf
Celebrate National Library Lovers Month with TechSoup! We love libraries!.pdfCelebrate National Library Lovers Month with TechSoup! We love libraries!.pdf
Celebrate National Library Lovers Month with TechSoup! We love libraries!.pdf
 
Google Ad Grants Services at TechSoup.pdf
Google Ad Grants Services at TechSoup.pdfGoogle Ad Grants Services at TechSoup.pdf
Google Ad Grants Services at TechSoup.pdf
 
Techsoup_ Prompt Strategy _ Template.docx.pdf
Techsoup_ Prompt Strategy _ Template.docx.pdfTechsoup_ Prompt Strategy _ Template.docx.pdf
Techsoup_ Prompt Strategy _ Template.docx.pdf
 
Ask the Exerts - Focus on AI Prompt Engineering.pdf
Ask the Exerts - Focus on AI Prompt Engineering.pdfAsk the Exerts - Focus on AI Prompt Engineering.pdf
Ask the Exerts - Focus on AI Prompt Engineering.pdf
 
Introduction to TechSoup’s Digital Marketing Services and Use Cases
Introduction to TechSoup’s Digital Marketing Services and Use CasesIntroduction to TechSoup’s Digital Marketing Services and Use Cases
Introduction to TechSoup’s Digital Marketing Services and Use Cases
 
Grantseeking Solo- Securing Awards with Limited Staff PDF.pdf
Grantseeking Solo- Securing Awards with Limited Staff PDF.pdfGrantseeking Solo- Securing Awards with Limited Staff PDF.pdf
Grantseeking Solo- Securing Awards with Limited Staff PDF.pdf
 
Welcome to TechSoup New Member Orientation and Q & A (February 2024)
Welcome to TechSoup New Member Orientation and Q & A (February 2024)Welcome to TechSoup New Member Orientation and Q & A (February 2024)
Welcome to TechSoup New Member Orientation and Q & A (February 2024)
 
Choosing the Right CRM for your Website, Fundraising, and Marketing _ TechSou...
Choosing the Right CRM for your Website, Fundraising, and Marketing _ TechSou...Choosing the Right CRM for your Website, Fundraising, and Marketing _ TechSou...
Choosing the Right CRM for your Website, Fundraising, and Marketing _ TechSou...
 

Recently uploaded

Climate change and safety and health at work
Climate change and safety and health at workClimate change and safety and health at work
Climate change and safety and health at workChristina Parmionova
 
DNV publication: China Energy Transition Outlook 2024
DNV publication: China Energy Transition Outlook 2024DNV publication: China Energy Transition Outlook 2024
DNV publication: China Energy Transition Outlook 2024Energy for One World
 
EDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptxEDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptxaaryamanorathofficia
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27JSchaus & Associates
 
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxxIncident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxxPeter Miles
 
Expressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxExpressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxtsionhagos36
 
Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.Christina Parmionova
 
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up NumberMs Riya
 
CBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCongressional Budget Office
 
Climate change and occupational safety and health.
Climate change and occupational safety and health.Climate change and occupational safety and health.
Climate change and occupational safety and health.Christina Parmionova
 
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...aartirawatdelhi
 
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...CedZabala
 
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...anilsa9823
 
Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...ResolutionFoundation
 
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...Suhani Kapoor
 
VIP Call Girls Pune Vani 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Vani 8617697112 Independent Escort Service PuneVIP Call Girls Pune Vani 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Vani 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...ranjana rawat
 

Recently uploaded (20)

Climate change and safety and health at work
Climate change and safety and health at workClimate change and safety and health at work
Climate change and safety and health at work
 
DNV publication: China Energy Transition Outlook 2024
DNV publication: China Energy Transition Outlook 2024DNV publication: China Energy Transition Outlook 2024
DNV publication: China Energy Transition Outlook 2024
 
EDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptxEDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptx
 
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCeCall Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
Call Girls In Rohini ꧁❤ 🔝 9953056974🔝❤꧂ Escort ServiCe
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27
 
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxxIncident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
 
Expressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptxExpressive clarity oral presentation.pptx
Expressive clarity oral presentation.pptx
 
How to Save a Place: 12 Tips To Research & Know the Threat
How to Save a Place: 12 Tips To Research & Know the ThreatHow to Save a Place: 12 Tips To Research & Know the Threat
How to Save a Place: 12 Tips To Research & Know the Threat
 
Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.
 
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
 
CBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related TopicsCBO’s Recent Appeals for New Research on Health-Related Topics
CBO’s Recent Appeals for New Research on Health-Related Topics
 
Climate change and occupational safety and health.
Climate change and occupational safety and health.Climate change and occupational safety and health.
Climate change and occupational safety and health.
 
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
 
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
 
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
 
Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...
 
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...
VIP High Class Call Girls Amravati Anushka 8250192130 Independent Escort Serv...
 
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
 
VIP Call Girls Pune Vani 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Vani 8617697112 Independent Escort Service PuneVIP Call Girls Pune Vani 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Vani 8617697112 Independent Escort Service Pune
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
 

Creating a Culture of Security

  • 1. Creating a Culture of Security Michael Enos Sr Director Community & Platform
  • 2. 2 © TechSoup Global. All Rights Reserved. Presentation Outline Topic Intros Cyber Threats facing NGOs and Civil Society Organizations (Ransomware, DDoS, Malware, Cryptomining, Botnets, etc.) Cyber Security Frameworks & Methodologies in Practice Cyber Security Frameworks & Methodologies in Practice (NIST) TechSoup: A Case Study in the NIST Framework Implementation Resources available for NGOs + Partner Networks Questions / Discussion
  • 3. 3 © TechSoup Global. All Rights Reserved. Michael Enos Senior Director of Community and Platform • Michael Enos is Senior Director of Community and Platform for TechSoup. In his role, Michael directs dev-ops, enterprise infrastructure, information and technology security, and software development teams that build and support platform products and services.
  • 4. 4 © TechSoup Global. All Rights Reserved. Phishing Data Breach Service Disruption Malware Ransomware Cyber Threats NGOs Face NGOs have specific types of data that if compromised, could impede our mission and lose the trust of the communities we serve • Vulnerable Population’s Personal Information • Donor Data • Financial Information
  • 5. 5 © TechSoup Global. All Rights Reserved.
  • 6. 6 © TechSoup Global. All Rights Reserved. Cyber Security Frameworks & Methodologies in Practice Purpose: • To use proven guidance from Institutional Leadership bodies • Audit controls and organization performance standards are derived from these Frameworks • As stewards of data reflecting the critical infrastructure of Civil Society, it is our duty and responsibility
  • 7. NIST Cybersecurity Framework • What is the Framework? • The Framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.
  • 9. o Asset Management o Business Environment o Governance o Risk Assessment o Risk Management Strategy o Access Control o Training and Awareness o Data Security o Information Protection Processes o Maintenance
  • 10. o Anomalies and Events o Security Continuous Monitoring o Detection Processes o Response Planning o Communications o Analysis o Mitigation
  • 11. 11 © TechSoup Global. All Rights Reserved. • Application Asset Inventory Management • Mobile Device Management • Policy-based Governance • Infrastructure and System Architecture documentation Case Study: TechSoup • Cloud Web Application Firewalls • Endpoint Protection • Encryption • MFA • Disaster Recovery – Data Loss Protection • Security Awareness Training • Privileged Access Management (PAM) Identify Protect
  • 12. 12 © TechSoup Global. All Rights Reserved. • Continuous Vulnerability Monitoring and Assessment • Attack surface monitoring • Alerting and Escalation Protocols • Security Information and Event Management Case Study: TechSoup • Incident Response Policy • Incident Containment • Disaster Response Protocol • Internal and External Communication • Root Cause Analysis • Future Prevention Learnings Detect Respond/Recover
  • 13. Resources • National Cyber Awareness System bulletins from the Cybersecurity and Infrastructure Security Agency. • Both Google and Microsoft update their security- related blogs frequently and are a great resource even if your organization does not use these platforms. • Security-focused firms that have excellent technical coverage of cyberthreats include Volexity, Rapid7, and Trend Micro. KrebsOnSecurity is a very well- known and respected leader in journalistic coverage of cybersecurity. Zero Day, from the journal ZDNet, and Threatpost are other excellent online resources for staying informed about the cybersecurity threat landscape. • https://www.techsoup.org/security Leverage your engagement with Techsoup through the generous partnership of our Corporate Donors such as Cisco, Microsoft, Norton, Avast, and Bitdefender.

Editor's Notes

  1. Keep content within ½” margins as shown with guides on this page. To hide margins on pages go to View > Guides > Guides
  2. Keep content within ½” margins as shown with guides on this page. To hide margins on pages go to View > Guides > Guides
  3. Keep content within ½” margins as shown with guides on this page. To hide margins on pages go to View > Guides > Guides
  4. Keep content within ½” margins as shown with guides on this page. To hide margins on pages go to View > Guides > Guides
  5. Keep content within ½” margins as shown with guides on this page. To hide margins on pages go to View > Guides > Guides
  6. Keep content within ½” margins as shown with guides on this page. To hide margins on pages go to View > Guides > Guides
  7. Keep content within ½” margins as shown with guides on this page. To hide margins on pages go to View > Guides > Guides