MICHAEL MOSHIRI, profile picture
Uploaded byMICHAEL MOSHIRI
496 views

C-Suite Guide to Cybersecurity

The document is a C-suite guide to cybersecurity, emphasizing the importance of understanding and managing cyber risks for executives. It outlines five key principles for effective cybersecurity: identifying risks, protecting critical assets, detecting deviations from normal activity, responding rapidly to security incidents, and continuously assessing risks. The guide highlights the increasing frequency and cost of security breaches, urging leaders to implement industry-standard frameworks and controls to safeguard their organizations.

Embed presentation

C-SUITE GUIDE TO CYBERSECURITY A P R 1 5 , 2 0 1 5
• W H Y T H I S M AT T E R S • W H O T H I S I S F O R • 5 K E Y P R I N C I P L E S • K E Y TA K E - A WAY I N S I D E
IBM Security Services 2014 Cyber Security Intelligence Index 91
 Million security events per year for the average company T H E R E I S N O G O O D N E W S
IBM Security Services 2014 Cyber Security Intelligence Index $5.9 Million Average cost per breach T H E R E I S N O G O O D N E W S
PwC Global State of Information Security Survey 2015 T H E R E I S N O G O O D N E W S 48%Increase in security incidents from last year
Y O U A R E N O T I M M U N E R E G A R D L E S S O F Y O U R S I Z E , I N D U S T RY, O R M A R K E T
T H I S I M PA C T S Y O U D I R E C T LY… I F Y O U A R E A C E O C O O C F O C I O C R O
W H E N I T C O M E S T O C Y B E R S E C U R I T Y … Y O U C A N ’ T M A N A G E W H AT Y O U D O N ’ T U N D E R S TA N D
B U T T O B E E F F E C T I V E … Y O U D O N ’ T H AV E T O B E C O M E A C Y B E R S E C U R I T Y E X P E R T
L E A R N H O W T O F R A M E I S S U E S I N R E F E R E N C E T O A N I N D U S T RY- S TA N D A R D F R A M E W O R K T H E FA S T E S T WA Y T O B E C O M E P R O F I C I E N T:
N I S T C Y B E R S E C U R I T Y F R A M E W O R K
P R I N C I P L E # 1 : IDENTIFY
K E Y I S S U E : I D E N T I F Y & M E A S U R E R I S K S
R I S K : T H E P O T E N T I A L F O R L O S S , D A M A G E , O R D E S T R U C T I O N O F A N A S S E T A S A R E S U LT O F A T H R E AT E X P L O I T I N G A V U L N E R A B I L I T Y.
A S S E S S I N G R I S K I D E N T I F Y: • A S S E T S • T H R E A T S • V U L N E R A B I L I T I E S • C O N T R O L S • R E S I D U A L R I S K
Y O U R A S S E T S … W H AT A R E Y O U R M O S T C R I T I C A L A S S E T S ?
Y O U R A S S E T S … W H E R E A R E Y O U R M O S T C R I T I C A L A S S E T S ?
Y O U R A S S E T S … H O W A R E Y O U R M O S T C R I T I C A L A S S E T S P R O T E C T E D ?
T H R E A T: A F O R C E , O R G A N I Z AT I O N , O R P E R S O N T H AT S E E K S T O E X P L O I T A V U L N E R A B I L I T Y T O O B TA I N , C O M P R O M I S E , O R D E S T R O Y A N A S S E T
V U L N E R A B I L I T Y: A W E A K N E S S T H AT C A N B E E X P L O I T E D B Y T H R E AT S T O G A I N U N A U T H O R I Z E D A C C E S S T O A N A S S E T
T Y P I C A L T H R E AT S • N AT U R A L D I S A S T E R S 
 F L O O D S A N D F I R E S • I N T E R N A L T H R E AT S 
 M A L I C I O U S O R U N A WA R E E M P L O Y E E S • P H Y S I C A L T H R E AT S 
 T H E F T, D E S T R U C T I O N • I N T E R N E T T H R E AT S 
 H A C K E R S
R E S I D U A L R I S K : T H E L E V E L O F R I S K A N A S S E T I S E X P O S E D T O I F M I T I G AT I N G C O N T R O L S A R E E F F E C T I V E
Q U E S T I O N S T O A S K • D O W E U N D E R S TA N D W H A T C R I T I C A L I N F O R M A T I O N W E M A N A G E , W H E R E I T I S S T O R E D , H O W S E N S I T I V E I T I S , A N D W H O H A S A C C E S S T O I T ? • W H A T A R E O U R “ C R O W N J E W E L S ” O R K E Y B U S I N E S S A S S E T S ? D O W E H A V E A D E Q U A T E P R O T E C T I O N T O S E C U R E T H E M ? • W H A T T Y P E S O F C O N N E C T I O N S T O O U R “ C R O W N J E W E L S ” D O W E H A V E ( V P N s , W I R E L E S S , L A N , T H I R D PA R T I E S , E T C . ) A N D H O W A R E W E M A N A G I N G A N D S E C U R I N G T H E S E C O N N E C T I O N S ? • H O W I S O U R S TA F F I D E N T I F Y I N G R I S K S , A N D P R O V I D I N G U S W I T H A C C U R A T E A N D T I M E LY I N F O R M A T I O N A B O U T T H O S E R I S K S ? • W H A T I S O U R A B I L I T Y T O M I T I G A T E T H O S E R I S K S ?
I D E N T I F Y I N G A N D M E A S U R I N G R I S K I S N O T A O N E - T I M E E X E R C I S E . I T I S A N O N G O I N G P R O C E S S .
C Y B E R R I S K M A N A G E M E N T P R O C E S S EVERY ORGANIZATION MUST HAVE A…
P R I N C I P L E # 2 : PROTECT
K E Y I S S U E : P R O T E C T C R I T I C A L A S S E T S
E N S U R E T H E A P P R O P R I AT E S A F E G U A R D S O R C O N T R O L S A R E I N P L A C E T O M I T I G AT E T H E VA R I O U S T Y P E S O F T H R E AT S T O Y O U R A S S E T S I N O T H E R W O R D S …
T H R E E T Y P E S O F C O N T R O L S 1. P R E V E N T I V E 2. D E T E C T I V E 3. C O R R E C T I V E
P R E V E N T I V E C O N T R O L S : P R E V E N T A T H R E AT F R O M E X P L O I T I N G A V U L N E R A B I L I T Y
P R E V E N T I V E C O N T R O L S • F I R E WA L L S • E N C RY P T I O N • 2 - FA C T O R A U T H E N T I C A T I O N • I N T R U S I O N D E T E C T I O N S Y S T E M S ( I D S ) • S E C U R I T Y A WA R E N E S S T R A I N I N G
D E T E C T I V E C O N T R O L S : D E T E C T S E C U R I T Y E V E N T S , B R E A C H E S , A N D FA I L U R E S
D E T E C T I V E C O N T R O L S • N E T W O R K M O N I T O R I N G • S Y S T E M S C A N S • A N T I - V I R U S S O F T WA R E • P E N E T R A T I O N T E S T S • I N T R U S I O N P R E V E N T I O N S Y S T E M S ( I P S )
C O R R E C T I V E C O N T R O L S : R E S T O R E S Y S T E M O R P R O C E S S T O I T S S TAT E P R I O R T O S E C U R I T Y E V E N T T O M I N I M I Z E L O S S
C O R R E C T I V E C O N T R O L S • R E S T O R I N G B A C K U P S • O S U P G R A D E • A N T I - V I R U S S O F T WA R E • P E N E T R A T I O N T E S T S • F I R E WA L L S
Q U E S T I O N S T O A S K • W H A T C O N T R O L S D O W E H A V E F O R P R O T E C T I N G O U R C R I T I C A L I N F O R M A T I O N A S S E T S ? H O W E F F E C T I V E A R E T H E Y ? • D O E S O U R I T S TA F F H A V E T H E A P P R O P R I A T E K N O W L E D G E A N D S K I L L S T O P R O T E C T O U R C R I T I C A L I N F O R M A T I O N A S S E T S F R O M A P O T E N T I A L C Y B E R - A T TA C K ? • I S O U R E N T I R E S TA F F I N F O R M E D A B O U T C Y B E R T H R E A T S ? D O T H E Y H A V E A N U N D E R S TA N D I N G O F R I S K A S S O C I A T E D W I T H T H E I R A C T I O N S ?
P R I N C I P L E # 3 : DETECT
K E Y I S S U E : D E T E C T D E V I AT I O N S F R O M N O R M A L S TAT E O F A C T I V I T Y
C O R E C A PA B I L I T I E S 1. U N D E R S TA N D “ N O R M A L ” 2. D E T E C T D E V I A T I O N S
N O R M A L S TA T E : T H E E X P E C T E D , N AT U R A L , A N D C U S T O M A RY S TAT E O F S Y S T E M S , P R O C E S S E S , A N D A S S E T S D U R I N G N O R M A L B U S I N E S S O P E R AT I O N S
N O R M A L S TAT E S H O U L D C O N S I D E R • N E T W O R K T R A F F I C PA T T E R N S • S Y S T E M U S A G E • D E V I C E S O N N E T W O R K • I N S TA L L E D S O F T WA R E • S Y S T E M / N E T W O R K U S E R S
D E V I A T I O N S : A N Y U N E X P E C T E D , U N P L A N N E D , O R U N U S U A L A C T I V I T Y, E V E N T, O R S TAT E T H AT I S D I F F E R E N T F R O M T H E N O R M A L S TAT E
D E T E C T I N G D E V I AT I O N S • I N T R U S I O N D E T E C T I O N S Y S T E M S ( I D S ) • N E T W O R K B E H A V I O R A N O M A LY D E T E C T I O N ( N B A D ) T O O L S • S E C U R I T Y I N F O R M A T I O N A N D E V E N T M A N A G E M E N T ( S I E M ) T O O L S • C O N F I G U R A T I O N M A N A G E M E N T T O O L S
Q U E S T I O N S T O A S K • H O W I S T H E E X E C U T I V E L E A D E R S H I P K E P T A B R E A S T O F T H E C H A N G I N G C Y B E R T H R E A T L A N D S C A P E ? • H O W D O W E D E T E C T D E V I A T I O N S F R O M O U R N O R M A L O P E R A T I O N S ? • H O W I S T H E L E A D E R S H I P K E P T I N F O R M E D A B O U T C Y B E R I N C I D E N T S , A T TA C K S , A N D B R E A C H E S ?
P R I N C I P L E # 4 : RESPOND
K E Y I S S U E : R E S P O N D R A P I D LY T O S E C U R I T Y AT TA C K S & B R E A C H E S
E V E RY O R G A N I Z AT I O N M U S T H AV E A T E S T E D C Y B E R - I N C I D E N T R E S P O N S E P L A N
K E Y P R O V I S I O N S T O A D D R E S S • L I M I T I N G P O T E N T I A L D A M A G E • L I M I T I N G L O S S O F R E S O U R C E S • P R E S E R V I N G E V I D E N C E • U S E O F D I G I TA L F O R E N S I C S • S E R V I C E A VA I L A B I L I T Y • N E E D E D T I M E & R E S O U R C E S • E X P E C T E D E F F E C T I V E N E S S , D U R A T I O N , & P E R M A N E N C E O F P L A N N E D R E S P O N S E S • I N T E R N A L & E X T E R N A L C O M M U N I C A T I O N S
C O M M U N I C A T I N G A B R E A C H Y O U M AY H AV E L E G A L O B L I G AT I O N S T O I N F O R M Y O U R C U S T O M E R S , L A W E N F O R C E M E N T, A N D R E G U L AT O R S
Q U E S T I O N S T O A S K • D O W E H A V E A N E F F E C T I V E C Y B E R - I N C I D E N T R E S P O N S E P L A N ? H O W O F T E N ( A N D H O W ) D O W E T E S T I T ? • W H A T, W H E N A N D H O W D O W E C O M M U N I C A T E T O T H E E X E C U T I V E L E A D E R S H I P, I F W E W E R E H A C K E D T O D A Y ? • H O W A N D W H E N D O W E I N F O R M I N T E R N A L A N D E X T E R N A L S TA K E H O L D E R S , F O R E N S I C S E R V I C E P R O V I D E R S , P R F I R M S , L A W E N F O R C E M E N T, C U S T O M E R S , T H I R D PA R T I E S , O R R E G U L A T O R S ?
P R I N C I P L E # 5 : RECOVER Ʊ
K E Y I S S U E : R E S T O R E F U L L F U N C T I O N A L I T Y A N D C O N F I D E N C E I N Y O U R R E C O V E R E D S Y S T E M S , P R O C E S S E S , A N D D ATA
R E C O V E RY M U S T A D D R E S S • I D E N T I F I C A T I O N O F E X P L O I T E D V U L N E R A B I L I T I E S • R E A S S E S S M E N T O F R I S K S • I M P L E M E N TA T I O N O F A D D I T I O N A L O R U P D A T E D C O N T R O L S • E VA L U A T I O N O F C Y B E R - I N C I D E N T R E S P O N S E • I M P R O V E M E N T S T O C Y B E R - I N C I D E N T R E S P O N S E P L A N
E V E RY C Y B E R - AT TA C K C A N M A K E Y O U S T R O N G E R T O P R O T E C T A G A I N S T F U T U R E C Y B E R - AT TA C K S , U S E T H E L E S S O N S L E A R N E D F R O M A N Y AT TA C K T O I D E N T I F Y A N D E L I M I N AT E T H E V U L N E R A B I L I T I E S T H E AT TA C K E R S E X P L O I T E D
Q U E S T I O N S T O A S K • W H A T S T E P S D O E S O U R I N C I D E N T R E S P O N S E P L A N I N C L U D E F O R R E C O V E R I N G A F T E R A C Y B E R - A T TA C K ? • H O W W E L L D I D W E R E C O V E R F R O M O U R I N C I D E N T ? • W H A T C H A N G E S D I D W E M A K E T O O U R C Y B E R - I N C I D E N T R E S P O N S E P L A N A S A R E S U LT ?
A W E L L - I N F O R M E D C - S U I T E I S T H E M O S T C R I T I C A L C O M P O N E N T O F A C Y B E R - R I S K M A N A G E M E N T P R O G R A M KEY TAKE-AWAY:
W E C A N H E L P INTELLISECPARTNERS.COM 602.341.3435

More Related Content

PPTX
local_media5339393617520343093.pptx
byCharieCatarmanOrboc
 
PPT
Calendario cíclico de la vida en comunidad
byEdilberto Quispe
 
PPTX
Cyber Security in the Interconnected World
byRussell_Kennedy
 
PDF
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
byUniversity of Hertfordshire
 
PDF
cybersecurity-in-the-c-suite-a-matt
byYigal Behar
 
PDF
Future of Cybersecurity 2016 - M.Rosenquist
byMatthew Rosenquist
 
PPTX
Fs isac fico and core presentation10222012
bySeema Sheth-Voss
 
PPTX
Gainful Information Security 2012 services
byCade Zvavanjanja
 
local_media5339393617520343093.pptx
byCharieCatarmanOrboc
 
Calendario cíclico de la vida en comunidad
byEdilberto Quispe
 
Cyber Security in the Interconnected World
byRussell_Kennedy
 
CYBER DEFENCE SCENARIOS - Part 2: Building The Blue Team
byUniversity of Hertfordshire
 
cybersecurity-in-the-c-suite-a-matt
byYigal Behar
 
Future of Cybersecurity 2016 - M.Rosenquist
byMatthew Rosenquist
 
Fs isac fico and core presentation10222012
bySeema Sheth-Voss
 
Gainful Information Security 2012 services
byCade Zvavanjanja
 

Similar to C-Suite Guide to Cybersecurity

PPTX
Cisa domain 2 part 3 governance and management of it
byShivamSharma909
 
PDF
Cyber Security in a Fully Mobile World
byUniversity of Hertfordshire
 
PPTX
Cyber-Security-Unit-1.pptx
byTikdiPatel
 
PPTX
Conceptual security architecture
byMubashirAslam5
 
PPT
Cio ciso security_strategyv1.1
byAnindya Ghosh,
 
PPTX
Cyber Security Overview for Small Businesses
byCharles Cline
 
PDF
Top 10 Cyber Threats in 2025 _ Main Types of Cyber Threats.pdf
bymanisha06650
 
PDF
CyberSecurity Update Slides
byJim Kaplan CIA CFE
 
PDF
Top 10 Cyber Security Threats and How to Prevent Them
byChinmayee Behera
 
PDF
An Overview of Cyber Security_ Risks, Threats, and Solutions.pdf
bykhushnuma khan
 
PDF
Business Driven Security Securing the Smarter Planet pcty_020710_rev
byShanker Sareen
 
PDF
Big data Propels SIEM into the era of Security Analytics
byEMC
 
PDF
Maurizio_Taffone_Emerging_Security_Threats
byMaurizio Taffone
 
PDF
Managing cyber security
byUniversity of Hertfordshire
 
PDF
Infosec russia cnemeth_v1.2.ppt
byChristophe Németh (CISSP / CISM)
 
PDF
Proactive Measures for a Safer Digital Future_ZL.pdf
byZelda Larsson
 
PPTX
The Perils that PCI brings to Security
byTripwire
 
PPTX
Core security utcpresentation962012
bySeema Sheth-Voss
 
PPTX
Information Security By Design
byNalneesh Gaur
 
PDF
Outlook emerging security_technology_trends
bywardell henley
 
Cisa domain 2 part 3 governance and management of it
byShivamSharma909
 
Cyber Security in a Fully Mobile World
byUniversity of Hertfordshire
 
Cyber-Security-Unit-1.pptx
byTikdiPatel
 
Conceptual security architecture
byMubashirAslam5
 
Cio ciso security_strategyv1.1
byAnindya Ghosh,
 
Cyber Security Overview for Small Businesses
byCharles Cline
 
Top 10 Cyber Threats in 2025 _ Main Types of Cyber Threats.pdf
bymanisha06650
 
CyberSecurity Update Slides
byJim Kaplan CIA CFE
 
Top 10 Cyber Security Threats and How to Prevent Them
byChinmayee Behera
 
An Overview of Cyber Security_ Risks, Threats, and Solutions.pdf
bykhushnuma khan
 
Business Driven Security Securing the Smarter Planet pcty_020710_rev
byShanker Sareen
 
Big data Propels SIEM into the era of Security Analytics
byEMC
 
Maurizio_Taffone_Emerging_Security_Threats
byMaurizio Taffone
 
Managing cyber security
byUniversity of Hertfordshire
 
Infosec russia cnemeth_v1.2.ppt
byChristophe Németh (CISSP / CISM)
 
Proactive Measures for a Safer Digital Future_ZL.pdf
byZelda Larsson
 
The Perils that PCI brings to Security
byTripwire
 
Core security utcpresentation962012
bySeema Sheth-Voss
 
Information Security By Design
byNalneesh Gaur
 
Outlook emerging security_technology_trends
bywardell henley
 

Recently uploaded

PDF
Where to Buy LinkedIn Accounts_ [12 Best Site.pdf
bykeb2bq5cegc6m2xa32ay
 
PDF
How to Buy Snapchat accounts for professional brand ....pdf
bykeb2bq5cegc6m2xa32ay
 
PDF
How to Buy Instagram accounts for professional brand ....pdf
bykeb2bq5cegc6m2xa32ay
 
PDF
How to Buy Facebook accounts for professional brand ....pdf
bykeb2bq5cegc6m2xa32ay
 
PDF
LinkedIn Accounts in 2025_ Social Commerce, Trust Signals.pdf
bykeb2bq5cegc6m2xa32ay
 
PDF
ActARion - The Future of Work with AI and Augmented Reality
byOrtwin Verreck
 
PDF
How to Buy Snapchat Account A Step-by-Step Guide..pdf
byidc1w3adizw383go
 
PDF
What You in 2026 Buy Twitter Accounts_.pdf
byh3lfp4332e3gctbnm22w
 
PDF
The safety revolution - Origins of workplace health and safety
byBarry Naismith
 
PDF
How to Buy Twitter Accounts in 2026 (1).pdf
bywc0fr9qf43i5qo5kn3
 
PDF
How to Safely Buy Twitter Accounts A Complete Guide in ....pdf
byidc1w3adizw383go
 
PDF
Step-by-Step Guide to Purchasing USA Facebook ....pdf
byyl62ghphl9tyxn3q8lv5
 
PDF
how to Buy linkedin Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
PDF
Where to Buy Verified Chime Accounts for Quick ....pdf
bykmn4gloa39pwajpujj
 
DOCX
How to Buy Old Gmail Accounts Smartly_ 5 Easy Methods (2025) (1).docx
byusnewit shop
 
PDF
Finovate report on the outlook for Fintechin 2026
byChris Skinner
 
PDF
Best 11 Places to Purchase Mature Twitter Accounts for Marketing.pdf
byjaksontinder24
 
PDF
growth-approach-pm-letter-december-2025 (1).pdf
byHenry Tapper
 
PDF
ASD SCO Introduction December 2025 (1).pdf
byHenry Tapper
 
PDF
Co-operative and Mutual Economy 2025.pdf
byHenry Tapper
 
Where to Buy LinkedIn Accounts_ [12 Best Site.pdf
bykeb2bq5cegc6m2xa32ay
 
How to Buy Snapchat accounts for professional brand ....pdf
bykeb2bq5cegc6m2xa32ay
 
How to Buy Instagram accounts for professional brand ....pdf
bykeb2bq5cegc6m2xa32ay
 
How to Buy Facebook accounts for professional brand ....pdf
bykeb2bq5cegc6m2xa32ay
 
LinkedIn Accounts in 2025_ Social Commerce, Trust Signals.pdf
bykeb2bq5cegc6m2xa32ay
 
ActARion - The Future of Work with AI and Augmented Reality
byOrtwin Verreck
 
How to Buy Snapchat Account A Step-by-Step Guide..pdf
byidc1w3adizw383go
 
What You in 2026 Buy Twitter Accounts_.pdf
byh3lfp4332e3gctbnm22w
 
The safety revolution - Origins of workplace health and safety
byBarry Naismith
 
How to Buy Twitter Accounts in 2026 (1).pdf
bywc0fr9qf43i5qo5kn3
 
How to Safely Buy Twitter Accounts A Complete Guide in ....pdf
byidc1w3adizw383go
 
Step-by-Step Guide to Purchasing USA Facebook ....pdf
byyl62ghphl9tyxn3q8lv5
 
how to Buy linkedin Accounts in 2026 .pdf
bywc0fr9qf43i5qo5kn3
 
Where to Buy Verified Chime Accounts for Quick ....pdf
bykmn4gloa39pwajpujj
 
How to Buy Old Gmail Accounts Smartly_ 5 Easy Methods (2025) (1).docx
byusnewit shop
 
Finovate report on the outlook for Fintechin 2026
byChris Skinner
 
Best 11 Places to Purchase Mature Twitter Accounts for Marketing.pdf
byjaksontinder24
 
growth-approach-pm-letter-december-2025 (1).pdf
byHenry Tapper
 
ASD SCO Introduction December 2025 (1).pdf
byHenry Tapper
 
Co-operative and Mutual Economy 2025.pdf
byHenry Tapper
 

C-Suite Guide to Cybersecurity

  • 1.
  • 2.
    • W HY T H I S M AT T E R S • W H O T H I S I S F O R • 5 K E Y P R I N C I P L E S • K E Y TA K E - A WAY I N S I D E
  • 3.
    IBM Security Services2014 Cyber Security Intelligence Index 91
 Million security events per year for the average company T H E R E I S N O G O O D N E W S
  • 4.
    IBM Security Services2014 Cyber Security Intelligence Index $5.9 Million Average cost per breach T H E R E I S N O G O O D N E W S
  • 5.
    PwC Global Stateof Information Security Survey 2015 T H E R E I S N O G O O D N E W S 48%Increase in security incidents from last year
  • 6.
    Y O UA R E N O T I M M U N E R E G A R D L E S S O F Y O U R S I Z E , I N D U S T RY, O R M A R K E T
  • 7.
    T H IS I M PA C T S Y O U D I R E C T LY… I F Y O U A R E A C E O C O O C F O C I O C R O
  • 8.
    W H EN I T C O M E S T O C Y B E R S E C U R I T Y … Y O U C A N ’ T M A N A G E W H AT Y O U D O N ’ T U N D E R S TA N D
  • 9.
    B U TT O B E E F F E C T I V E … Y O U D O N ’ T H AV E T O B E C O M E A C Y B E R S E C U R I T Y E X P E R T
  • 10.
    L E AR N H O W T O F R A M E I S S U E S I N R E F E R E N C E T O A N I N D U S T RY- S TA N D A R D F R A M E W O R K T H E FA S T E S T WA Y T O B E C O M E P R O F I C I E N T:
  • 11.
    N I ST C Y B E R S E C U R I T Y F R A M E W O R K
  • 12.
    P R IN C I P L E # 1 : IDENTIFY
  • 13.
    K E YI S S U E : I D E N T I F Y & M E A S U R E R I S K S
  • 14.
    R I SK : T H E P O T E N T I A L F O R L O S S , D A M A G E , O R D E S T R U C T I O N O F A N A S S E T A S A R E S U LT O F A T H R E AT E X P L O I T I N G A V U L N E R A B I L I T Y.
  • 15.
    A S SE S S I N G R I S K I D E N T I F Y: • A S S E T S • T H R E A T S • V U L N E R A B I L I T I E S • C O N T R O L S • R E S I D U A L R I S K
  • 16.
    Y O UR A S S E T S … W H AT A R E Y O U R M O S T C R I T I C A L A S S E T S ?
  • 17.
    Y O UR A S S E T S … W H E R E A R E Y O U R M O S T C R I T I C A L A S S E T S ?
  • 18.
    Y O UR A S S E T S … H O W A R E Y O U R M O S T C R I T I C A L A S S E T S P R O T E C T E D ?
  • 19.
    T H RE A T: A F O R C E , O R G A N I Z AT I O N , O R P E R S O N T H AT S E E K S T O E X P L O I T A V U L N E R A B I L I T Y T O O B TA I N , C O M P R O M I S E , O R D E S T R O Y A N A S S E T
  • 20.
    V U LN E R A B I L I T Y: A W E A K N E S S T H AT C A N B E E X P L O I T E D B Y T H R E AT S T O G A I N U N A U T H O R I Z E D A C C E S S T O A N A S S E T
  • 21.
    T Y PI C A L T H R E AT S • N AT U R A L D I S A S T E R S 
 F L O O D S A N D F I R E S • I N T E R N A L T H R E AT S 
 M A L I C I O U S O R U N A WA R E E M P L O Y E E S • P H Y S I C A L T H R E AT S 
 T H E F T, D E S T R U C T I O N • I N T E R N E T T H R E AT S 
 H A C K E R S
  • 22.
    R E SI D U A L R I S K : T H E L E V E L O F R I S K A N A S S E T I S E X P O S E D T O I F M I T I G AT I N G C O N T R O L S A R E E F F E C T I V E
  • 23.
    Q U ES T I O N S T O A S K • D O W E U N D E R S TA N D W H A T C R I T I C A L I N F O R M A T I O N W E M A N A G E , W H E R E I T I S S T O R E D , H O W S E N S I T I V E I T I S , A N D W H O H A S A C C E S S T O I T ? • W H A T A R E O U R “ C R O W N J E W E L S ” O R K E Y B U S I N E S S A S S E T S ? D O W E H A V E A D E Q U A T E P R O T E C T I O N T O S E C U R E T H E M ? • W H A T T Y P E S O F C O N N E C T I O N S T O O U R “ C R O W N J E W E L S ” D O W E H A V E ( V P N s , W I R E L E S S , L A N , T H I R D PA R T I E S , E T C . ) A N D H O W A R E W E M A N A G I N G A N D S E C U R I N G T H E S E C O N N E C T I O N S ? • H O W I S O U R S TA F F I D E N T I F Y I N G R I S K S , A N D P R O V I D I N G U S W I T H A C C U R A T E A N D T I M E LY I N F O R M A T I O N A B O U T T H O S E R I S K S ? • W H A T I S O U R A B I L I T Y T O M I T I G A T E T H O S E R I S K S ?
  • 24.
    I D EN T I F Y I N G A N D M E A S U R I N G R I S K I S N O T A O N E - T I M E E X E R C I S E . I T I S A N O N G O I N G P R O C E S S .
  • 25.
    C Y BE R R I S K M A N A G E M E N T P R O C E S S EVERY ORGANIZATION MUST HAVE A…
  • 26.
    P R IN C I P L E # 2 : PROTECT
  • 27.
    K E YI S S U E : P R O T E C T C R I T I C A L A S S E T S
  • 28.
    E N SU R E T H E A P P R O P R I AT E S A F E G U A R D S O R C O N T R O L S A R E I N P L A C E T O M I T I G AT E T H E VA R I O U S T Y P E S O F T H R E AT S T O Y O U R A S S E T S I N O T H E R W O R D S …
  • 29.
    T H RE E T Y P E S O F C O N T R O L S 1. P R E V E N T I V E 2. D E T E C T I V E 3. C O R R E C T I V E
  • 30.
    P R EV E N T I V E C O N T R O L S : P R E V E N T A T H R E AT F R O M E X P L O I T I N G A V U L N E R A B I L I T Y
  • 31.
    P R EV E N T I V E C O N T R O L S • F I R E WA L L S • E N C RY P T I O N • 2 - FA C T O R A U T H E N T I C A T I O N • I N T R U S I O N D E T E C T I O N S Y S T E M S ( I D S ) • S E C U R I T Y A WA R E N E S S T R A I N I N G
  • 32.
    D E TE C T I V E C O N T R O L S : D E T E C T S E C U R I T Y E V E N T S , B R E A C H E S , A N D FA I L U R E S
  • 33.
    D E TE C T I V E C O N T R O L S • N E T W O R K M O N I T O R I N G • S Y S T E M S C A N S • A N T I - V I R U S S O F T WA R E • P E N E T R A T I O N T E S T S • I N T R U S I O N P R E V E N T I O N S Y S T E M S ( I P S )
  • 34.
    C O RR E C T I V E C O N T R O L S : R E S T O R E S Y S T E M O R P R O C E S S T O I T S S TAT E P R I O R T O S E C U R I T Y E V E N T T O M I N I M I Z E L O S S
  • 35.
    C O RR E C T I V E C O N T R O L S • R E S T O R I N G B A C K U P S • O S U P G R A D E • A N T I - V I R U S S O F T WA R E • P E N E T R A T I O N T E S T S • F I R E WA L L S
  • 36.
    Q U ES T I O N S T O A S K • W H A T C O N T R O L S D O W E H A V E F O R P R O T E C T I N G O U R C R I T I C A L I N F O R M A T I O N A S S E T S ? H O W E F F E C T I V E A R E T H E Y ? • D O E S O U R I T S TA F F H A V E T H E A P P R O P R I A T E K N O W L E D G E A N D S K I L L S T O P R O T E C T O U R C R I T I C A L I N F O R M A T I O N A S S E T S F R O M A P O T E N T I A L C Y B E R - A T TA C K ? • I S O U R E N T I R E S TA F F I N F O R M E D A B O U T C Y B E R T H R E A T S ? D O T H E Y H A V E A N U N D E R S TA N D I N G O F R I S K A S S O C I A T E D W I T H T H E I R A C T I O N S ?
  • 37.
    P R IN C I P L E # 3 : DETECT
  • 38.
    K E YI S S U E : D E T E C T D E V I AT I O N S F R O M N O R M A L S TAT E O F A C T I V I T Y
  • 39.
    C O RE C A PA B I L I T I E S 1. U N D E R S TA N D “ N O R M A L ” 2. D E T E C T D E V I A T I O N S
  • 40.
    N O RM A L S TA T E : T H E E X P E C T E D , N AT U R A L , A N D C U S T O M A RY S TAT E O F S Y S T E M S , P R O C E S S E S , A N D A S S E T S D U R I N G N O R M A L B U S I N E S S O P E R AT I O N S
  • 41.
    N O RM A L S TAT E S H O U L D C O N S I D E R • N E T W O R K T R A F F I C PA T T E R N S • S Y S T E M U S A G E • D E V I C E S O N N E T W O R K • I N S TA L L E D S O F T WA R E • S Y S T E M / N E T W O R K U S E R S
  • 42.
    D E VI A T I O N S : A N Y U N E X P E C T E D , U N P L A N N E D , O R U N U S U A L A C T I V I T Y, E V E N T, O R S TAT E T H AT I S D I F F E R E N T F R O M T H E N O R M A L S TAT E
  • 43.
    D E TE C T I N G D E V I AT I O N S • I N T R U S I O N D E T E C T I O N S Y S T E M S ( I D S ) • N E T W O R K B E H A V I O R A N O M A LY D E T E C T I O N ( N B A D ) T O O L S • S E C U R I T Y I N F O R M A T I O N A N D E V E N T M A N A G E M E N T ( S I E M ) T O O L S • C O N F I G U R A T I O N M A N A G E M E N T T O O L S
  • 44.
    Q U ES T I O N S T O A S K • H O W I S T H E E X E C U T I V E L E A D E R S H I P K E P T A B R E A S T O F T H E C H A N G I N G C Y B E R T H R E A T L A N D S C A P E ? • H O W D O W E D E T E C T D E V I A T I O N S F R O M O U R N O R M A L O P E R A T I O N S ? • H O W I S T H E L E A D E R S H I P K E P T I N F O R M E D A B O U T C Y B E R I N C I D E N T S , A T TA C K S , A N D B R E A C H E S ?
  • 45.
    P R IN C I P L E # 4 : RESPOND
  • 46.
    K E YI S S U E : R E S P O N D R A P I D LY T O S E C U R I T Y AT TA C K S & B R E A C H E S
  • 47.
    E V ERY O R G A N I Z AT I O N M U S T H AV E A T E S T E D C Y B E R - I N C I D E N T R E S P O N S E P L A N
  • 48.
    K E YP R O V I S I O N S T O A D D R E S S • L I M I T I N G P O T E N T I A L D A M A G E • L I M I T I N G L O S S O F R E S O U R C E S • P R E S E R V I N G E V I D E N C E • U S E O F D I G I TA L F O R E N S I C S • S E R V I C E A VA I L A B I L I T Y • N E E D E D T I M E & R E S O U R C E S • E X P E C T E D E F F E C T I V E N E S S , D U R A T I O N , & P E R M A N E N C E O F P L A N N E D R E S P O N S E S • I N T E R N A L & E X T E R N A L C O M M U N I C A T I O N S
  • 49.
    C O MM U N I C A T I N G A B R E A C H Y O U M AY H AV E L E G A L O B L I G AT I O N S T O I N F O R M Y O U R C U S T O M E R S , L A W E N F O R C E M E N T, A N D R E G U L AT O R S
  • 50.
    Q U ES T I O N S T O A S K • D O W E H A V E A N E F F E C T I V E C Y B E R - I N C I D E N T R E S P O N S E P L A N ? H O W O F T E N ( A N D H O W ) D O W E T E S T I T ? • W H A T, W H E N A N D H O W D O W E C O M M U N I C A T E T O T H E E X E C U T I V E L E A D E R S H I P, I F W E W E R E H A C K E D T O D A Y ? • H O W A N D W H E N D O W E I N F O R M I N T E R N A L A N D E X T E R N A L S TA K E H O L D E R S , F O R E N S I C S E R V I C E P R O V I D E R S , P R F I R M S , L A W E N F O R C E M E N T, C U S T O M E R S , T H I R D PA R T I E S , O R R E G U L A T O R S ?
  • 51.
    P R IN C I P L E # 5 : RECOVER Ʊ
  • 52.
    K E YI S S U E : R E S T O R E F U L L F U N C T I O N A L I T Y A N D C O N F I D E N C E I N Y O U R R E C O V E R E D S Y S T E M S , P R O C E S S E S , A N D D ATA
  • 53.
    R E CO V E RY M U S T A D D R E S S • I D E N T I F I C A T I O N O F E X P L O I T E D V U L N E R A B I L I T I E S • R E A S S E S S M E N T O F R I S K S • I M P L E M E N TA T I O N O F A D D I T I O N A L O R U P D A T E D C O N T R O L S • E VA L U A T I O N O F C Y B E R - I N C I D E N T R E S P O N S E • I M P R O V E M E N T S T O C Y B E R - I N C I D E N T R E S P O N S E P L A N
  • 54.
    E V ERY C Y B E R - AT TA C K C A N M A K E Y O U S T R O N G E R T O P R O T E C T A G A I N S T F U T U R E C Y B E R - AT TA C K S , U S E T H E L E S S O N S L E A R N E D F R O M A N Y AT TA C K T O I D E N T I F Y A N D E L I M I N AT E T H E V U L N E R A B I L I T I E S T H E AT TA C K E R S E X P L O I T E D
  • 55.
    Q U ES T I O N S T O A S K • W H A T S T E P S D O E S O U R I N C I D E N T R E S P O N S E P L A N I N C L U D E F O R R E C O V E R I N G A F T E R A C Y B E R - A T TA C K ? • H O W W E L L D I D W E R E C O V E R F R O M O U R I N C I D E N T ? • W H A T C H A N G E S D I D W E M A K E T O O U R C Y B E R - I N C I D E N T R E S P O N S E P L A N A S A R E S U LT ?
  • 56.
    A W EL L - I N F O R M E D C - S U I T E I S T H E M O S T C R I T I C A L C O M P O N E N T O F A C Y B E R - R I S K M A N A G E M E N T P R O G R A M KEY TAKE-AWAY:
  • 57.
    W E CA N H E L P INTELLISECPARTNERS.COM 602.341.3435