I developed "Cyber Security 101: Training, awareness, strategies for small to medium sized business" for the second annual Small Business Summit on Security, Privacy, and Trust, co-hosted by ADP in New Jersey, October 2013.
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
Infections cost organizations billions of dollars in lost time and productivity, as well as ransom payments and other indirect costs, like damage to a business’s reputation.
End-users will learn about password management, multi-factor authentication and how to secure their laptops and desktops while working remotely.
This session will teach professionals how to avoid becoming a statistic.
Agenda: Foundations of security awareness | Common threats | Three ways to secure your work environment | Best practices for users | The work from home checklist
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
Slideshare that can be used as an educational training tool for employees to be aware of the risks of phishing attacks. This presentation covers the threat of phishing and what strategies can be done to mitigate phishing attacks.
PhishingBox is an online system for organizations to easily conduct simulated phishing attacks and educate their end users through awareness training. This helps identify vulnerabilities and mitigate risk. Our system is simple to use, cost-effective and helps clients reduce risk and achieve cybersecurity objectives.
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to help them better understand ways they can avoid scams, cyber attacks, and become more security aware. This slide deck is based on version 2021.08 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, version 1.0 was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have free and downloadable worksheets referenced in the training. These worksheets provide material that attendees can take back home with them to try out and continue the security conversation. We also have free cybersecurity quizzes that are based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
On our website, we also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Do you want to take this content and present it in your own community or business? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or Google Slides using ‘Make a Copy’. Those downloadable versions from our website also include speaker notes to provide talking points or tips for anyone delivering the content.
https://www.treetopsecurity.com/slides
Information Security Awareness, Petronas Marketing SudanAhmed Musaad
A two hours security awareness session that I presented for Petronas Marketing Sudan employees. The session includes -- but not limited to -- many topics like Passwords, Email Security, Social Networks Security, Physical Security, and Laptop Security.
You can use this as an introductory session for your security awareness training, but not as a sufficient one time session at all.
Your comments, feedback, and suggestions are much appreciated.
This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
A single email can cause a multi-million dollar breach if opened by an end-user with no security awareness, they may not even be aware of their mistake. The problem lies in the fact that only a few end-users are aware of the dangers of social engineering, much less how to detect it. It is a major issue in the business world today.
This document seeks to address the most common threats that can be posed to an entity and also recommend security measures that can be implemented to avoid such attacks.
Learn more at https://www.multinationalnetworks.com
Cybersecurity Awareness Training Presentation v1.3DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to educate them on ways to avoid scams and attacks and become more security aware. This slide deck is based on version 1.3 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, it was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have worksheets free and downloadable worksheets referenced in the training. We have a free cybersecurity quiz that is based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
We also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Want to take this content and present it in your own community? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or using ‘Make a Copy’ in Google Slides.
https://www.treetopsecurity.com/slides
Awareness Training on Information SecurityKen Holmes
We look at the potential risks to information security, how to minimise these when on the internet and how the ISO/IEC 27001 standard can play a part in doing so.
Slideshare that can be used as an educational training tool for employees to be aware of the risks of phishing attacks. This presentation covers the threat of phishing and what strategies can be done to mitigate phishing attacks.
PhishingBox is an online system for organizations to easily conduct simulated phishing attacks and educate their end users through awareness training. This helps identify vulnerabilities and mitigate risk. Our system is simple to use, cost-effective and helps clients reduce risk and achieve cybersecurity objectives.
Cybersecurity Awareness Training Presentation v2021.08DallasHaselhorst
This free cybersecurity awareness training slide deck is meant to be used by organizations and end users to help them better understand ways they can avoid scams, cyber attacks, and become more security aware. This slide deck is based on version 2021.08 of our wildly popular slide deck we originally released as open-source in September 2019. In just over 6 months, version 1.0 was downloaded thousands of times and in over 150 countries!
On our website, you will also find several other related goodies. For example, we have free and downloadable worksheets referenced in the training. These worksheets provide material that attendees can take back home with them to try out and continue the security conversation. We also have free cybersecurity quizzes that are based directly off of this material so anyone can test their awareness knowledge. We even have a downloadable 'certificate of completion' for this training, which allows attendees to fill-in their name and date so they can then print it out to show others (or even their employer) that they are now more cyber aware.
https://www.treetopsecurity.com/cat
On our website, we also have a video/webinar presentation of this material if you would like to share it with others.
https://www.treetopsecurity.com/cat#video
Do you want to take this content and present it in your own community or business? Fantastic! You may download this slide deck as editable content. This allows you to make changes and present it at your local library, business events, co-working spaces, schools, etc. The latest version is always available on our website as a Microsoft PowerPoint presentation (.pptx) or Google Slides using ‘Make a Copy’. Those downloadable versions from our website also include speaker notes to provide talking points or tips for anyone delivering the content.
https://www.treetopsecurity.com/slides
Information Security Awareness, Petronas Marketing SudanAhmed Musaad
A two hours security awareness session that I presented for Petronas Marketing Sudan employees. The session includes -- but not limited to -- many topics like Passwords, Email Security, Social Networks Security, Physical Security, and Laptop Security.
You can use this as an introductory session for your security awareness training, but not as a sufficient one time session at all.
Your comments, feedback, and suggestions are much appreciated.
This month, Community IT presents basic IT security training for end users. Learn about common threats and the best techniques for dealing with them. This webinar is intended for a broad audience of both technical and non-technical staff.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
A section of security breaches are caused by employees, whether accidentally or deliberately. To prevent security breaches of any kind, organizations should strengthen and solidify all their security systems and technologies. Here listed are a few simple ways to make employees understand and feel responsible for security of the Company's assets.
Use this catalog to browse Trustwave’s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions please contact us.
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
This is a presentation on information security and its importance. It talks about ISO 27001 in later part.
http://www.ifour-consultancy.com - software outsourcing company in india
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
A presentation delivered at the 2014 meeting of the Municipal Information Systems Association of California. Includes suggestions for security awareness programs.
How to Boost your Cyber Risk Management Program and Capabilities?PECB
The webinar explores how understanding your organization in crisis due to an exploitation of risk can develop the organization’s resilience and team in the drive for a stronger level of compliance maturity.
Main points covered:
• Information Security maturity
• ROPI
• Risk Management
• Incident Response
• Forensic Readiness
• Table Top Exercises
• Training
• Legislation
Presenter:
Our presenter for this webinar is Peter Jones, an experienced management professional, digital forensic analyst, cybersecurity professional, ISO 27001 and ISO 17025 auditor and University Lecturer. Peter has a wealth of experience and expertise which incorporates knowledge from being an academic and a practitioner in relation to best practice, data management, cyber security, digital system security and digital forensics, where he has conducted thousands of examinations on behalf of law enforcement and the private sector. Peter has extensive information technology and telecommunications experience which ranges from retail to enterprise environments including supporting the BBC with their hit drama series, ‘Silent Witness’.
Link the the YouTube video: https://youtu.be/aREo4l-pDgc
Be More Secure than your Competition: MePush Cyber Security for Small BusinessArt Ocain
These are the slides I used during my cyber security presentation at the Bucknell SBDC. Titled "Be More Secure than your Competition" this is geared toward small businesses.
One of the most critical aspects of safeguarding the IT assets of any corporation is dealing with the Insider's Threat. With so many diversified IT components, it is a real challenge to design an effective IT security strategy. It is critical to recognize this particular threat and take countermeasures to protect your assets. So, this webinar covers: Insider threats, how to mitigate insider threats, how to design an effective IT security strategy, and how to protect your assets.
Main points covered:
• Insider threats
• How to design an effective IT security strategy
• How to protect your assets
Presenter:
The webinar was hosted by Demetris Kachulis. Mr. Kachulis is an expert in the field of Information Security. With over 20 years of Wall Street consulting experience, he has worked with many Fortune 500 companies. He is currently the director of Eldion Consulting, a company offering Security, Trainings and Business solutions.
Link of the recorded session published on YouTube: https://youtu.be/hXe5HHjnBeU
Slides presented at a cybersecurity research conference (APWG.EU 2023) to describe the damage to public health and wellbeing caused by cybercrime (online fraud and scams)
Cybersecurity Risk Perception and CommunicationStephen Cobb
Research into Cultural Theory, White Male Effect, and more. We show high level of concern about cybercrime among US adults and first evidence of White Male Effect in cyber risk perception.
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
Recent aggressive hacks on companies underline the need for good risk analysis, situational awareness, and incident response. Just ask AshleyMadison, Hacking Team, and Sony Pictures.
The mobile health IT security challenge: way bigger than HIPAA?Stephen Cobb
The potential benefits of mobile medical technology and telemedicine are enormous, from better quality of life to saving lives, not to mention controlling healthcare costs. Yet keeping data safe when it is beyond the confines of hospitals and clinics is a serious challenge, one that cannot be met merely through regulatory compliance. In these slides I show why HIPAA compliant is not the same as being secure, and why protecting health data on mobile devices is a such a big security challenge.
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
My take on the main themes and topic of National Cyber Security Awareness Month, including shared responsibility, the Internet of Things, STEM education and the cyber workforce.
How underground markets for stolen data and hacking tools are driving cybercrime today, and some of the possible security responses, defenses, and strategies
HIPAA, Privacy, Security, and Good BusinessStephen Cobb
HIPAA's implications for privacy and security practices in American businesses, addressed in March of 2001 at the Employers' Summit on Health Care, by Stephen Cobb, CISSP. Uploaded in 2014 for the historical record.
Malware is Called Malicious for a Reason: The Risks of Weaponizing CodeStephen Cobb
Slideshare friendly version of presentation delivered at 6th Annual Conference on Cyber Conflict, NATO Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia (there are no builds in the slides, use the other version if you want to download .pptx).
Malware and the risks of weaponizing codeStephen Cobb
Slides based on a paper by Andrew Lee and Stephen Cobb of ESET, delivered at the 6th Annual Conference on Cyber Conflict, NATO Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia. June 2014.
Safer Technology Through Threat Awareness and ResponseStephen Cobb
I developed this set of annotated slides in 2013 for security awareness raising among small to mid-sized companies. The threats that it illustrates are still present now, so it can still be used effectively.
Endpoint and Server: The belt and braces anti-malware strategyStephen Cobb
Slides prepared for the Federal IT expo: FOSE. Should help employees and managers understand why anti-malware protection is needed at all endpoints and on all serves.
Cyberskills shortage:Where is the cyber workforce of tomorrowStephen Cobb
I created this presentation, "Cyberskills shortage:Where is the cyber workforce of tomorrow" for a webinar to raise awareness of the need to educate more people about cybersecurity. The webinar recording is here: https://www.brighttalk.com/webcast/1718/106371
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
2. The SMB Sweet Spot for the
cyber-criminally inclined
Enterprises
SMB
“Sweet Spot”
Consumers
Assets
worth
looting
Level of protection
3. The challenge
• Organizations of every type rely on
computers to handle information
• Everyone today is a computer user
• Most have no security training
• Lack of security
training leads
to problems
4. How big is the challenge
We asked U.S. consumers if they had ever
received any computer security training
No:
68%
Yes:
32%
*Savitz Research for ESET, 2012
5. 68% is sadly consistent
We asked working adults in the U.S. if they had
ever received any computer security training
No:
68%
Yes:
32%
*Harris poll for ESET, 2012
6. 73% is even worse
We asked adults in U.S. who use social media if
they had ever received online safety training
No:
73%
Yes:
27%
*Harris poll for ESET, 2012
7. Security training is not yet part
of our society*
• This has serious implications for your
business
• 93% of American adults say they’ve
had no computer security training in
the last 12 months
• How many of them work for you, or for
your clients, suppliers, etc?
*Savitz Research for ESET, 2012
8. Some problems that lack of security
training can cause
• Unauthorized access to information
• Loss of access to information
• Loss of information
• Corruption of information
• Theft of information
9. The implications are non-trivial
• Loss of revenue
• Loss of business
• Fines, lawsuits, headlines
• Unbudgeted expenses
– Breach costs currently estimated at
around $190 per record exposed*
– 5,263 records = $1 million hit
*Ponemon Institute
10. Trojan terminates escrow firm
• $1.1 million wired to China and could
not be retrieved
• Firm was closed by state law, now in
receivership, 9 people out of a job
• So what’s the best weapon for keeping
that kind of Trojan code out of your
company’s system?
11. A well-trained workforce
• Knows not to click on suspicious links
in email or social media
• Knows to report strange activity (e.g.
the two-factor authentication not
working)
• Knows to scan all incoming files for
malware
– Email, USB drives
12. Does training make a difference?
• Yes
• A significant percentage of problems
can be averted, or their impact
minimized, if more employees get
better security training and education*
*A bunch of different studies in recent years
13. Security training or awareness
• What’s the difference?
• Training makes sure people at different
levels of IT engagement have the right
knowledge to execute their roles
securely
• Awareness makes sure all people at all
levels know what to look out for
14. Not that kind of actor…
Do your employees know what
motivates bad actors?
IMPACTADVANTAGEMONEY
CREDENTIALS
16. Taken to exploit site
Malware server
Popular
Attack
Technique
!?**!
User clicks a link Gets infected/owned
Command & Control
17.
18.
19. • RAT has full access to victim PC
• And its network connections
• Search and exfiltrate files
• Access to webcam and audio
• Scrape passwords
• Execute system functions
• Chat with victim
25. The road map: A B C D E F
• Assess your assets, risks, resources
• Build your policy
• Choose your controls
• Deploy controls
• Educate employees, execs, vendors
• Further assess, audit, test
A B C D E F
F E D C B A
Technology
26. Assess assets, risks, resources
• Assets: digital, physical
– If you don’t know what you’ve got you
can’t protect it!
• Risks
– Who or what is the threat?
• Resources
– In house, hired, partners, vendors,
trade groups, associations
27. Build your policy
• Security begins with policy
• Policy begins with C-level buy-in
• High-level commitment to protecting
the privacy and security of data
• Then a set of policies that spell out the
protective measures, the controls that
will be used
28. Choose controls to enforce policies
• For example:
– Policy: Only authorized employees can
access sensitive data
– Controls:
• Require identification and authentication of
all employees via unique user name and
password
• Limit access through application(s) by
requiring authentication
• Log all access
29. Deploy controls, ensure they work
• Put control in place; for example,
antivirus (anti-malware, anti-phishing,
anti-spam)
• Test control
– Does it work technically?
– Does it “work” with your work?
– Can employees work it?
30. Educate everyone
• Everyone needs to know
– What the security policies are
– How to comply with them through
proper use of controls
• Pay attention to any information-
sharing relationships
– Vendors, partners, even clients
• Clearly state consequences of failure
to comply
31. Who gets trained?
• Everyone, but not in the same way,
break it down:
– All-hands training
– IT staff training
– Security staff training
32. How to deliver training
• In person
• Online
• On paper
• In house
• Outside contractor
• Mix and match
• Be creative
33. Incentives?
• Yes!
• To launch programs, push agendas
• Prizes do work
• But also make security part of every
job description and evaluation
34. Use your internal organs
• Of communication!
• Newsletter
• Intranet
• Bulletin board
• Meetings
• Company-wide email
35. How to do awareness
• Make it fun
• Make it relevant
• Leverage the news
• Bear in mind that everyone benefits
from greater awareness, at work and at
home
36. Resources to tap
• Industry associations
• FS-ISAC, NH-ISAC, others
• CompTIA, SBA, BBB
• ISSA, ISACA, SANS, (ISC)2
• Local colleges and universities
• Securing Our eCity
37. Need more motivation?
• Security training is the law
– HIPAA
– Red Flag Identity Theft Prevention
– Gramm-Leach-Bliley, Sarbanes-Oxley
– FISMA
• Or required by industry
– PCI Data Security Standard
38. Or just plain required
• To get that big juicy contract
• Many companies now require suppliers
to certify that they have security
training and awareness programs in
place as a condition of doing business
39. Further assess, audit, test…
• This is a process, not a project
• Lay out a plan to assess security on a
periodic basis
• Stay up-to-date on emerging threats
• Stay vigilant around change such as
arrivals, departures, functionality
A B C D E F
F E D C B A
40. Backup and archive
Firewall
and scan:
Incoming traffic
emails
files
devices
media
Encrypt
Monitor
Filter and
monitor
outbound
Authenticate
users
The Technology Slide