SlideShare a Scribd company logo

Cybersecurity for Small Business

Murray Security Services
Murray Security Services

This document summarizes a presentation on cybersecurity for small businesses. It covers topics like IT and cyber, information security, cybersecurity governance, operations, risk management, and culture. It emphasizes that cybersecurity encompasses all aspects of information security and outlines risks small businesses face from third party service providers and employees. The presentation recommends small businesses develop checklists to classify and protect important information and resources, create security policies, and vet service providers with agreements and insurance. The goal is to integrate cybersecurity practices into daily operations and develop a risk-managed culture supported from the top down.

Business
1 of 14
Download to read offline
Cybersecurity for Small Business Dr. Shawn P. Murray, C|CISO, CISSP, CRISC Managing Partner, Murray Security Services Inspiring Entrepreneurs for Growth Seminar – August 26, 2017
Agenda – IT & Cyber – Information Security – Cybersecurity – Governance – Operations – Risk Management – Cultures and Attitudes – Homework
IT & Cyber • Information Technology – Information Technology (IT) refers to all of the computer systems and service support contract agreements that the business uses to be productive. • Cyber – This is a concept that relates the computing environment to the business environment. – Cyber = Information Technology which is used to enable the business as described in the previous bullet
Information Security • The holistic approach for identifying, categorizing and protecting information related to business activities. – Written (hard copy), • patient files, business plans, engineering schematics, manifests – Electronic • computerized information that is processed, transmitted or stored using computing systems (Fax machines, computers, mobile devices) – All information that the organization creates, uses or receives should have an information classification scheme. • sensitive • propitiatory • confidential • PII • public
Cybersecurity • Cybersecurity is the new "sexy" term for information security. • While the focus appears to be primarily related to the IT systems, most IT security professionals agree that all aspects of Information Security are encompassed into this new discipline "brand". • It also includes contractual agreements for service providers of IT and cybersecurity. – Many small businesses don't do IT work and hire people or companies to provide these services which introduces risk. • Who has access to your data and information? • Do you have Non-disclosure Agreements (NDAs)?
Governance • What laws does the business need to comply with? – Based on Industry • HIPAA, FERPA, GLBA, FISMA – Based on business activities • HR, patients, clients, employee, credit card transactions • What standards does the business need to comply with? – PCI-DSS – GAAP – NIST – ISO
Governance • How does your internal governance strategy align with external governance requirements? – Plans – Policies – Procedures – Standards – Guidelines
Operations • How do employees accomplish daily tasks? – Scenario - Chiropractor Credit Card Information – Scenario - Dentist and Front Desk PII Breach – Phishing - Scenario - Retail Organization Social Engineering Attack • Cyber Security Awareness Program – includes annual training – Posters, articles tabletop exercises
Operations • Socialize what is important – Reward good behavior – Develop strategy to correct unacceptable behavior • How do you conduct incident response and remediation? – Who needs to be notified? • Internal - Call Trees • External - Law enforcement, Federal or State
Risk Management IT & Cybersecurity Risk is a business process or activity • Mitigate • Accept • Avoid • Transfer
Cultures and Attitudes • What is the culture related to security in your organization? – Should be supported from the top – Should be enforced – Sometimes you need to slay a lion! – Be consistent
Homework • Develop a Checklist – Look at how your employees are accomplishing tasks identify risks – Create Acceptable Use policy - Audience is everyone – Create Privileged Use policy - Audience is IT personnel – Identify critical Resources, Information & Personnel (RIP Model) • Develop strategies to protect disruption to your business – Identify multiple resource sources – Protect and backup data & information – Cross train critical personnel
Homework • Develop a Checklist (cont.) – Create an information classification scheme • Categorize the information • Identify the computer systems that inherit the scheme and protect them as well. (Process, transmit or store) • Do not make it complex • At least identify the important information that you think should be protected and categorize it. – How are you vetting your service providers? • Do you have signed SLAs? • Do they have insurance? • Do you have NDAs?
Questions?

Recommended

Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueGlobal Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Murray Security Services
 
Cyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceCyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and Governance
Srinidhi Aithal
 
Business RISKS From IT
Business RISKS From IT Business RISKS From IT
Business RISKS From IT
Sanjiv Arora
 
Rothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professionalRothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professional
Ben Rothke
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
Evan Francen
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
nooralmousa
 
IT Security & Governance Template
IT Security & Governance TemplateIT Security & Governance Template
IT Security & Governance Template
Flevy.com Best Practices
 

Recommended

Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueGlobal Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Murray Security Services
 
Cyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and GovernanceCyber Security Organizational Operating Model and Governance
Cyber Security Organizational Operating Model and Governance
Srinidhi Aithal
 
Business RISKS From IT
Business RISKS From IT Business RISKS From IT
Business RISKS From IT
Sanjiv Arora
 
Rothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professionalRothke stimulating your career as an information security professional
Rothke stimulating your career as an information security professional
Ben Rothke
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
Intergen
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
Evan Francen
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
nooralmousa
 
IT Security & Governance Template
IT Security & Governance TemplateIT Security & Governance Template
IT Security & Governance Template
Flevy.com Best Practices
 
isicg - 3 r's v4
isicg - 3 r's v4isicg - 3 r's v4
isicg - 3 r's v4
Elliott Franklin
 
IT compliance
IT complianceIT compliance
IT compliance
Phan Vuong
 
IANS 2015 RSA Presentation
IANS 2015 RSA PresentationIANS 2015 RSA Presentation
IANS 2015 RSA Presentation
Andrew Sanders
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
Laura Vanassche
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...
PECB
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3
Anne Starr
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
EC-Council
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
360 BSI
 
A day in the life of a CISO (and advice for people looking to come into the C...
A day in the life of a CISO (and advice for people looking to come into the C...A day in the life of a CISO (and advice for people looking to come into the C...
A day in the life of a CISO (and advice for people looking to come into the C...
Dimitrios Stergiou
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
PECB
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISO
isc2-hellenic
 
True Services Portfolio Overview
True Services Portfolio OverviewTrue Services Portfolio Overview
True Services Portfolio Overview
Nathaniel "Lee" Wade
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
Doug Copley
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
PECB
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
360 BSI
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education Catalog
Trustwave
 
Industry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsIndustry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT Skills
Eryk Budi Pratama
 
Super CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your JobSuper CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your Job
Priyanka Aash
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
Anne Starr
 
)k
)k)k
)k
Anne Starr
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
lgcdcpas
 

More Related Content

What's hot

Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3
Anne Starr
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
360 BSI
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
PECB
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
360 BSI
 

What's hot (20)

isicg - 3 r's v4
isicg - 3 r's v4isicg - 3 r's v4
isicg - 3 r's v4
 
IT compliance
IT complianceIT compliance
IT compliance
 
IANS 2015 RSA Presentation
IANS 2015 RSA PresentationIANS 2015 RSA Presentation
IANS 2015 RSA Presentation
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...How an Integrated Management system helps you comply with new Cyber Laws and ...
How an Integrated Management system helps you comply with new Cyber Laws and ...
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
 
A day in the life of a CISO (and advice for people looking to come into the C...
A day in the life of a CISO (and advice for people looking to come into the C...A day in the life of a CISO (and advice for people looking to come into the C...
A day in the life of a CISO (and advice for people looking to come into the C...
 
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
Advanced Cybersecurity Risk Management: How to successfully address your Cybe...
 
The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISO
 
True Services Portfolio Overview
True Services Portfolio OverviewTrue Services Portfolio Overview
True Services Portfolio Overview
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education Catalog
 
Industry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT SkillsIndustry 4.0 : How to Build Relevant IT Skills
Industry 4.0 : How to Build Relevant IT Skills
 
Super CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your JobSuper CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your Job
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
 
)k
)k)k
)k
 

Similar to Cybersecurity for Small Business

IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
360 BSI
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
PECB
 
Information Systems-Lecture One
Information Systems-Lecture OneInformation Systems-Lecture One
Information Systems-Lecture One
Oppong Apau
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
360 BSI
 

Similar to Cybersecurity for Small Business (20)

Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
 
Information security
Information securityInformation security
Information security
 
Belgina ism-v3 3
Belgina ism-v3 3Belgina ism-v3 3
Belgina ism-v3 3
 
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfWhat Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdf
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 
Introduction to management information system
Introduction to management information systemIntroduction to management information system
Introduction to management information system
 
Business cases internet 30 use cases
Business cases internet 30 use casesBusiness cases internet 30 use cases
Business cases internet 30 use cases
 
Item46763
Item46763Item46763
Item46763
 
Mis 1
Mis 1Mis 1
Mis 1
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
Information Systems-Lecture One
Information Systems-Lecture OneInformation Systems-Lecture One
Information Systems-Lecture One
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital Presence
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
Information Systems in Global Business Today.pptx
Information Systems in Global Business Today.pptxInformation Systems in Global Business Today.pptx
Information Systems in Global Business Today.pptx
 
Staying Safe In A Quickly Evolving World
Staying Safe In A Quickly Evolving WorldStaying Safe In A Quickly Evolving World
Staying Safe In A Quickly Evolving World
 

More from Murray Security Services

More from Murray Security Services (13)

Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model Certification
 
Accidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 VersionAccidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 Version
 
Manufacturing Hacks
Manufacturing HacksManufacturing Hacks
Manufacturing Hacks
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & Meltdown
 
Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
 
How to Write Good Policies
How to Write Good PoliciesHow to Write Good Policies
How to Write Good Policies
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 

Recently uploaded

Communicative rationality and the evolution of business ethics: corporate soc...
Communicative rationality and the evolution of business ethics: corporate soc...Communicative rationality and the evolution of business ethics: corporate soc...
Communicative rationality and the evolution of business ethics: corporate soc...
BOHR International Journal of Business Ethics and Corporate Governance
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
creerey
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
tjcomstrang
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
Workforce Group
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
seri bangash
 
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
Khaled Al Awadi
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
KaiNexus
 

Recently uploaded (20)

sales plan presentation by mckinsey alum
sales plan presentation by mckinsey alumsales plan presentation by mckinsey alum
sales plan presentation by mckinsey alum
 
Communicative rationality and the evolution of business ethics: corporate soc...
Communicative rationality and the evolution of business ethics: corporate soc...Communicative rationality and the evolution of business ethics: corporate soc...
Communicative rationality and the evolution of business ethics: corporate soc...
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
 
Equinox Gold Corporate Deck May 24th 2024
Equinox Gold Corporate Deck May 24th 2024Equinox Gold Corporate Deck May 24th 2024
Equinox Gold Corporate Deck May 24th 2024
 
20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf20240425_ TJ Communications Credentials_compressed.pdf
20240425_ TJ Communications Credentials_compressed.pdf
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
 
G-Mica Wood Chip Particle board Table Design
G-Mica Wood Chip Particle board Table DesignG-Mica Wood Chip Particle board Table Design
G-Mica Wood Chip Particle board Table Design
 
Meaningful Technology for Humans: How Strategy Helps to Deliver Real Value fo...
Meaningful Technology for Humans: How Strategy Helps to Deliver Real Value fo...Meaningful Technology for Humans: How Strategy Helps to Deliver Real Value fo...
Meaningful Technology for Humans: How Strategy Helps to Deliver Real Value fo...
 
Digital Transformation in PLM - WHAT and HOW - for distribution.pdf
Digital Transformation in PLM - WHAT and HOW - for distribution.pdfDigital Transformation in PLM - WHAT and HOW - for distribution.pdf
Digital Transformation in PLM - WHAT and HOW - for distribution.pdf
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
 
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-indiafalcon-invoice-discounting-a-premier-platform-for-investors-in-india
falcon-invoice-discounting-a-premier-platform-for-investors-in-india
 
Memorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.pptMemorandum Of Association Constitution of Company.ppt
Memorandum Of Association Constitution of Company.ppt
 
April 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products NewsletterApril 2024 Nostalgia Products Newsletter
April 2024 Nostalgia Products Newsletter
 
Pitch Deck Teardown: RAW Dating App's $3M Angel deck
Pitch Deck Teardown: RAW Dating App's $3M Angel deckPitch Deck Teardown: RAW Dating App's $3M Angel deck
Pitch Deck Teardown: RAW Dating App's $3M Angel deck
 
Filing Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed GuideFiling Your Delaware Franchise Tax A Detailed Guide
Filing Your Delaware Franchise Tax A Detailed Guide
 
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
 
Matt Conway - Attorney - A Knowledgeable Professional - Kentucky.pdf
Matt Conway - Attorney - A Knowledgeable Professional - Kentucky.pdfMatt Conway - Attorney - A Knowledgeable Professional - Kentucky.pdf
Matt Conway - Attorney - A Knowledgeable Professional - Kentucky.pdf
 
Hyundai capital 2024 1quarter Earnings release
Hyundai capital 2024 1quarter Earnings releaseHyundai capital 2024 1quarter Earnings release
Hyundai capital 2024 1quarter Earnings release
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
 

Cybersecurity for Small Business

  • 1. Cybersecurity for Small Business Dr. Shawn P. Murray, C|CISO, CISSP, CRISC Managing Partner, Murray Security Services Inspiring Entrepreneurs for Growth Seminar – August 26, 2017
  • 2. Agenda – IT & Cyber – Information Security – Cybersecurity – Governance – Operations – Risk Management – Cultures and Attitudes – Homework
  • 3. IT & Cyber • Information Technology – Information Technology (IT) refers to all of the computer systems and service support contract agreements that the business uses to be productive. • Cyber – This is a concept that relates the computing environment to the business environment. – Cyber = Information Technology which is used to enable the business as described in the previous bullet
  • 4. Information Security • The holistic approach for identifying, categorizing and protecting information related to business activities. – Written (hard copy), • patient files, business plans, engineering schematics, manifests – Electronic • computerized information that is processed, transmitted or stored using computing systems (Fax machines, computers, mobile devices) – All information that the organization creates, uses or receives should have an information classification scheme. • sensitive • propitiatory • confidential • PII • public
  • 5. Cybersecurity • Cybersecurity is the new "sexy" term for information security. • While the focus appears to be primarily related to the IT systems, most IT security professionals agree that all aspects of Information Security are encompassed into this new discipline "brand". • It also includes contractual agreements for service providers of IT and cybersecurity. – Many small businesses don't do IT work and hire people or companies to provide these services which introduces risk. • Who has access to your data and information? • Do you have Non-disclosure Agreements (NDAs)?
  • 6. Governance • What laws does the business need to comply with? – Based on Industry • HIPAA, FERPA, GLBA, FISMA – Based on business activities • HR, patients, clients, employee, credit card transactions • What standards does the business need to comply with? – PCI-DSS – GAAP – NIST – ISO
  • 7. Governance • How does your internal governance strategy align with external governance requirements? – Plans – Policies – Procedures – Standards – Guidelines
  • 8. Operations • How do employees accomplish daily tasks? – Scenario - Chiropractor Credit Card Information – Scenario - Dentist and Front Desk PII Breach – Phishing - Scenario - Retail Organization Social Engineering Attack • Cyber Security Awareness Program – includes annual training – Posters, articles tabletop exercises
  • 9. Operations • Socialize what is important – Reward good behavior – Develop strategy to correct unacceptable behavior • How do you conduct incident response and remediation? – Who needs to be notified? • Internal - Call Trees • External - Law enforcement, Federal or State
  • 10. Risk Management IT & Cybersecurity Risk is a business process or activity • Mitigate • Accept • Avoid • Transfer
  • 11. Cultures and Attitudes • What is the culture related to security in your organization? – Should be supported from the top – Should be enforced – Sometimes you need to slay a lion! – Be consistent
  • 12. Homework • Develop a Checklist – Look at how your employees are accomplishing tasks identify risks – Create Acceptable Use policy - Audience is everyone – Create Privileged Use policy - Audience is IT personnel – Identify critical Resources, Information & Personnel (RIP Model) • Develop strategies to protect disruption to your business – Identify multiple resource sources – Protect and backup data & information – Cross train critical personnel
  • 13. Homework • Develop a Checklist (cont.) – Create an information classification scheme • Categorize the information • Identify the computer systems that inherit the scheme and protect them as well. (Process, transmit or store) • Do not make it complex • At least identify the important information that you think should be protected and categorize it. – How are you vetting your service providers? • Do you have signed SLAs? • Do they have insurance? • Do you have NDAs?