SlideShare a Scribd company logo
1 of 58
Information Security For Small Business by Julius Clark Sr.,  MBA, CISSP, CISA
About Me BDPA History 2010-2012	Charlotte President 2010-2012	National BDPA CISO 2007-2009 	Charlotte President-Elect 2006-2004	VP of SITES (Education) 2001-2003	Charlotte  HSCC  Coordinator Education ,[object Object],Salem International University, Salem, WV ,[object Object],University of Fairfax, Fairfax, VA ,[object Object],Wentworth Institute of Technology, Boston, MA Certifications ,[object Object]
Certified Information Systems Auditor (CISA)
Microsoft Certified System Engineer (MSCE).Julius Clark Sr. Location: Charlotte, NC Current home, been residing in Charlotte, NC for over 10 years Hometown Boston, Ma Profession Information Security Professional. 2
AgendaInformation Security for Small Business 3
Agenda  (Continued)Information Security for Small Business 4
IT Security &Business Wholeness 5
Maslow’s Hierarchy of Needs Being aware of one’s Wholeness keeps bad things from happening.  A solid foundation must be built to advance. Understanding your environment, your health and activities helps one to continually perform risk assessments and move to the next level. ,[object Object]
Esteem -  Recognition for Good Work
Love -  Acceptance
Safety & Security – Stability
Needs – Air , Food, Water, Shelter6
Maslow’s Business Comparison Maslow’s Hierarchy of Needs can be applied to building a successful business. IT Security is a foundation that businesses must build upon to lower IT Security risks, which can help your business gain a competitive edge. ,[object Object]
Esteem -  Recognition in Market Place
Love -  Acceptance by Clients or Customers
Safety & Security –  IT Security & Insurance
Needs – Capital & People7
Importance of Small Businesses Statistic: There are over 26 million small businesses in the U.S. Source: NIST 8
What Is At Stake? Your Business!  Your business is at risk of being damaged due to: ,[object Object]
Lawsuits
Reputation loss
loss of market share
Theft of its technology , resources and products
Denial of service attacks
Blackmail9
What is Information Security? 10
What Is Information Security? Protecting your information, technology, property, products and people; all vital business assets.  The Information Security Triad is the foundation for  Information Security and is based on concepts and principles known as  CIA. ,[object Object]
Integrity
Availability11
What Is Information Security? Confidentiality Concept of protecting information from improper disclosure and protecting the secrecy and privacy of sensitive data so that the intellectual property and reputation of an organization  is not damaged and that data related to individuals is not released in violation of regulations or the privacy policy of the organization. - From the CISSP® CBK® 12
What Is Information Security? Integrity Addresses two objects, which are protecting data and processes from improper modification, and ensuring the operations of the information is reliable and performing as expected. - From the CISSP® CBK® 13
What Is Information Security? Availability The concept of ensuring that the systems and data can be accessed when required. Availability is impacted by human error, cabling problems, software bug, hardware failures, loss of skilled staff, malicious code, and the many other threats that can render a system un-usable or unreliable.  - From the CISSP® CBK®: 14
Components of information security architecture  15
Components of Information Security Architecture The process of instituting a complete information security solution to the architecture of a business, ensuring the security of business information at every point in the architecture.  ,[object Object]
Processes
Technology16
Components of Information Security Architecture People People are the weakest link of a business’ process.  You all know why! 17
Components of Information Security Architecture Processes The operational aspects of small business. Safeguards can be automated or manual.  18
Components of Information Security Architecture Technology All of the tools, applications, software, and infrastructure that allows a business process to work and perform efficiently. Thus as a business owner you must ensure that you have adequate logical controls in place to help you stay on track with your business’ mission or purpose. 19
Cyber Crime In the news 20
Who Are The Actors? Their Roles: ,[object Object]
Hacktivists
Cyber criminals
Information Warriors
Employees
Dumpster divers
Natural disasters
Terrorist activities21
Who Are The Actors? Malicious Code! ,[object Object]
Viruses
Denial of service
Turning your computer into a zombie aka “Bot”22
Cyber Crime In the News 23
Cyber Crime Statistics! Insider threats are responsible for over 80% of small business issues. There are over 70,000 active viruses ; and exponentially growing Information Security threats can damage or destroy small business 33%  of businesses with 100 employees or less had a computer incident Source: NIST 24
Cyber Crime Statistics! Small Business Cyber Crime Report 42 %  of businesses had a Laptop theft 44%  of businesses suffered from Insider Abuse 21% of businesses reported Denial of Service 50%  of businesses detected a viruses 20%  of business systems became a “Bot” Source: Computer Security Institute Survey 25
Cyber Crime Statistics! Reported Data Breaches 2007  - there were 445 data breaches reported  2008 – there were 656 data breaches reported 2009 – approx. 392 data breaches reported. Source: October 9, 2009 USAToday  26
27 Chronology of Data Breaches www.privacyrights.org
28 Chronology of Data Breaches www.privacyrights.org The 354,537,108 indicates the total number of records compromised

More Related Content

What's hot

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security AssessmentsTom Eston
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
A Career in Cybersecurity
A Career in CybersecurityA Career in Cybersecurity
A Career in Cybersecuritylfh663
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Security Consulting Services
Security Consulting ServicesSecurity Consulting Services
Security Consulting ServicesePlus
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk ManagementNikhil Soni
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 

What's hot (20)

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Physical Security.ppt
Physical Security.pptPhysical Security.ppt
Physical Security.ppt
 
Physical Security.ppt
Physical Security.pptPhysical Security.ppt
Physical Security.ppt
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security Assessments
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
A Career in Cybersecurity
A Career in CybersecurityA Career in Cybersecurity
A Career in Cybersecurity
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber Security
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
Bank security
Bank securityBank security
Bank security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Security Consulting Services
Security Consulting ServicesSecurity Consulting Services
Security Consulting Services
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Information Security Risk Management
Information Security Risk ManagementInformation Security Risk Management
Information Security Risk Management
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards Compliance
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 

Viewers also liked

Small Business Guide to Information Security
Small Business Guide to Information Security Small Business Guide to Information Security
Small Business Guide to Information Security Leo Welder
 
Business information security requirements
Business information security requirementsBusiness information security requirements
Business information security requirementsgurneyhal
 
Itinerario político cultural de la españa actual-carlos pla barriol
Itinerario político cultural de la españa actual-carlos pla barriolItinerario político cultural de la españa actual-carlos pla barriol
Itinerario político cultural de la españa actual-carlos pla barriolcursoiberis
 
"Как продавать Вену": вебинар Vitiana
"Как продавать Вену": вебинар Vitiana"Как продавать Вену": вебинар Vitiana
"Как продавать Вену": вебинар VitianaVitiana
 
Sanjay Singh Nayal-CV
Sanjay Singh Nayal-CVSanjay Singh Nayal-CV
Sanjay Singh Nayal-CVNayal Sanjay
 
Introduction to Free Software
Introduction to Free SoftwareIntroduction to Free Software
Introduction to Free SoftwareDavid Fernandez
 
BüroWARE Oil - ERP-Software für den Energiehandel
BüroWARE Oil - ERP-Software für den EnergiehandelBüroWARE Oil - ERP-Software für den Energiehandel
BüroWARE Oil - ERP-Software für den Energiehandelsoftenginegmbh
 
Ieee projects 2012 2013 - Mobile Computing
Ieee projects 2012 2013 - Mobile ComputingIeee projects 2012 2013 - Mobile Computing
Ieee projects 2012 2013 - Mobile ComputingK Sundaresh Ka
 
Newsletter iii2016
Newsletter iii2016Newsletter iii2016
Newsletter iii2016Salutaria
 
Content Marketing: Wie kann Ihr Business davon profitieren?
Content Marketing: Wie kann Ihr Business davon profitieren?Content Marketing: Wie kann Ihr Business davon profitieren?
Content Marketing: Wie kann Ihr Business davon profitieren?Martin Bredl
 
Biografía del dr. alfonso millán maldonado (27/ago/2013)
Biografía del dr. alfonso millán maldonado (27/ago/2013)Biografía del dr. alfonso millán maldonado (27/ago/2013)
Biografía del dr. alfonso millán maldonado (27/ago/2013)MedicinaUas
 

Viewers also liked (20)

Small Business Guide to Information Security
Small Business Guide to Information Security Small Business Guide to Information Security
Small Business Guide to Information Security
 
Business information security requirements
Business information security requirementsBusiness information security requirements
Business information security requirements
 
Information security
Information securityInformation security
Information security
 
Itinerario político cultural de la españa actual-carlos pla barriol
Itinerario político cultural de la españa actual-carlos pla barriolItinerario político cultural de la españa actual-carlos pla barriol
Itinerario político cultural de la españa actual-carlos pla barriol
 
Zombis
ZombisZombis
Zombis
 
2 cell smart power selector 1760fa 1
2 cell smart power selector 1760fa 12 cell smart power selector 1760fa 1
2 cell smart power selector 1760fa 1
 
Hack x crack_scapy2
Hack x crack_scapy2Hack x crack_scapy2
Hack x crack_scapy2
 
Nueva Carta de El Pote Restaurante
Nueva Carta de El Pote RestauranteNueva Carta de El Pote Restaurante
Nueva Carta de El Pote Restaurante
 
El pendo
El pendoEl pendo
El pendo
 
"Как продавать Вену": вебинар Vitiana
"Как продавать Вену": вебинар Vitiana"Как продавать Вену": вебинар Vitiana
"Как продавать Вену": вебинар Vitiana
 
Sanjay Singh Nayal-CV
Sanjay Singh Nayal-CVSanjay Singh Nayal-CV
Sanjay Singh Nayal-CV
 
Introduction to Free Software
Introduction to Free SoftwareIntroduction to Free Software
Introduction to Free Software
 
BüroWARE Oil - ERP-Software für den Energiehandel
BüroWARE Oil - ERP-Software für den EnergiehandelBüroWARE Oil - ERP-Software für den Energiehandel
BüroWARE Oil - ERP-Software für den Energiehandel
 
Lourdes Flores Y CéSar CatañO
Lourdes Flores Y CéSar CatañOLourdes Flores Y CéSar CatañO
Lourdes Flores Y CéSar CatañO
 
Ieee projects 2012 2013 - Mobile Computing
Ieee projects 2012 2013 - Mobile ComputingIeee projects 2012 2013 - Mobile Computing
Ieee projects 2012 2013 - Mobile Computing
 
Newsletter iii2016
Newsletter iii2016Newsletter iii2016
Newsletter iii2016
 
Content Marketing: Wie kann Ihr Business davon profitieren?
Content Marketing: Wie kann Ihr Business davon profitieren?Content Marketing: Wie kann Ihr Business davon profitieren?
Content Marketing: Wie kann Ihr Business davon profitieren?
 
April 2015 group advisement
April 2015 group advisementApril 2015 group advisement
April 2015 group advisement
 
Biografía del dr. alfonso millán maldonado (27/ago/2013)
Biografía del dr. alfonso millán maldonado (27/ago/2013)Biografía del dr. alfonso millán maldonado (27/ago/2013)
Biografía del dr. alfonso millán maldonado (27/ago/2013)
 
La Antorcha - Mayo 2012
La Antorcha - Mayo 2012La Antorcha - Mayo 2012
La Antorcha - Mayo 2012
 

Similar to Information security for small business

Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistancePaul-Charife Allen
 
BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023CBIZ, Inc.
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceNational Retail Federation
 
Security Best Practices for Small Business
Security Best Practices for Small BusinessSecurity Best Practices for Small Business
Security Best Practices for Small BusinessValiant Technology
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Gross, Mendelsohn & Associates
 
Keep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit BudgetKeep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit BudgetBVU
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldnetwealthInvest
 
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest MindsWhitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest MindsHappiest Minds Technologies
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowShantam Goel
 
Cyber Security and the CEO
Cyber Security and the CEOCyber Security and the CEO
Cyber Security and the CEOMicheal Axelsen
 
McNair_Paper_Hill
McNair_Paper_HillMcNair_Paper_Hill
McNair_Paper_HillDennis Hill
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 

Similar to Information security for small business (20)

Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 
Cyber security do your part be the resistance
Cyber security do your part be the resistanceCyber security do your part be the resistance
Cyber security do your part be the resistance
 
BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023BIZGrowth Strategies — Cybersecurity Special Edition 2023
BIZGrowth Strategies — Cybersecurity Special Edition 2023
 
Security analysis
Security analysisSecurity analysis
Security analysis
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business Experience
 
CCA study group
CCA study groupCCA study group
CCA study group
 
Security Best Practices for Small Business
Security Best Practices for Small BusinessSecurity Best Practices for Small Business
Security Best Practices for Small Business
 
Spo2 t17
Spo2 t17Spo2 t17
Spo2 t17
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...
 
Keep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit BudgetKeep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit Budget
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
 
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest MindsWhitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Cybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To KnowCybersecurity- What Retailers Need To Know
Cybersecurity- What Retailers Need To Know
 
Cyber Security and the CEO
Cyber Security and the CEOCyber Security and the CEO
Cyber Security and the CEO
 
McNair_Paper_Hill
McNair_Paper_HillMcNair_Paper_Hill
McNair_Paper_Hill
 
Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
 

More from BDPA Charlotte - Information Technology Thought Leaders

More from BDPA Charlotte - Information Technology Thought Leaders (10)

2011 BDPA Charlotte Membership Packet
2011 BDPA Charlotte Membership Packet2011 BDPA Charlotte Membership Packet
2011 BDPA Charlotte Membership Packet
 
Mastering linkedIn Advanced Techniques and Insider Secrets BDPA National Pres...
Mastering linkedIn Advanced Techniques and Insider Secrets BDPA National Pres...Mastering linkedIn Advanced Techniques and Insider Secrets BDPA National Pres...
Mastering linkedIn Advanced Techniques and Insider Secrets BDPA National Pres...
 
Information Security and the SDLC
Information Security and the SDLCInformation Security and the SDLC
Information Security and the SDLC
 
Running an IT Consulting Firm
Running an IT Consulting FirmRunning an IT Consulting Firm
Running an IT Consulting Firm
 
Professional Development Toolkit
Professional Development ToolkitProfessional Development Toolkit
Professional Development Toolkit
 
Data Warehousing
Data WarehousingData Warehousing
Data Warehousing
 
Health Information Technology Workforce Development Program Presentation
Health Information Technology Workforce Development Program PresentationHealth Information Technology Workforce Development Program Presentation
Health Information Technology Workforce Development Program Presentation
 
How to Create a Business Plan by SCORE
How to Create a Business Plan by SCOREHow to Create a Business Plan by SCORE
How to Create a Business Plan by SCORE
 
How to Start a Small IT Consulting Firm
How to Start a Small IT Consulting FirmHow to Start a Small IT Consulting Firm
How to Start a Small IT Consulting Firm
 
BDPA Charlotte Information Technology Thought Leaders 2010 Membership Drive
BDPA Charlotte   Information Technology Thought Leaders  2010 Membership DriveBDPA Charlotte   Information Technology Thought Leaders  2010 Membership Drive
BDPA Charlotte Information Technology Thought Leaders 2010 Membership Drive
 

Recently uploaded

Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringWSO2
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...caitlingebhard1
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Paige Cruz
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaWSO2
 

Recently uploaded (20)

Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 

Information security for small business

  • 1. Information Security For Small Business by Julius Clark Sr., MBA, CISSP, CISA
  • 2.
  • 4. Microsoft Certified System Engineer (MSCE).Julius Clark Sr. Location: Charlotte, NC Current home, been residing in Charlotte, NC for over 10 years Hometown Boston, Ma Profession Information Security Professional. 2
  • 6. Agenda (Continued)Information Security for Small Business 4
  • 7. IT Security &Business Wholeness 5
  • 8.
  • 9. Esteem - Recognition for Good Work
  • 10. Love - Acceptance
  • 11. Safety & Security – Stability
  • 12. Needs – Air , Food, Water, Shelter6
  • 13.
  • 14. Esteem - Recognition in Market Place
  • 15. Love - Acceptance by Clients or Customers
  • 16. Safety & Security – IT Security & Insurance
  • 17. Needs – Capital & People7
  • 18. Importance of Small Businesses Statistic: There are over 26 million small businesses in the U.S. Source: NIST 8
  • 19.
  • 23. Theft of its technology , resources and products
  • 26. What is Information Security? 10
  • 27.
  • 30. What Is Information Security? Confidentiality Concept of protecting information from improper disclosure and protecting the secrecy and privacy of sensitive data so that the intellectual property and reputation of an organization is not damaged and that data related to individuals is not released in violation of regulations or the privacy policy of the organization. - From the CISSP® CBK® 12
  • 31. What Is Information Security? Integrity Addresses two objects, which are protecting data and processes from improper modification, and ensuring the operations of the information is reliable and performing as expected. - From the CISSP® CBK® 13
  • 32. What Is Information Security? Availability The concept of ensuring that the systems and data can be accessed when required. Availability is impacted by human error, cabling problems, software bug, hardware failures, loss of skilled staff, malicious code, and the many other threats that can render a system un-usable or unreliable. - From the CISSP® CBK®: 14
  • 33. Components of information security architecture 15
  • 34.
  • 37. Components of Information Security Architecture People People are the weakest link of a business’ process. You all know why! 17
  • 38. Components of Information Security Architecture Processes The operational aspects of small business. Safeguards can be automated or manual. 18
  • 39. Components of Information Security Architecture Technology All of the tools, applications, software, and infrastructure that allows a business process to work and perform efficiently. Thus as a business owner you must ensure that you have adequate logical controls in place to help you stay on track with your business’ mission or purpose. 19
  • 40. Cyber Crime In the news 20
  • 41.
  • 49.
  • 52. Turning your computer into a zombie aka “Bot”22
  • 53. Cyber Crime In the News 23
  • 54. Cyber Crime Statistics! Insider threats are responsible for over 80% of small business issues. There are over 70,000 active viruses ; and exponentially growing Information Security threats can damage or destroy small business 33% of businesses with 100 employees or less had a computer incident Source: NIST 24
  • 55. Cyber Crime Statistics! Small Business Cyber Crime Report 42 % of businesses had a Laptop theft 44% of businesses suffered from Insider Abuse 21% of businesses reported Denial of Service 50% of businesses detected a viruses 20% of business systems became a “Bot” Source: Computer Security Institute Survey 25
  • 56. Cyber Crime Statistics! Reported Data Breaches 2007 - there were 445 data breaches reported 2008 – there were 656 data breaches reported 2009 – approx. 392 data breaches reported. Source: October 9, 2009 USAToday 26
  • 57. 27 Chronology of Data Breaches www.privacyrights.org
  • 58. 28 Chronology of Data Breaches www.privacyrights.org The 354,537,108 indicates the total number of records compromised
  • 59. Business Continuity and Disaster Recovery Planning 29
  • 60. Business Continuity & Disaster Recovery Planning NIST IT Security Fundamentals For Small Business Contingency and Disaster Recover planning considerations What happens if there is a disaster (flood, fire, tornado, etc) or a contingency (power outage, sewer backup, accidental sprinkler activation, etc)? Do you have a plan for restoring business operations during or after a disaster or a contingency? Since we all experience power outages or brownouts from time to time, do you have Uninterruptible Power Supplies (UPS) on each of your computers and critical network components? They allow you to work through short power outages and to save your data when the electricity goes off. Conduct an inventory of all information used in running your business. Do you know where each type of information is located (on which computer or server)? Have you prioritized your business information so that you know which type of information is most critical to the operation of your business – and, therefore, which type of information must be restored first in order to run your most critical operations? If you have never (or not recently) done a full inventory of your important business information, now is the time. For a small business, this shouldn’t take longer than a few hours. For a larger business, this might take from a day to a week or so. While you are doing this inventory, ensure that the information is prioritized relative to importance for the entire business, not necessarily for a single part of the business. When you have your prioritized information inventory (on an electronic spreadsheet), add three columns to address the kind of protection that each type of information needs. Some information will need protection for confidentiality, some for integrity, and some for availability. 30
  • 65.
  • 66. As you read/research your trade/professional publications, take note of the data security issues covered in these publications. Ask yourself “Is my business vulnerable to something like this? If so, what have others done that I could copy to protect my business?”
  • 67. As you network with your peers, talk cyber security issues. Give and get advice, hints, tips, etc.
  • 68. Make every effort to stay in touch with and on top of every threat or incident that does or could affect your business.
  • 69. Join InfraGard to get critical information about current threats in your local area (and to act as eyes and ears to help protect our nation!).
  • 70.
  • 71.
  • 74. Safeguarding Critical Assets People People are the weakest link of the three components of Information Security! 38
  • 75.
  • 76. Lock up laptops when they are not in use.
  • 77. Control who has access to your systems and networks, this includes cleaning crews. No one should be able to walk into your office space without being challenged by an employee.
  • 78.
  • 79. Do not provide access to all data to any employee,
  • 80. Only give employee enough access privileges necessary to perform job.
  • 81. Do not allow a single individual to both initiate and approve a transaction (financial or otherwise).39
  • 82. Safeguarding Critical Assets Processes The operational aspects of small business; needs checks and balances aka controls. 40
  • 83.
  • 84. Backups can be done inexpensively if copied to another hard drive that can hold 52 weeks of backups; 500GB should be sufficient for most businesses.
  • 85. Consider cloud/ online backup solutions; convenient but slow to restore.
  • 86. Backups should be performed at a minimum weekly, but better if done daily.
  • 87. A full backup should be performed once a month and taken off site incase of a fire, flood, theft or other disaster.
  • 88. Portable USB Drive is recommended ; 1 TB
  • 89.
  • 90. Employees should review computer usage policies on the 1st day of work.
  • 91. Train them about expectations concerning limited use of telephones, printers and other business resources.
  • 92. After training they should sign a a statement that they understand these policies and the penalties for violation of business policies.41
  • 93.
  • 94. To protect information and systems, employees should not operate computers with administrative privileges.
  • 95. Malicious code will gain the same privileges and install itself on a system if the user is using an account with administrative privileges.
  • 96.
  • 97. Employees should review computer usage policies on the 1st day of work..
  • 98. Train them about expectations concerning limited use of telephones, printers and other business resources.
  • 99. After training they should sign a a statement that they understand these policies and the penalties for violation of business policies. 42
  • 100.
  • 101. It is recommended to have the anti-virus software, spyware and malicious code software to update automatically; frequently.
  • 102.
  • 103. Ensure that your employees home PCs have a firewall installed between your/ their systems(s) and the Internet.
  • 104. Change the administrative password upon installation and regularly thereafter. Good idea to change the administrator name too. 43
  • 105.
  • 106. Set wireless device to not broadcast its Service Set Identifier (SSID).
  • 107. Recommended encryption is WiFi Protected Access 2 (WPA-2) using Advanced Encryption Standard (AES).
  • 108. NOTE: WEP (Wired-Equivalent Privacy) is not a good wireless security protocol.
  • 109. It is recommended to configure Desktop / Server Operating systems to update automatically. 44
  • 110.
  • 111. Make sure that the firewall is turned on.
  • 112.
  • 113. It is recommended to configure systems to update automatically.
  • 114. Ensure employees home PCs are configured to update automatically as well.
  • 115. If you have many systems consider purchasing a product that can manage the process for your business.
  • 116. Update Microsoft Office regularly. 45
  • 118.
  • 119. Some will relate to expected employee practices for using business resources, such as telephones, computers, printers, fax machines, and Internet access.
  • 120. Legal and regulatory requirements may also require certain policies to be put in place and enforced.
  • 121.
  • 122. Policies should be communicated clearly to each employee and all employees should sign a statement agreeing that they have read the policies, that they will follow the policies, and that they understand the possible penalties for violating those policies.
  • 123. This will help management to hold employees accountable for violation of the businesses policies.
  • 124.
  • 125. Highly Recommended IT Security Practices!Business Policies Should Be In Place Security concerns about popup windows and other hacker tricks.  When connected to and using the Internet, do not respond to popup windows requesting that you to click “ok” for anything.  If a window pops up on your screen informing you that you have a virus or spyware and suggesting that you download an antivirus or antispyware program to take care of it, close the popup window by selecting the X in the upper right corner of the popup window.  Hackers are known to scatter infected USB drives with provocative labels in public places where their target business’s employees hang out, knowing that curious individuals will pick them up and take them back to their office system to “see what’s on them.” What is on them is generally malicious code which installs a spy program or remote control program on the computer. Teach your employees to not bring USB drives into the office and plug them into your business computers (or take them home and plug into their home systems). It is a good idea to disable the “AutoRun” feature for the USB ports on your business computers to help prevent such malicious programs from running. 50
  • 126. Highly Recommended IT Security Practices!Business Policies Should Be In Place Security considerations for web surfing. No one should surf the web using a user account which has administrative privileges. It is best to set up a special account with “guest” (limited) privileges to avoid this vulnerability. Issues in downloading software from the Internet. Do not download software from any unknown web page. Only those web pages belonging to businesses with which you have a trusted business relationship should be considered reasonably safe for downloading software. Such trusted sites would include the Microsoft Update web page where you would get patches and updates for various versions of the Windows operating system and Microsoft Office or other similar software. Most other web pages should be viewed with suspicion. Be very careful if you decide to use freeware or shareware from a source on the web. Most of these do not come with technical support and some are deliberately crippled so that you do not have the full functionality you might be led to believe will be provided. 51
  • 127. Highly Recommended IT Security Practices!Business Policies Should Be In Place Doing online business or banking more securely. Online business/commerce/banking should only be done using a secure browser connection. This will normally be indicated by a small lock visible in the lower right corner of your web browser window. After any online commerce or banking session, erase your web browser cache, temporary internet files, cookies, and history so that if your system is compromised, that information will not be on your system to be stolen by the individual hacker or malware program.  Recommended personnel practices in hiring employees.  When hiring new employees, conduct a comprehensive background check before making a job offer. Ensure that you do criminal background checks on all prospective new employees. If possible, it is a good idea to do a credit check on prospective employees. This is especially true if they will be handling your business funds. Do your homework – call their references and former employers. Note: It is also an excellent idea for you the business owner to do a background check of yourself. Many people become aware that they are victims of identity theft only after they do a background check on themselves and find arrest records and unusual previous addresses where they never lived. 52
  • 128. Highly Recommended IT Security Practices!Business Policies Should Be In Place How to protect against Social Engineering. Social engineering is a personal or electronic attempt to obtain unauthorized information or access to systems/facilities or sensitive areas by manipulating people. The social engineer researches the organization to learn names, titles, responsibilities, and publically available personal identification information. Then the social engineer usually calls the organization’s receptionist or help desk with a believable, but made-up story designed to convince the person that the social engineer is someone in, or associated with, the organization and needs information or system access which the organization’s employee can provide and will feel obligated to provide.  Train employees to protect against social engineering techniques, employees must be taught to be helpful, but vigilant when someone calls in for help and asks for information or special system access. The employee must first authenticate the caller by asking for identification information that only the person who is in or associated with the organization would know.  If the individual is not able to provide such information, then the employee should politely, but firmly refuse to provide what has been requested by the social engineer. The employee should then notify management of the attempt to obtain information or system access. 53
  • 129. How to dispose of old computers and media.  When disposing of old business computers, remove the hard disks and destroy them. The destruction can be done by taking apart the disk and beating the hard disk platters with a hammer. It is very common for small businesses to discard old computers and media without destroying the computers’ hard disks or the media. Sensitive business and personal information is regularly found on computers purchased on Ebay, thrift shops, Goodwill, etc, much to the embarrassment of the small businesses involved (and much to the annoyance of customers or employees whose sensitive data is compromised). Consider Using Full Disk Encryption if you handle sensitive data and information. 54 Highly Recommended IT Security Practices! NIST IT Security Fundamentals For Small Business
  • 130. Information Security Resources for Small Business Small Business Information Security : The Fundamentals (Security Guide for Small Business) http://csrc.nist.gov/publications/drafts/ir-7621/draft-nistir-7621.pdf Small Business Center Documents http://csrc.nist.gov/groups/SMA/sbc/library.html InfraGard – FBI Sponsored Cyber Security Program http://www.infragard.net Protecting Personal information www.ftc.gov/infosecurity Computer Security Training, Network Research & Resources www.SANS.org On Guard Online - Protect Your Personal Information http://www.onguardonline.gov/ 55
  • 131.
  • 134.       References       57 Surviving Security—How to Integrate People, Process and Technology, 2nd Edition http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=27320&TEMPLATE=/ContentManagement/ContentDisplay.cfmIntroduction to the Business Model for Information Security , 2009 ISACAhttp://www.isaca.orgSmall Business Information Security : The Fundamentals (Security Guide for Small Business)http://www.nist.gov/cgi-bin//get_pdf.cgi?pub_id=903080 Small Business Center Documentshttp://csrc.nist.gov/groups/SMA/sbc/library.htmlInterHack,- Information Security: Friend or Foe, 2002http://web.interhack.com/publications/whatis-security.pdf
  • 135. 58 Contact Information Julius Clark Email: Julius.Clark.Sr@gmail.com Tel: 704-953-379 Blog: www.clarkthoughtleadership.blogspot.com