This document summarizes a presentation on effective cybersecurity. It discusses continuing trends in threats like control system attacks and money-stealing Trojans being reported on news programs. Identity information and exploits are being sold online. New threats include internal attacks, social media risks for small businesses, and new spam vectors posing as legitimate companies. The presentation addresses defensive techniques like penetration testing, security awareness training, and compliance practices. It introduces ISON as a managed IT services firm focused on small and medium businesses, providing security solutions to help organizations address these challenges.

1. ISON
Effective Cyber security:
Successful approaches
and experiences
April 5, 2012
Presenter
Phil Marasco

2. Agenda
• Continuing Trends
• New Elements
• Defensive Techniques
• Scaling to “X”
• Questions

3. Recent News
60 Minutes did a story on the first known control system attack
Source: CBSnews.com

4. Last Week’s News
Rock Center did a story on a Trojan used to steal money
Source: MSNBC.MSN.com

5. FBI says we are behind
Executive Assistant Director of the FBI thinks criminals are ahead.

6. Identity trading is rampant
Stolen credit cards are sold in large lots for prices as
low as $.40 to $10 depending on interval and method
used to collect the information.
Personal Identity information commands $25 to $50
(depending on quality).

7. Unpatched exploits on sale
Source: Forbes.com

8. Internal vs. External
• Historical threats
• Us vs. them
• Inbound Only (except for “inside
jobs”)
• Advanced Persistent Threats
• Blended attacks/RSA
• SPAM/Phishing

9. New Frontiers
• Small Business is expanding online
• Offering Online “Experiences”
• Member-Only Areas
• Monetize Social Media
• Group-on Discounts
• Gift Cards

10. New Dangers
• Web sites that store your data
• Financial Risks
• Personal Information Leakage
• Internal Threats
• Zombies
• FBI and the DNSChanger scam
• Brand Exposure (and explosion)

11. New SPAM Vectors
US Postal Service couldn’t deliver your package
American Airlines wants you to get that $19 fare to NY you left
behind during your failed web session
The National Check Clearing Center says you are about to bounce a
check
VISA Security department says your credit card has been blocked
PAYPAL says you are suspected of illegal activity
A gentleman in the Philippines would like you to hold his
inheritance check while he travels to the US.
A lawyer in Thailand wants to see if you know a guy who died and
will handle his $10 million estate.

12. New Questions
• What’s it worth to you?
• What can you actually do?
• What can be done for me?
• How often do I look?
In a corporate environment the bigger question is:
X vs. 10X vs. 100X

13. New Personal Tools
Identity Monitoring
• Epic.org (Electronic Privacy Info Center)
• http://www.youhavedownloaded.com/
• https://www.pwnedlist.com/
• http://www.Google.com
• http://www.Pipl.com
• Donttrack.us

14. New LEO Tools

15. What we do
• Penetration testing
• Network
• Application
• Physical
• Security Awareness
• Compliance
• Security Practice
• Policy lifecycle
• Security team augmentation

16. Who is ISON?
• Managed IT Services Firm
• Focus on small to medium business
• Extension of an organization
– With IT personnel
– Without IT personnel
• 30+ years industry experience

17. Wrap up
• Technical Corporate
• Use a patch management process
• Implement a secure baseline
• Monitor your network
• Manage your vulnerabilities
• Be careful with remote access
• Behaviors
• Put security and acceptable use policies in place
• Conduct security awareness training regularly
• Be careful with your data

18. Questions?

19. Thank You!
www.ISON.com