SlideShare a Scribd company logo

IT Security for Nonprofits 101

Download as PPTX, PDF
S
seanericwatson

This document provides an introduction to IT security for nonprofits. It discusses balancing security needs with limited budgets and lack of awareness. It then outlines seven easy steps for nonprofits to improve security, including keeping software updated, using enterprise antivirus, cultivating aware users, balancing privacy and security with productivity, understanding compliance needs, establishing strong password policies, and staying informed through security resources. The presentation includes questions for attendees about their experiences and challenges with security.

1 of 24
An Introduction IT Security for Nonprofits 101
1. Introductions 2. The Security Landscape 3. 7 Easy Steps to Be More Secure Overview of Session 4. Resource Sharing 5. Q/A Questions Sprinkled Throughout
1. Name 2. Organization 3. Mission 4. Approx. Number of Staff 5. Why are you here? Introductions • Get some idea of what security is about • It’s something I need to know about • Other reason?
User Oriented Levels of Security Web Cloud Network (WAN) Network (LAN) Workstation + Mobile
Security is all about Balance The Iron Triangle • Cost • Time • Quality Balancing Needs Main Factors for Most Groups • Limited Budget + Lack of Awareness • Forget to sharpen the saw • No good sources for information
Question What has your experience been with balancing needs?
Seven Steps to a More Secure Organization 1. Keep All Software Updated 2. Get Enterprise Antivirus 3. Cultivate Aware Users 4. Balance Privacy, Security, and Productivity 5. Know Your Compliance Needs 6. Establish a Strong Password Policy Overview 7. Stay Informed
1. Keep Software Updated Workstation Software Updates • OS (Windows, Mac OS X) • Microsoft Office • Adobe (Acrobat, Flash, Air) • Browsers (Chrome, Firefox, IE) • Email Client (Outlook, Thunderbird) • Anti-Virus/Anti-Malware/Anti-Spyware • iTunes and Device Firmware • Remote Access/VPN
1. Keep Software Updated Server Software Updates • BIOS • Device Drivers (Especially RAID) • Windows Server • Exchange Server (Email) • SQL Server (Database) • Endpoint Protection (such as Symantec) • Backup Software (such as BackupExec) • Proprietary Systems
Question How does your team handle updates?
2. Get Enterprise Antivirus Techsoup – Symantec Endpoint Protection • $5/system • Server-based Management Option • Integrates with BackupExec • Anti-virus • Anti-malware • Anti-spyware • Firewall (Software) • Protect ALL Systems (Incl. Volunteer, etc)
Question What is your anti-virus experience? Product story?
3. Cultivate Aware Users Everyone is responsible for security! • Know your software • Read prompts, don’t just click Ok • Installation Approval Process • Dangers of USB Drives, Mobiles, iPods, etc • Explain why, not just how and what • Recruit your tech savvy users to help • Encourage them to speak up!
Question How does your organization cultivate an aware team?
4. Privacy, Security, Productivity Balance is the key to Security • Be Real - If it ain’t used, it don’t work! • Be Honest – Tell users what to expect • Privacy – Tell users what you monitor • Balance Risk Prevention vs Recovery • Address Complaints with solutions
Question What are your privacy concerns (org and individual)?
Know Your Compliance Needs • PCI (Payment Processing) • HIPAA (Medical Information) • SAS70 • SSAE16 5. Compliance • Funder/Grant Requirements
Secure Passwords: • At least 8 characters 6. Strong Password Policy • At least one each of: • Uppercase Letter • Lowercase Letter • Number • Symbol (!@#$%^&*()) Example: P@ssw0rdsSuck!
Use a password database for ease • KeePass (Free and Open Source) 6. Strong Password Policy • SplashID (Syncs between devices) Use browsers to store passwords • Set master password • Only on your system (which is password protected) Protect your systems and devices
Question What tips can you share for password success?
Top Resources for Security Information • NTEN • US CERT • Symantec 7. Stay Informed • Techrepublic • Techsoup Security Forum* • http://501cybersecurity.com/* • EDUCAUSE* * Thanks to Robert Weiner for these resources
Question What resources do you recommend?
Questions, Answers, Discussion Questions?
Sean Watson sean@techeffectrocks.org 919-373-4234

Recommended

Is Anti-Virus Dead?
Is Anti-Virus Dead?Is Anti-Virus Dead?
Is Anti-Virus Dead?
ESET
 
Common WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemCommon WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About Them
Eoin Woods
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
Stephanie Bies
 
ESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business ProductsESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business Products
ESET
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
ESET
 
ESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to Enterprises
ESET
 
Anti theft file protection
Anti theft file protectionAnti theft file protection
Anti theft file protection
Daniel Aparicio
 
McAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint SecurityMcAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint Security
netlogix
 

Recommended

Is Anti-Virus Dead?
Is Anti-Virus Dead?Is Anti-Virus Dead?
Is Anti-Virus Dead?
ESET
 
Common WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemCommon WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About Them
Eoin Woods
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
Stephanie Bies
 
ESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business ProductsESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business Products
ESET
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
ESET
 
ESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to Enterprises
ESET
 
Anti theft file protection
Anti theft file protectionAnti theft file protection
Anti theft file protection
Daniel Aparicio
 
McAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint SecurityMcAfee MOVE & Endpoint Security
McAfee MOVE & Endpoint Security
netlogix
 
2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat Review
ESET
 
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Symantec
 
Symantec Ubiquity
Symantec UbiquitySymantec Ubiquity
Symantec Ubiquity
Symantec
 
The Cloud - What's different
The Cloud - What's differentThe Cloud - What's different
The Cloud - What's different
Chen-Tien Tsai
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within Agile
Netlight Consulting
 
8-tips-protecting-your-assets(pv1)
8-tips-protecting-your-assets(pv1)8-tips-protecting-your-assets(pv1)
8-tips-protecting-your-assets(pv1)
Julia Angell
 
MID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_ENMID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_EN
Vladyslav Radetsky
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
SOCIALware Benelux
 
Eset India General Presentation
Eset India General PresentationEset India General Presentation
Eset India General Presentation
Ksenia Kondratieva
 
The Changing Landscape of Information Security
The Changing Landscape of Information SecurityThe Changing Landscape of Information Security
The Changing Landscape of Information Security
DevSecOpsSg
 
Product overview-eset-file-security
Product overview-eset-file-securityProduct overview-eset-file-security
Product overview-eset-file-security
Üstün Koruma
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility Strategy
Symantec
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
Symantec
 
Alex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Alex Michael | Empowering End Users: Your Frontline Cyber Security DefenceAlex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Alex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Pro Mrkt
 
Lets talk about bug hunting
Lets talk about bug huntingLets talk about bug hunting
Lets talk about bug hunting
Kirill Ermakov
 
Defence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsDefence in Depth Architectural Decisions
Defence in Depth Architectural Decisions
Peter Rawsthorne
 
Symantec Web Security Solutions
Symantec Web Security SolutionsSymantec Web Security Solutions
Symantec Web Security Solutions
Symantec
 
Why current security solutions fail
Why current security solutions failWhy current security solutions fail
Why current security solutions fail
DaveEdwards12
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore development
gmaran23
 
Design editorial e de apresentação
Design editorial e de apresentaçãoDesign editorial e de apresentação
Design editorial e de apresentação
DesignCRV • Graphic Designer
 
Teachers, admission and the future
Teachers, admission and the futureTeachers, admission and the future
Teachers, admission and the future
statisense
 
Components_ Voyage_tj1
Components_ Voyage_tj1Components_ Voyage_tj1
Components_ Voyage_tj1
Tom Jacyszyn
 

More Related Content

What's hot

2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat Review
ESET
 
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Symantec
 
Symantec Ubiquity
Symantec UbiquitySymantec Ubiquity
Symantec Ubiquity
Symantec
 
The Cloud - What's different
The Cloud - What's differentThe Cloud - What's different
The Cloud - What's different
Chen-Tien Tsai
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within Agile
Netlight Consulting
 
8-tips-protecting-your-assets(pv1)
8-tips-protecting-your-assets(pv1)8-tips-protecting-your-assets(pv1)
8-tips-protecting-your-assets(pv1)
Julia Angell
 
MID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_ENMID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_EN
Vladyslav Radetsky
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
SOCIALware Benelux
 
Eset India General Presentation
Eset India General PresentationEset India General Presentation
Eset India General Presentation
Ksenia Kondratieva
 
The Changing Landscape of Information Security
The Changing Landscape of Information SecurityThe Changing Landscape of Information Security
The Changing Landscape of Information Security
DevSecOpsSg
 
Product overview-eset-file-security
Product overview-eset-file-securityProduct overview-eset-file-security
Product overview-eset-file-security
Üstün Koruma
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility Strategy
Symantec
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
Symantec
 
Alex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Alex Michael | Empowering End Users: Your Frontline Cyber Security DefenceAlex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Alex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Pro Mrkt
 
Lets talk about bug hunting
Lets talk about bug huntingLets talk about bug hunting
Lets talk about bug hunting
Kirill Ermakov
 
Defence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsDefence in Depth Architectural Decisions
Defence in Depth Architectural Decisions
Peter Rawsthorne
 
Symantec Web Security Solutions
Symantec Web Security SolutionsSymantec Web Security Solutions
Symantec Web Security Solutions
Symantec
 
Why current security solutions fail
Why current security solutions failWhy current security solutions fail
Why current security solutions fail
DaveEdwards12
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore development
gmaran23
 

What's hot (19)

2014: Mid-Year Threat Review
2014: Mid-Year Threat Review2014: Mid-Year Threat Review
2014: Mid-Year Threat Review
 
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
 
Symantec Ubiquity
Symantec UbiquitySymantec Ubiquity
Symantec Ubiquity
 
The Cloud - What's different
The Cloud - What's differentThe Cloud - What's different
The Cloud - What's different
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within Agile
 
8-tips-protecting-your-assets(pv1)
8-tips-protecting-your-assets(pv1)8-tips-protecting-your-assets(pv1)
8-tips-protecting-your-assets(pv1)
 
MID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_ENMID_Complex_Network_Security_Alex_de_Graaf_EN
MID_Complex_Network_Security_Alex_de_Graaf_EN
 
ESET on cybersecurity.
ESET on cybersecurity.ESET on cybersecurity.
ESET on cybersecurity.
 
Eset India General Presentation
Eset India General PresentationEset India General Presentation
Eset India General Presentation
 
The Changing Landscape of Information Security
The Changing Landscape of Information SecurityThe Changing Landscape of Information Security
The Changing Landscape of Information Security
 
Product overview-eset-file-security
Product overview-eset-file-securityProduct overview-eset-file-security
Product overview-eset-file-security
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility Strategy
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
 
Alex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Alex Michael | Empowering End Users: Your Frontline Cyber Security DefenceAlex Michael | Empowering End Users: Your Frontline Cyber Security Defence
Alex Michael | Empowering End Users: Your Frontline Cyber Security Defence
 
Lets talk about bug hunting
Lets talk about bug huntingLets talk about bug hunting
Lets talk about bug hunting
 
Defence in Depth Architectural Decisions
Defence in Depth Architectural DecisionsDefence in Depth Architectural Decisions
Defence in Depth Architectural Decisions
 
Symantec Web Security Solutions
Symantec Web Security SolutionsSymantec Web Security Solutions
Symantec Web Security Solutions
 
Why current security solutions fail
Why current security solutions failWhy current security solutions fail
Why current security solutions fail
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore development
 

Viewers also liked

Design editorial e de apresentação
Design editorial e de apresentaçãoDesign editorial e de apresentação
Design editorial e de apresentação
DesignCRV • Graphic Designer
 
Teachers, admission and the future
Teachers, admission and the futureTeachers, admission and the future
Teachers, admission and the future
statisense
 
Components_ Voyage_tj1
Components_ Voyage_tj1Components_ Voyage_tj1
Components_ Voyage_tj1
Tom Jacyszyn
 
Utme-2013-performance-analysis
Utme-2013-performance-analysisUtme-2013-performance-analysis
Utme-2013-performance-analysis
statisense
 
Comparative analysis of applicants' utme subjects jamb 2011 2013
Comparative analysis of applicants' utme subjects jamb 2011 2013Comparative analysis of applicants' utme subjects jamb 2011 2013
Comparative analysis of applicants' utme subjects jamb 2011 2013
statisense
 
Budget and Population
Budget and PopulationBudget and Population
Budget and Population
statisense
 
Informe pisoje pescc
Informe pisoje pesccInforme pisoje pescc
Informe pisoje pescc
pesccliceo
 
Avviso pubblico buoni servizio di conciliazione
Avviso pubblico buoni servizio di conciliazioneAvviso pubblico buoni servizio di conciliazione
Avviso pubblico buoni servizio di conciliazioneValleditria News
 
Slideshare on statiSense
Slideshare on statiSenseSlideshare on statiSense
Slideshare on statiSense
statisense
 
Nigeria 2015 elections
Nigeria 2015 electionsNigeria 2015 elections
Nigeria 2015 elections
statisense
 
Politics the weakened oppositions
Politics the weakened oppositionsPolitics the weakened oppositions
Politics the weakened oppositions
statisense
 
Nigeria global competitiveness index infrastructure (2006 - 2012)
Nigeria global competitiveness index infrastructure (2006 - 2012)Nigeria global competitiveness index infrastructure (2006 - 2012)
Nigeria global competitiveness index infrastructure (2006 - 2012)
statisense
 
Is tertiary education possible for me
Is tertiary education possible for meIs tertiary education possible for me
Is tertiary education possible for me
statisense
 
Making nigerian cities safe
Making nigerian cities safeMaking nigerian cities safe
Making nigerian cities safe
statisense
 
Nigeria-peace-index
Nigeria-peace-indexNigeria-peace-index
Nigeria-peace-index
statisense
 
Researching A Stock As A Business
Researching A Stock As A BusinessResearching A Stock As A Business
Researching A Stock As A Business
How To Be A Stock Market Player
 
Nigeria scorecard 2011 to 2014
Nigeria scorecard 2011 to 2014Nigeria scorecard 2011 to 2014
Nigeria scorecard 2011 to 2014
statisense
 
Sanità: i dati del Pdl di Martina Franca
Sanità: i dati del Pdl di Martina FrancaSanità: i dati del Pdl di Martina Franca
Sanità: i dati del Pdl di Martina Franca
Valleditria News
 

Viewers also liked (20)

Design editorial e de apresentação
Design editorial e de apresentaçãoDesign editorial e de apresentação
Design editorial e de apresentação
 
Teachers, admission and the future
Teachers, admission and the futureTeachers, admission and the future
Teachers, admission and the future
 
Components_ Voyage_tj1
Components_ Voyage_tj1Components_ Voyage_tj1
Components_ Voyage_tj1
 
Utme-2013-performance-analysis
Utme-2013-performance-analysisUtme-2013-performance-analysis
Utme-2013-performance-analysis
 
Sentenza idv
Sentenza idvSentenza idv
Sentenza idv
 
Comparative analysis of applicants' utme subjects jamb 2011 2013
Comparative analysis of applicants' utme subjects jamb 2011 2013Comparative analysis of applicants' utme subjects jamb 2011 2013
Comparative analysis of applicants' utme subjects jamb 2011 2013
 
Budget and Population
Budget and PopulationBudget and Population
Budget and Population
 
Informe pisoje pescc
Informe pisoje pesccInforme pisoje pescc
Informe pisoje pescc
 
Avviso pubblico buoni servizio di conciliazione
Avviso pubblico buoni servizio di conciliazioneAvviso pubblico buoni servizio di conciliazione
Avviso pubblico buoni servizio di conciliazione
 
Slideshare on statiSense
Slideshare on statiSenseSlideshare on statiSense
Slideshare on statiSense
 
Nigeria 2015 elections
Nigeria 2015 electionsNigeria 2015 elections
Nigeria 2015 elections
 
Politics the weakened oppositions
Politics the weakened oppositionsPolitics the weakened oppositions
Politics the weakened oppositions
 
Nigeria global competitiveness index infrastructure (2006 - 2012)
Nigeria global competitiveness index infrastructure (2006 - 2012)Nigeria global competitiveness index infrastructure (2006 - 2012)
Nigeria global competitiveness index infrastructure (2006 - 2012)
 
Is tertiary education possible for me
Is tertiary education possible for meIs tertiary education possible for me
Is tertiary education possible for me
 
Making nigerian cities safe
Making nigerian cities safeMaking nigerian cities safe
Making nigerian cities safe
 
Nigeria-peace-index
Nigeria-peace-indexNigeria-peace-index
Nigeria-peace-index
 
Case dell'acqua
Case dell'acquaCase dell'acqua
Case dell'acqua
 
Researching A Stock As A Business
Researching A Stock As A BusinessResearching A Stock As A Business
Researching A Stock As A Business
 
Nigeria scorecard 2011 to 2014
Nigeria scorecard 2011 to 2014Nigeria scorecard 2011 to 2014
Nigeria scorecard 2011 to 2014
 
Sanità: i dati del Pdl di Martina Franca
Sanità: i dati del Pdl di Martina FrancaSanità: i dati del Pdl di Martina Franca
Sanità: i dati del Pdl di Martina Franca
 

Similar to IT Security for Nonprofits 101

Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
hack33
 
Question 1 Discuss some human safeguards for employees that can .docx
Question 1 Discuss some human safeguards for employees that can .docxQuestion 1 Discuss some human safeguards for employees that can .docx
Question 1 Discuss some human safeguards for employees that can .docx
IRESH3
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
FRSecure
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
Anant Shrivastava
 
Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5
FRSecure
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
North Texas Chapter of the ISSA
 
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKeeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Kelly Robertson
 
Security For Free
Security For FreeSecurity For Free
Security For Free
gwarden
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
Stephanie Bies
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical Hacking
Ravi Sankar
 
Security audit
Security auditSecurity audit
Security audit
Nicholas Davis
 
Security Audit
Security AuditSecurity Audit
Security Audit
Nicholas Davis
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
Splunk
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017
Adrian Sanabria
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale
 
Webinar: Ransomware - Five Reasons You’re Not As Protected As You Think
Webinar: Ransomware - Five Reasons You’re Not As Protected As You ThinkWebinar: Ransomware - Five Reasons You’re Not As Protected As You Think
Webinar: Ransomware - Five Reasons You’re Not As Protected As You Think
Storage Switzerland
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
Nicholas Davis
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
Precisely
 
Security.pdf
Security.pdfSecurity.pdf
Security.pdf
Karthick Panneerselvam
 
security.ppt
security.pptsecurity.ppt
security.ppt
Bernad Bear
 

Similar to IT Security for Nonprofits 101 (20)

Invited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open SourceInvited Talk - Cyber Security and Open Source
Invited Talk - Cyber Security and Open Source
 
Question 1 Discuss some human safeguards for employees that can .docx
Question 1 Discuss some human safeguards for employees that can .docxQuestion 1 Discuss some human safeguards for employees that can .docx
Question 1 Discuss some human safeguards for employees that can .docx
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 
Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
 
Keeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application SecurityKeeping Secrets on the Internet of Things - Mobile Web Application Security
Keeping Secrets on the Internet of Things - Mobile Web Application Security
 
Security For Free
Security For FreeSecurity For Free
Security For Free
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
Hacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical HackingHacktrikz - Introduction to Information Security & Ethical Hacking
Hacktrikz - Introduction to Information Security & Ethical Hacking
 
Security audit
Security auditSecurity audit
Security audit
 
Security Audit
Security AuditSecurity Audit
Security Audit
 
SplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealthSplunkLive! Customer Presentation – athenahealth
SplunkLive! Customer Presentation – athenahealth
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
 
Webinar: Ransomware - Five Reasons You’re Not As Protected As You Think
Webinar: Ransomware - Five Reasons You’re Not As Protected As You ThinkWebinar: Ransomware - Five Reasons You’re Not As Protected As You Think
Webinar: Ransomware - Five Reasons You’re Not As Protected As You Think
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
 
Security.pdf
Security.pdfSecurity.pdf
Security.pdf
 
security.ppt
security.pptsecurity.ppt
security.ppt
 

Recently uploaded

Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
LucaBarbaro3
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Pravash Chandra Das
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
saastr
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 

Recently uploaded (20)

Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 

IT Security for Nonprofits 101

  • 1. An Introduction IT Security for Nonprofits 101
  • 2. 1. Introductions 2. The Security Landscape 3. 7 Easy Steps to Be More Secure Overview of Session 4. Resource Sharing 5. Q/A Questions Sprinkled Throughout
  • 3. 1. Name 2. Organization 3. Mission 4. Approx. Number of Staff 5. Why are you here? Introductions • Get some idea of what security is about • It’s something I need to know about • Other reason?
  • 4. User Oriented Levels of Security Web Cloud Network (WAN) Network (LAN) Workstation + Mobile
  • 5. Security is all about Balance The Iron Triangle • Cost • Time • Quality Balancing Needs Main Factors for Most Groups • Limited Budget + Lack of Awareness • Forget to sharpen the saw • No good sources for information
  • 6. Question What has your experience been with balancing needs?
  • 7. Seven Steps to a More Secure Organization 1. Keep All Software Updated 2. Get Enterprise Antivirus 3. Cultivate Aware Users 4. Balance Privacy, Security, and Productivity 5. Know Your Compliance Needs 6. Establish a Strong Password Policy Overview 7. Stay Informed
  • 8. 1. Keep Software Updated Workstation Software Updates • OS (Windows, Mac OS X) • Microsoft Office • Adobe (Acrobat, Flash, Air) • Browsers (Chrome, Firefox, IE) • Email Client (Outlook, Thunderbird) • Anti-Virus/Anti-Malware/Anti-Spyware • iTunes and Device Firmware • Remote Access/VPN
  • 9. 1. Keep Software Updated Server Software Updates • BIOS • Device Drivers (Especially RAID) • Windows Server • Exchange Server (Email) • SQL Server (Database) • Endpoint Protection (such as Symantec) • Backup Software (such as BackupExec) • Proprietary Systems
  • 10. Question How does your team handle updates?
  • 11. 2. Get Enterprise Antivirus Techsoup – Symantec Endpoint Protection • $5/system • Server-based Management Option • Integrates with BackupExec • Anti-virus • Anti-malware • Anti-spyware • Firewall (Software) • Protect ALL Systems (Incl. Volunteer, etc)
  • 12. Question What is your anti-virus experience? Product story?
  • 13. 3. Cultivate Aware Users Everyone is responsible for security! • Know your software • Read prompts, don’t just click Ok • Installation Approval Process • Dangers of USB Drives, Mobiles, iPods, etc • Explain why, not just how and what • Recruit your tech savvy users to help • Encourage them to speak up!
  • 14. Question How does your organization cultivate an aware team?
  • 15. 4. Privacy, Security, Productivity Balance is the key to Security • Be Real - If it ain’t used, it don’t work! • Be Honest – Tell users what to expect • Privacy – Tell users what you monitor • Balance Risk Prevention vs Recovery • Address Complaints with solutions
  • 16. Question What are your privacy concerns (org and individual)?
  • 17. Know Your Compliance Needs • PCI (Payment Processing) • HIPAA (Medical Information) • SAS70 • SSAE16 5. Compliance • Funder/Grant Requirements
  • 18. Secure Passwords: • At least 8 characters 6. Strong Password Policy • At least one each of: • Uppercase Letter • Lowercase Letter • Number • Symbol (!@#$%^&*()) Example: P@ssw0rdsSuck!
  • 19. Use a password database for ease • KeePass (Free and Open Source) 6. Strong Password Policy • SplashID (Syncs between devices) Use browsers to store passwords • Set master password • Only on your system (which is password protected) Protect your systems and devices
  • 20. Question What tips can you share for password success?
  • 21. Top Resources for Security Information • NTEN • US CERT • Symantec 7. Stay Informed • Techrepublic • Techsoup Security Forum* • http://501cybersecurity.com/* • EDUCAUSE* * Thanks to Robert Weiner for these resources
  • 22. Question What resources do you recommend?