SlideShare a Scribd company logo

Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan

Download as PPTX, PDF
North Texas Chapter of the ISSA
North Texas Chapter of the ISSA

Laurianna Callaghan presented on developing a security awareness program from simple to mature. She outlined the SANS maturity model, which ranges from non-existent programs to mature programs that incorporate metrics and a security awareness lifecycle. Callaghan discussed key elements of simple, compliance-focused, and promoting awareness programs before focusing on the characteristics of a mature program, including measuring impact through metrics in areas like compliance, incidents, culture and technology. She emphasized changing perspectives to see humans not as a liability but as stakeholders and concluded by offering next steps organizations can take to advance their programs.

1 of 29
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security Security Awareness Program From 0 to Maturity Laurianna Callaghan, CISSP, CCNA Security Information Security 11/11/2017
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security AGENDA
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security AGENDA • Why bother with the human? • Simple program. • Mature program. • Next steps. 3
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security WHY BOTHER WITH THE HUMAN? 4
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security STATISTICS • Statistics against the human are daunting. • Humans are the prevalent enabler of attacks from the outside. • The stronger your security, the more humans will become targets. 5 Technology 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Compliance 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Culture 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security “JUST ONE CLICK” • Fallacy: If one person in a company clicks, we might as well not teach anyone. • If enough people report spam, Security may be able to take quick action. • Less devices would get infected by malware. • If using an anti-virus, other companies will benefit. • Security Awareness saves time, effort and money. 6
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security LACK OF CONTROL 7 • For the most part, you can control technology through proper configuration and prevention. • Humans are unpredictable and cannot be configured. They require a different method of security. Some don’t care. Some don’t understand. Some don’t know. Some just want to be left alone.
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security SLEEP • A truly mature security awareness program can help you sleep.* • From security awareness alone, a mature dashboard can help determine which technology is “in danger.” • Think of what can be done when consolidating metrics with other secure applications and AI programs. *This statement not evaluated by the FDA.  8 KEEPS YOU UP AT NIGHT
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security SIMPLE PROGRAM 9
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security SANS MATURITY MODEL 10
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security NON-EXISTENT • Smaller companies. • Small home-grown companies. • No perceived need for PCI-DSS or HIPAA, etc. • Companies that don’t know what to do. • Companies that don’t follow regulations. 11
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security COMPLIANCE FOCUSED • Most simple programs include just 1 or 2 projects. • Trinkets and training only. • Newsletter or other form of sending tips and information. • Humans chose whether they participate, and many don’t. • Forgo the Security Awareness Life Cycle. “Be Secure” Button
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security PROMOTING AWARENESS • Understands behavior change. • Teaches home and travel security. • Program consistent annually. • Targets specific behaviors. • Continual reinforcement. • Learn by example. • Changes behavior. 13
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security CULTURE CHANGE • Focuses beyond training with multiple delivery methods. • Follows the Security Awareness Life Cycle. • Consistent review of program with updates. • Executive buy-in. • Budge resources. 14
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security MATURE PROGRAM 15
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security SANS MATURITY MODEL 16
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security MATURE PROGRAM • Metrics track progress and measure impact. • Each project is planned, analyzed, designed, implemented and continually maintained. • Given a technology, the dashboard can show which human and insecure activity poses the greatest danger. • Awareness programs continually improve with time. • A culture is built inherently that humans want to participate in. • Program and projects are robust. 17
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security CHANGE • Change our need for control when it comes to the human factor. • Change will bring more than you’ve ever dreamed of to your whole security program and team. 18 • Customer service is key. • Your department’s reputation has everything to do with it. • Have “honey” at the ready. • You can catch more flies with honey than you can with vinegar. • Plan fun activities. • What do they know about the Security Dept.?
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security BUY IN • Humans must have a stake in the game. • “What’s in it for me?” • Protect your family. • Protect your 401k/retirement funds. • Gain useful items. • Gain fun prizes. • Share with others (knowledge). • Resume builder for some. 19
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security DASHBOARD • Includes metrics: • Compliance • Incident • Culture • Technology • Others 20
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security COMPLIANCE METRICS • Regulations not followed. • Internal Audit • Outside Audits • Specialized Audits • Training course completions. • Remote employee attestations. • Non-compliancy reports received to audit/security. • Policy not followed. 21 Training Completions 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Attestations 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Non-Compliant 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security INCIDENT METRICS • SPAM and phishing reported. • Social engineering phone calls reported. • Phishing texts reported. • Number of brute forced passwords cracked. • Screen viewable area checks. • Confidential data printed and left unattended checks. • Screen lock checks. 22 SPAM 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Security Check 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Passwords Cracked 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security CULTURE METRICS • Number of respondents to SA surveys. • Number of attendees at road shows. • Number of newsletter readers. • Number of complimentary emails to program. • Number of badge warnings. • Number of visits to intranet site. 23 Road Show Attendance 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Newsletter Unique Views 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Intranet Unique Views 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security TECHNOLOGY METRICS • Phishing and other SA metrics go much, much further than a simple program. • Learn which databases, which machines, etc. are at the greatest risk. 24 Server Z 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Database A 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Data Store 3 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security AWARENESS LIFE CYCLE • Follow the Security Awareness Life Cycle (SALC)*. • Requirement analysis • Design • Implement • Test and integrate • Maintain and Evolve • SALC applies to each project. *Software/Systems Development Life Cycle (SDLC) 25
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security NEXT STEPS 26
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security NEXT STEPS • Discuss a Security Awareness program with your CSO. • Get executive buy-in. Present or invite FBI, Police or other authoritative speaker(s). • Navigate to SANS Securing the Human. • Discuss the importance of human security to your CISO and/or CSO. Use real examples. • Follow the SANS maturity model to find your company’s level and challenge them to move forward. 27
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security QUESTIONS 28
NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security 29 Thank you

Recommended

NTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan HorseNTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan Horse
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
North Texas Chapter of the ISSA
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
North Texas Chapter of the ISSA
 
Predicting exploitability-forecasts-for-vulnerability-management
Predicting exploitability-forecasts-for-vulnerability-managementPredicting exploitability-forecasts-for-vulnerability-management
Predicting exploitability-forecasts-for-vulnerability-management
Priyanka Aash
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
Priyanka Aash
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
Sylvain Martinez
 

Recommended

NTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan HorseNTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan Horse
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
North Texas Chapter of the ISSA
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
North Texas Chapter of the ISSA
 
Predicting exploitability-forecasts-for-vulnerability-management
Predicting exploitability-forecasts-for-vulnerability-managementPredicting exploitability-forecasts-for-vulnerability-management
Predicting exploitability-forecasts-for-vulnerability-management
Priyanka Aash
 
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
Priyanka Aash
 
SOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
Sylvain Martinez
 
Republic Services Customer Presentation
Republic Services Customer PresentationRepublic Services Customer Presentation
Republic Services Customer Presentation
Splunk
 
Insights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-centerInsights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-center
Priyanka Aash
 
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)
Priyanka Aash
 
(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood
Alireza Ghahrood
 
SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)
Priyanka Aash
 
How security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsHow security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applications
Splunk
 
A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France
Splunk
 
A Day in the Life of a GDPR Breach
A Day in the Life of a GDPR BreachA Day in the Life of a GDPR Breach
A Day in the Life of a GDPR Breach
Splunk
 
Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA
Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
SplunkLive! London 2016 Operational Security Intelligence
SplunkLive! London 2016 Operational Security IntelligenceSplunkLive! London 2016 Operational Security Intelligence
SplunkLive! London 2016 Operational Security Intelligence
Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
Sqrrl
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
ThreatConnect
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Saumil Shah
 
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemThe Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
Priyanka Aash
 
SplunkLive! Customer Presentation - Cisco Systems, Inc.
SplunkLive! Customer Presentation - Cisco Systems, Inc.SplunkLive! Customer Presentation - Cisco Systems, Inc.
SplunkLive! Customer Presentation - Cisco Systems, Inc.Splunk
 
Soc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- themSoc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- them
Priyanka Aash
 
A Day in the Life of a GDPR Breach - September 2017: Germany
A Day in the Life of a GDPR Breach - September 2017: Germany A Day in the Life of a GDPR Breach - September 2017: Germany
A Day in the Life of a GDPR Breach - September 2017: Germany
Splunk
 
Security as Code owasp
Security as Code owaspSecurity as Code owasp
Security as Code owasp
Shannon Lietz
 
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
North Texas Chapter of the ISSA
 

More Related Content

What's hot

Republic Services Customer Presentation
Republic Services Customer PresentationRepublic Services Customer Presentation
Republic Services Customer Presentation
Splunk
 
Insights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-centerInsights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-center
Priyanka Aash
 
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)
Priyanka Aash
 
(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood
Alireza Ghahrood
 
SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)
Priyanka Aash
 
How security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsHow security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applications
Splunk
 
A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France
Splunk
 
A Day in the Life of a GDPR Breach
A Day in the Life of a GDPR BreachA Day in the Life of a GDPR Breach
A Day in the Life of a GDPR Breach
Splunk
 
Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA
Splunk
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
Splunk
 
SplunkLive! London 2016 Operational Security Intelligence
SplunkLive! London 2016 Operational Security IntelligenceSplunkLive! London 2016 Operational Security Intelligence
SplunkLive! London 2016 Operational Security Intelligence
Splunk
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
Splunk
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
Sqrrl
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
ThreatConnect
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Saumil Shah
 
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemThe Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
Priyanka Aash
 
SplunkLive! Customer Presentation - Cisco Systems, Inc.
SplunkLive! Customer Presentation - Cisco Systems, Inc.SplunkLive! Customer Presentation - Cisco Systems, Inc.
SplunkLive! Customer Presentation - Cisco Systems, Inc.Splunk
 
Soc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- themSoc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- them
Priyanka Aash
 
A Day in the Life of a GDPR Breach - September 2017: Germany
A Day in the Life of a GDPR Breach - September 2017: Germany A Day in the Life of a GDPR Breach - September 2017: Germany
A Day in the Life of a GDPR Breach - September 2017: Germany
Splunk
 
Security as Code owasp
Security as Code owaspSecurity as Code owasp
Security as Code owasp
Shannon Lietz
 

What's hot (20)

Republic Services Customer Presentation
Republic Services Customer PresentationRepublic Services Customer Presentation
Republic Services Customer Presentation
 
Insights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-centerInsights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-center
 
SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)SACON - Devops-container (Richard Bussiere)
SACON - Devops-container (Richard Bussiere)
 
(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood(Certificates2019)alireza.ghahrood
(Certificates2019)alireza.ghahrood
 
SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)
 
How security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applicationsHow security analytics helps UCAS protect 700,000 student applications
How security analytics helps UCAS protect 700,000 student applications
 
A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France A Day in the Life of a GDPR Breach - September 2017: France
A Day in the Life of a GDPR Breach - September 2017: France
 
A Day in the Life of a GDPR Breach
A Day in the Life of a GDPR BreachA Day in the Life of a GDPR Breach
A Day in the Life of a GDPR Breach
 
Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
SplunkLive! London 2016 Operational Security Intelligence
SplunkLive! London 2016 Operational Security IntelligenceSplunkLive! London 2016 Operational Security Intelligence
SplunkLive! London 2016 Operational Security Intelligence
 
Splunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior AnalyticsSplunk for Enterprise Security and User Behavior Analytics
Splunk for Enterprise Security and User Behavior Analytics
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital Sovereignty
 
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications EcosystemThe Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem
 
SplunkLive! Customer Presentation - Cisco Systems, Inc.
SplunkLive! Customer Presentation - Cisco Systems, Inc.SplunkLive! Customer Presentation - Cisco Systems, Inc.
SplunkLive! Customer Presentation - Cisco Systems, Inc.
 
Soc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- themSoc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- them
 
A Day in the Life of a GDPR Breach - September 2017: Germany
A Day in the Life of a GDPR Breach - September 2017: Germany A Day in the Life of a GDPR Breach - September 2017: Germany
A Day in the Life of a GDPR Breach - September 2017: Germany
 
Security as Code owasp
Security as Code owaspSecurity as Code owasp
Security as Code owasp
 

Viewers also liked

NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
North Texas Chapter of the ISSA
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
North Texas Chapter of the ISSA
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykesNtxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersenNtxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
North Texas Chapter of the ISSA
 

Viewers also liked (12)

NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykesNtxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
 
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersenNtxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
 

Similar to Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan

Purple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcuttPurple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcutt
North Texas Chapter of the ISSA
 
Ntxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliencyNtxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliency
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
North Texas Chapter of the ISSA
 
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
North Texas Chapter of the ISSA
 
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
North Texas Chapter of the ISSA
 
NTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold ToomeyNTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human DashboardNTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
North Texas Chapter of the ISSA
 
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
North Texas Chapter of the ISSA
 
NTXISSACSC2 - Why Lead with Risk? by Doug Landoll
NTXISSACSC2 - Why Lead with Risk? by Doug LandollNTXISSACSC2 - Why Lead with Risk? by Doug Landoll
NTXISSACSC2 - Why Lead with Risk? by Doug Landoll
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in Depth
North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cep
North Texas Chapter of the ISSA
 
NTXISSACSC4 - A Brief History of Cryptographic Failures
NTXISSACSC4 - A Brief History of Cryptographic FailuresNTXISSACSC4 - A Brief History of Cryptographic Failures
NTXISSACSC4 - A Brief History of Cryptographic Failures
North Texas Chapter of the ISSA
 
The Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry ExpertsThe Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry Experts
Shawn Tuma
 
NTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-VirusNTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-Virus
North Texas Chapter of the ISSA
 
SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco
Splunk
 
CV | Michele Spagnuolo
CV | Michele SpagnuoloCV | Michele Spagnuolo
CV | Michele Spagnuolo
Michele Spagnuolo
 
NTXISSACSC2 - The Evolving DMZ by John Fehan
NTXISSACSC2 - The Evolving DMZ by John FehanNTXISSACSC2 - The Evolving DMZ by John Fehan
NTXISSACSC2 - The Evolving DMZ by John Fehan
North Texas Chapter of the ISSA
 
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Splunk
 
NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...
NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...
NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...
North Texas Chapter of the ISSA
 

Similar to Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan (20)

Purple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcuttPurple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcutt
 
Ntxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliencyNtxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliency
 
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
NTXISSACSC4 - Business Geekdom: 1 = 3 = 5
 
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
 
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
NTXISSACSC3 - HELP! My Vulnerability Management Program is Failing! by Kevin ...
 
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
NTXISSACSC4 - Array Networks - A Layered Approach to Web and Application Secu...
 
NTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold ToomeyNTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
 
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human DashboardNTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
NTXISSACSC4 - Red, Amber, Green Status: The Human Dashboard
 
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
NTXISSACSC3 - Find, Fix, Finish ... Tracking the Real Bad Guys in Cyberspace ...
 
NTXISSACSC2 - Why Lead with Risk? by Doug Landoll
NTXISSACSC2 - Why Lead with Risk? by Doug LandollNTXISSACSC2 - Why Lead with Risk? by Doug Landoll
NTXISSACSC2 - Why Lead with Risk? by Doug Landoll
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in Depth
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cep
 
NTXISSACSC4 - A Brief History of Cryptographic Failures
NTXISSACSC4 - A Brief History of Cryptographic FailuresNTXISSACSC4 - A Brief History of Cryptographic Failures
NTXISSACSC4 - A Brief History of Cryptographic Failures
 
The Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry ExpertsThe Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry Experts
 
NTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-VirusNTXISSACSC4 - The Art of Evading Anti-Virus
NTXISSACSC4 - The Art of Evading Anti-Virus
 
SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco SplunkLive! Warsaw 2016 - Cisco
SplunkLive! Warsaw 2016 - Cisco
 
CV | Michele Spagnuolo
CV | Michele SpagnuoloCV | Michele Spagnuolo
CV | Michele Spagnuolo
 
NTXISSACSC2 - The Evolving DMZ by John Fehan
NTXISSACSC2 - The Evolving DMZ by John FehanNTXISSACSC2 - The Evolving DMZ by John Fehan
NTXISSACSC2 - The Evolving DMZ by John Fehan
 
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout SessionCisco and Splunk: Under the Hood of Cisco IT Breakout Session
Cisco and Splunk: Under the Hood of Cisco IT Breakout Session
 
NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...
NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...
NTXISSACSC3 - Vulnerability Management Isn't Simple ... (or How to Make Your ...
 

More from North Texas Chapter of the ISSA

Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediation
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finneyNtxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
North Texas Chapter of the ISSA
 
NTXISSACSC4 - World of Discovery
NTXISSACSC4 - World of DiscoveryNTXISSACSC4 - World of Discovery
NTXISSACSC4 - World of Discovery
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions ArchitectNTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green GameNTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green Game
North Texas Chapter of the ISSA
 

More from North Texas Chapter of the ISSA (7)

Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediation
 
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finneyNtxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
 
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
 
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
 
NTXISSACSC4 - World of Discovery
NTXISSACSC4 - World of DiscoveryNTXISSACSC4 - World of Discovery
NTXISSACSC4 - World of Discovery
 
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions ArchitectNTXISSACSC4 - Day in the Life of a Security Solutions Architect
NTXISSACSC4 - Day in the Life of a Security Solutions Architect
 
NTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green GameNTXISSACSC4 - Hacking Performance Management, the Blue Green Game
NTXISSACSC4 - Hacking Performance Management, the Blue Green Game
 

Recently uploaded

ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
Himani415946
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
TristanJasperRamos
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
Output determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CCOutput determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CC
ShahulHameed54211
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 

Recently uploaded (16)

ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
Output determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CCOutput determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CC
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 

Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan

  • 1. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security Security Awareness Program From 0 to Maturity Laurianna Callaghan, CISSP, CCNA Security Information Security 11/11/2017
  • 2. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security AGENDA
  • 3. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security AGENDA • Why bother with the human? • Simple program. • Mature program. • Next steps. 3
  • 4. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security WHY BOTHER WITH THE HUMAN? 4
  • 5. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security STATISTICS • Statistics against the human are daunting. • Humans are the prevalent enabler of attacks from the outside. • The stronger your security, the more humans will become targets. 5 Technology 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Compliance 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Culture 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr
  • 6. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security “JUST ONE CLICK” • Fallacy: If one person in a company clicks, we might as well not teach anyone. • If enough people report spam, Security may be able to take quick action. • Less devices would get infected by malware. • If using an anti-virus, other companies will benefit. • Security Awareness saves time, effort and money. 6
  • 7. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security LACK OF CONTROL 7 • For the most part, you can control technology through proper configuration and prevention. • Humans are unpredictable and cannot be configured. They require a different method of security. Some don’t care. Some don’t understand. Some don’t know. Some just want to be left alone.
  • 8. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security SLEEP • A truly mature security awareness program can help you sleep.* • From security awareness alone, a mature dashboard can help determine which technology is “in danger.” • Think of what can be done when consolidating metrics with other secure applications and AI programs. *This statement not evaluated by the FDA.  8 KEEPS YOU UP AT NIGHT
  • 9. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security SIMPLE PROGRAM 9
  • 10. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security SANS MATURITY MODEL 10
  • 11. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security NON-EXISTENT • Smaller companies. • Small home-grown companies. • No perceived need for PCI-DSS or HIPAA, etc. • Companies that don’t know what to do. • Companies that don’t follow regulations. 11
  • 12. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security COMPLIANCE FOCUSED • Most simple programs include just 1 or 2 projects. • Trinkets and training only. • Newsletter or other form of sending tips and information. • Humans chose whether they participate, and many don’t. • Forgo the Security Awareness Life Cycle. “Be Secure” Button
  • 13. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security PROMOTING AWARENESS • Understands behavior change. • Teaches home and travel security. • Program consistent annually. • Targets specific behaviors. • Continual reinforcement. • Learn by example. • Changes behavior. 13
  • 14. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security CULTURE CHANGE • Focuses beyond training with multiple delivery methods. • Follows the Security Awareness Life Cycle. • Consistent review of program with updates. • Executive buy-in. • Budge resources. 14
  • 15. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security MATURE PROGRAM 15
  • 16. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security SANS MATURITY MODEL 16
  • 17. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security MATURE PROGRAM • Metrics track progress and measure impact. • Each project is planned, analyzed, designed, implemented and continually maintained. • Given a technology, the dashboard can show which human and insecure activity poses the greatest danger. • Awareness programs continually improve with time. • A culture is built inherently that humans want to participate in. • Program and projects are robust. 17
  • 18. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security CHANGE • Change our need for control when it comes to the human factor. • Change will bring more than you’ve ever dreamed of to your whole security program and team. 18 • Customer service is key. • Your department’s reputation has everything to do with it. • Have “honey” at the ready. • You can catch more flies with honey than you can with vinegar. • Plan fun activities. • What do they know about the Security Dept.?
  • 19. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security BUY IN • Humans must have a stake in the game. • “What’s in it for me?” • Protect your family. • Protect your 401k/retirement funds. • Gain useful items. • Gain fun prizes. • Share with others (knowledge). • Resume builder for some. 19
  • 20. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security DASHBOARD • Includes metrics: • Compliance • Incident • Culture • Technology • Others 20
  • 21. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security COMPLIANCE METRICS • Regulations not followed. • Internal Audit • Outside Audits • Specialized Audits • Training course completions. • Remote employee attestations. • Non-compliancy reports received to audit/security. • Policy not followed. 21 Training Completions 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Attestations 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Non-Compliant 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr
  • 22. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security INCIDENT METRICS • SPAM and phishing reported. • Social engineering phone calls reported. • Phishing texts reported. • Number of brute forced passwords cracked. • Screen viewable area checks. • Confidential data printed and left unattended checks. • Screen lock checks. 22 SPAM 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Security Check 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Passwords Cracked 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr
  • 23. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security CULTURE METRICS • Number of respondents to SA surveys. • Number of attendees at road shows. • Number of newsletter readers. • Number of complimentary emails to program. • Number of badge warnings. • Number of visits to intranet site. 23 Road Show Attendance 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Newsletter Unique Views 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Intranet Unique Views 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr
  • 24. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security TECHNOLOGY METRICS • Phishing and other SA metrics go much, much further than a simple program. • Learn which databases, which machines, etc. are at the greatest risk. 24 Server Z 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Database A 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr Data Store 3 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr
  • 25. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security AWARENESS LIFE CYCLE • Follow the Security Awareness Life Cycle (SALC)*. • Requirement analysis • Design • Implement • Test and integrate • Maintain and Evolve • SALC applies to each project. *Software/Systems Development Life Cycle (SDLC) 25
  • 26. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security NEXT STEPS 26
  • 27. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security NEXT STEPS • Discuss a Security Awareness program with your CSO. • Get executive buy-in. Present or invite FBI, Police or other authoritative speaker(s). • Navigate to SANS Securing the Human. • Discuss the importance of human security to your CISO and/or CSO. Use real examples. • Follow the SANS maturity model to find your company’s level and challenge them to move forward. 27
  • 28. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security QUESTIONS 28
  • 29. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Laurianna Callaghan, CISSP, CCNA Security 29 Thank you

Editor's Notes

  1. LEVEL 1 SANS MATURITY MODEL Payment Card Industry Data Security Standard Health Insurance Portability and Accountability Act
  2. LEVEL 2 SANS MATURITY MODEL
  3. LEVEL 3 SANS MATURITY MODEL
  4. LEVEL 4 SANS MATURITY MODEL
  5. Security Departments need to change the way they handle SA.
  6. The 2017 Native American $1 Coin commemorates Sequoyah, inventor of the Cherokee Syllabary.
  7. This is where the sleep comes in.