Jim Slick is the President and CEO of Slick Cyber Systems. He has over 30 years of experience in IT, including building data centers. His presentation covers various topics related to enterprise security, including gateway security, unified threat management appliances, email security, server security, desktop security, remote user security, disaster recovery and backup, social engineering, security policies, and outsourcing IT functions. He emphasizes the importance of having proper security measures, policies, and expertise in place to protect a business and its data.
Most users do not see front-line activity and 'normal business usage' to be a contributing factor to network security; but it's not all about the back-end. Business behavior is a direct impact to business information system risks.
Help your employees become cyber security experts! This slideshow will present: Threats overview, password safety, web protection, email protection, and preventive measures.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
Most users do not see front-line activity and 'normal business usage' to be a contributing factor to network security; but it's not all about the back-end. Business behavior is a direct impact to business information system risks.
Help your employees become cyber security experts! This slideshow will present: Threats overview, password safety, web protection, email protection, and preventive measures.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
This document is a guide for the detailed development, selection implementation of information system and program level procedures to indicate the execution, effectiveness, and impact of security controls along with and other security associated activities.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
Footprinting is a part of reconnaissance process which is used for gathering possible information about a target computer system or network. Footprinting could be both passive and active. Reviewing a company’s website is an example of passive footprinting, whereas attempting to gain access to sensitive information through social engineering is an example of active information gathering.
Footprinting is basically the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
Netwealth educational webinar: Peace of mind in a digital worldnetwealthInvest
According to the latest research from cyber security firm, Kamino, 45% of financial advisers had experienced a cyber incident last year.
Julian Plummer, founder of Kamino, delves into why cyber security is a very real issue for financial advisers and their clients, and the types of cyber incidents that are impacting the financial planning industry. He also provides easy to implement measures to help you improve the cyber security of your practice.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
This document is a guide for the detailed development, selection implementation of information system and program level procedures to indicate the execution, effectiveness, and impact of security controls along with and other security associated activities.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
Footprinting is a part of reconnaissance process which is used for gathering possible information about a target computer system or network. Footprinting could be both passive and active. Reviewing a company’s website is an example of passive footprinting, whereas attempting to gain access to sensitive information through social engineering is an example of active information gathering.
Footprinting is basically the first step where hacker gathers as much information as possible to find ways to intrude into a target system or at least decide what type of attacks will be more suitable for the target.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
Netwealth educational webinar: Peace of mind in a digital worldnetwealthInvest
According to the latest research from cyber security firm, Kamino, 45% of financial advisers had experienced a cyber incident last year.
Julian Plummer, founder of Kamino, delves into why cyber security is a very real issue for financial advisers and their clients, and the types of cyber incidents that are impacting the financial planning industry. He also provides easy to implement measures to help you improve the cyber security of your practice.
Cyber Security.
Watch my videos on snack here: --> --> http://sck.io/x-B1f0Iy
@ Kindly Follow my Instagram Page to discuss about your mental health problems-
-----> https://instagram.com/mentality_streak?utm_medium=copy_link
@ Appreciate my work:
-----> behance.net/burhanahmed1
Thank-you !
It is clear that information security technology has advanced much faster than
the number of people who are knowledgeable to apply it. It is even clearer that with these advancements come more difficulties in keeping networks secure from intruders, viruses and other threats.
How to Detect System Compromise & Data Exfiltration with AlienVault USMAlienVault
More information on this webcast: http://ow.ly/IyNdF
Have you ever wondered how the bad guys actually get control of a system? And, how they convert that system into a data-syphoning droid? Then you won't want to miss our next live demo, where AlienVault's security gurus Mark Allen & Garrett Gross will walk you through the steps of a system compromise, including how AlienVault USM detects these nefarious activities every step of the way.
You'll learn:
How attackers exploit vulnerabilities to take control of systems
What they do next to find & exfiltrate valuable data
How to catch them before the damage is done with AlienVault USM
Using a real-world example of a common vulnerability, Mark will show you how USM gives you the evidence you need to stop an attack in its tracks.
Learn what cyber security means for your law firm, your employees, and your bottom line. This presentation will provide a snapshot of the IT Security threats facing law firms today, as well as the knowledge and tools you can use to prevent them.
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...Rishi Singh
Presentation on the 2015-2016 State of Cybersecurity and Third Party Vendor Risk Management, presented by Matt Pascussi and Rishi Singh.
This presentation was sponsored by TekSystems.
Securing Your Intellectual Property: Preventing Business IP LeaksHokme
Let us delve into strategies to safeguard your business's intellectual property (IP) and avoid leaks. Explore how Confiex's Virtual Data Room acts as a fortress against unauthorized access, ensuring your sensitive data and valuable IP remain protected at all times.
Source- https://confiexdataroom.com/blog/data-room/virtual-data-room/how-to-avoid-business-ip-leaks/
Information security awareness is an essential part of your information security program (ISMS - Information Security Management System). You can find a comprehensive set of security policies and frameworks at https://templatesit.com.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
How world-class product teams are winning in the AI era by CEO and Founder, P...
Security in the enterprise - Why You Need It
1. Security in the Enterprise
Jim Slick
President and Chief Executive Officer
2. Presenter
Jim Slick, the President and Chief Executive Officer of Slick
Cyber Systems has been in the IT industry, professionally,
since 1984. In his career, Jim has built many data centers
ranging in size from single small-business servers to
massive 300+ server fully clustered environments with
real-time replication and disaster recovery. Jim’s
educational background covers an Electrical Engineering
degree as well as a BS degree in Business Administration
and an MBA. He has also graduated from the Disney
Institute in Florida, has earned his Microsoft Certified
Systems Engineer status, as well as many other
certifications in the industry.
3. Security and data theft is the single most important topic any IT
professional should consider when reviewing their own
infrastructure.
Data is the core... the past, present, and future of any business.
Data is finance, your intellectual property (IP), your
communications, and the list goes on. Without any single
component, the company would not survive.
Data IS the business!
Make sure you have all of your bases covered.
5. UTM Appliances
• Unified Threat Management: What is it?
– Gateway Anti-Virus
– Gateway Anti-Spyware
– Gateway Intrusion Detection and Prevention
– Gateway Content Filtering
– State full Inspection Firewall
– VPN (Virtual Private Networking)
6. Security Statistics
• Crimeware or APT? Malware’s “Fifty Shades of Grey”
– Some cybercriminals build massive botnets to use unsuspecting endpoints for
SPAM, distributed denial-of-service (DDoS) attacks, or large-scale click fraud.
With the aid of banking Trojans, other cybercriminals create smaller,
specialized botnets that focus on stealing bank credentials and credit card
information.
– Remote access tools, or RATs, are an integral part of the cybercrime toolbox.
For example, a recent FireEye investigation into XtremeRAT revealed that it
had been propagated by SPAM campaigns that typically distribute Zeus
variants and other banking-focused malware. This tactic may stem in part from
the realization that compromising retailers can net millions of credit card
numbers in one fell swoop.
– APT (Advanced Persistent Threat) is a set of stealthy and continuous computer
hacking processes, often orchestrated by human(s) targeting a specific entity.
APT usually targets organizations and or nations for business or political
motives. APT processes require high degree of covertness over a long period
of time. As the name implies, APT consists of three major
components/processes: advanced, persistent, and threat. The advanced
process signifies sophisticated techniques using malware to exploit
vulnerabilities in systems. The persistent process suggests that an external
command and control is continuously monitoring and extracting data off a
specific target. The threat process indicates human involvement in
orchestrating the attack
7. More Security Statistics
• The extent to which such attacks are targeted, and not opportunistic, is unclear.
The attackers could be singling out specific retailers in advance. Or they could be
targeting an entire industry, simply capitalizing on opportunities that arise.
• The world of cybercrime features a broad spectrum of bad actors: On one end,
highly focused state-sponsored attackers use custom tools and zero-day exploits.
On the other end, “commodity” cybercriminals use widely deployed exploit kits
that indiscriminately compromise thousands of systems around the globe.
• In the middle are (at least) “fifty shades of grey.” One class of attacker mixes
publicly available malware platforms and custom tools. These latter cases suggest
that it is not always easy to estimate the size or sophistication of an adversary
simply by finding one piece of what may be a far larger puzzle.
• Bottom line, the puzzle is very complex and very large.
8. Even More Security Statistics
• Medical Facts:
• The Identity Theft Resource Center® recorded 614 breaches on the 2013 ITRC
Breach List, a dramatic increase of 30% over the total number of breaches tracked
in 2012. The Healthcare sector accounted for 43.8% of the total breaches on this
list, overtaking the business sector at 34.4% for the first time since 2005, when the
ITRC first began tracking data breaches. This comes as no surprise to the ITRC,
with more and more breaches being reported to the Department of Health and
Human Services (HHS). Additionally, due to the mandatory reporting requirement
for healthcare industry breaches affecting 500 or more individuals, 87% of these
healthcare breaches publicly stated the number of records exposed. The fact that
a sector with a large percentage of breaches, with most entities publicly reporting
the number of records, stands out significantly when compared to the 40.1% of
incidents in 2013 in which the number of records exposed is unknown!
• Don’t think it won’t happen to you. These statistics are real. Chances are one of
you have already had a brush with it.
Average number of U.S. identity fraud victims annually 11,571,900
Percent of U.S. households that reported some type of identity fraud 7 %
Average financial loss per identity theft incident $4,930
Total financial loss attributed to identity theft in 2012 $24.7 billion
Total financial loss attributed to identity theft in 2010 $13.2 billion
10. E-Mail Security
• Do you host e-mail internally or externally?
– Externally?
• POP3? Exchange?
– Internally?
• Exchange? Other?
• Are YOU protected from SPAM and phishing
attacks? If you are using POP3, good luck. If
you are using Exchange, we have a solution.
11. E-Mail Security
• If you host externally, there are outsourced
scanning options available.
• If you host internally, there are both
outsourced and in-sourced options. Both are
good. Think security first and what is YOUR
exposed risk.
12. E-Mail Security
• SPAM: Also known as junk mail. Most of these are harmless.
Interesting statistic: 98.7% of all e-mail is SPAM. How’s that
for clogging your internet connection or mail server (and how
about backup costs for that junk)!
• Phishing: These are the nasty folks who are actively trying to
steal your user names, passwords, SS numbers, etc. They
succeed all too frequently. Look for improper diction and mis-
spellings or domain names that just don’t ‘look right’.
• Virus Activity: Joke messages. Most are just jokes, some are
not. Once it hits your server (especially if it’s polymorphic or
a worm), you’re about done without the proper protection.
• When it doubt, delete it without opening it. If you think it
may be real, call the sender and verify its authenticity.
13. E-mail Security
• What should I use?
– Gateway: Install an e-mail appliance that will do the
initial scan of mail or use an external scanning product
like our Intel SCS EagleWing Ultimate Defense. Most
is stopped here.
– E-Mail Server (Exchange): Microsoft Forefront or Gfi’s
Mail Security. It will stop infected messages that
happen to make it in and will definitely stop worms.
– User Education: This is the most important … Educate
your users on what SPAM and phishing looks like!
15. Server based antivirus and
anti-malware protection
• Server based antivirus and anti-malware protection
– IF I have anti-virus on the gateway, why do I need this too?
• No one device or software package is perfect. It adds the final
level of protection your servers and clients require. What if they
bring in an infected file themselves from a pen drive or CD and
drop it right on your network drive? It’s the only line of defense
then.
• Messaging level antivirus and anti-malware protection
– If I have an e-mail security device, why do I need this?
• As mentioned before, not everything is perfect. It adds that extra
protection. If you have a company white listed on your external
appliance you are now relying on them to be 100% secure … do
you really trust anyone that much?
16. Server Security
• Is antivirus software all I need?
– No. You should also have anti-spyware software
as well. Some packages do both, that doesn’t
mean they are that good. Be careful and know
your options.
17. Hosted Systems Security
• How do I protect a hosted solution?
– You can’t. You, unfortunately, need to rely on the
hosted solutions providers ability to control
security. Most EHR/EMR systems are hosted.
– Be careful when selecting a vendor … know your
vendor and your options if a breach occurs!
– Make sure you have your gateway and desktops
secured.
– Educate your users!!
19. • Desktop based antivirus and anti-malware
– Why do I need these too?
• This is the last level of physical defense. Why would
you go this far and not protect the very machines the
users are working on?!?
– Will it protect me from phishing sites?
• No. Phishing sites aren’t local to your network. Users
are lured into the trap. The firewall thinks the user
knows what they are doing and allows the traffic to
pass. User gives passwords … end of story.
20. • Browser Choices:
– IE, Firefox, Opera, Google Chrome? What to use?
• I am a firm believer that IE is just fine.
• Firefox is still the number one hacked browser. They
need to play ‘catch-up’ with their security.
• Chrome is okay, but lacks the level of support that
Microsoft has.
• Everything else is a joke … stay away!
– Is IE really as bad as ‘they’ say?
• No, it is the most patched and watched browser available. It
comes with your OS making it less work (i.e., IT $$).
• Like anything in IT ... keep it patched!!!
21. • Operating System Choices
– Windows 8, Windows 7, Windows Vista, or Windows XP: Which is more secure and
should you upgrade?
• XP
– Windows XP is now retired and no longer support. It’s was the 2nd most hacked
OS in the history of Windows (95 was the most).
• Vista
– Very stable. More difficult to hack than XP or other OS’s.
– Had a bad ‘rap’, but was more robust than XP.
• Windows 7
– Very stable. More difficult to hack than XP or other OS’s.
– Still the most used OS in business
• Windows 8
– Is all of the hype worth it?
» Yes. It’s networking subsystem alone is tuned so well (for performance)
that your network traffic will be reduced by 18+% and you will notice a
significant performance gain in accessing network shares and apps.
» It is extremely secure.
» Get the right resources to help you deploy. It is NOT XP!
– Mac’s? Do you really think they are impervious to virus activity and hacking?
• It’s the hackers new frontier. Being a subset of Linux, it’s a very ‘hackable’ platform.
98% of all hacking software is developed on Linux.
• The SUN story. 1992 … the keystroke hack that took UNIX by storm.
22. Server OS Choices
• Still running 2000 Server? You are really pushing
your luck. Upgrade now.
• Windows 2003: Good server OS. Stable, secure.
Will be obsolete next year.
• Windows 2008: Even better. More stable. More
secure.
• Server 2012: The most secure server platform to
date (based on Windows 8 code). Why would
you not want to run it? Applications will decide.
Push your vendors to certify their code on 2012
now!
24. Remote Users – What do they do?
• Notebooks
– Remote Access / VPN
– Tons of wireless connectivity, especially in public
places like airports, coffee shops, and hotels.
• SmartPhones & Tablets
– Remote e-mail
– iPhone/Droid/Windows
25. Remote Users
• How do we protect them?
– Start with a good set of policies and procedures
• Restrict certain types of public access
• Restrict certain web sites
– Local Antivirus and anti-spyware
• Make sure you have a policy to keep it up to date.
– Don’t allow data storage on the local drive
• Make them connect to VPN to store their files on a file
server. This protects the company from data loss as well as
data theft.
– Force all updates (Microsoft, AV, etc) daily
26. BYOD
The greatest threat posed to IT in years.
• What is BYOD?
• Bring Your Own Device (tablet, phone, etc)
• Why is it unsafe?
• You have no idea what that person does at night!
• Have a policy … better yet, don’t allow it!!
28. Why do I need a DR plan?
• Do you have a plan?
• If so, is it just IT (Disaster Recovery) or the entire business (Business
Continuity)?
• Don’t have one?
– Who should be working on it?
– What else would I need other than my computer data?
• Paper: Sometimes you need it…
• Have you considered an offsite backup solution?
– Don’t be fooled by ‘cheap’ solutions. You get what you pay for.
• Real-time replication may be a better fit depending on data criticality.
• At least get your data off site … daily!
• What about DR centers? What do they have to offer?
• Have you tested your plan?
– Tests should be conducted at least once a year
30. What is Social Engineering Anyway?
• Colleagues / employees / friends sharing
passwords
• Screens not being locked when walking away
• Access to the building … posing as an
employee when you are not.
• Training for all employees .. especially
executives!
– Test your employees … see if your training has
paid off.
32. Policies … how will that help?
• Data retention
– If you have a data retention policy and you get sued, you are only responsible for whatever
your policy states. If you do not have one, the prosecutors can put a freeze on your servers
(not allow access) and you are responsible for every piece of data and e-mail that you have on
your systems. They will search everything. Remember, users will keep everything given the
chance.
• Security
– Have policies that state clearly what corporate software is to be used and how it is to be
updated.
– Don’t let your programming staff tell you that OS patches cannot be installed. This is a pile of
rubbish in most instances. It becomes an excuse for not keeping their code up to date.
• Internet usage
– Keep your employees from the ‘bad’ sites and avoid HR issues by clearly telling them what
they can and cannot do.
– Install monitoring tools if necessary.
– Content management … your friend and your enemy.
• Train your employees when they are hired, not six months later!
33. Hire Professionals when you need them
•Outsourced IT consulting and service
•Get it right from design to implementation.
•Just because your in-house person can
reformat a PC doesn’t mean they know how
to install a server (let alone a security device!)
•This is a critical problem that most
companies fail on. Let experts do what
they are trained to do. You’ll get it right
the first time and save money doing it!
34. Outsourcing part or all of your IT
• If you have never considered this?
– Most companies that do this realize savings of up
to 50% in the first year alone.
– Upfront costs mean nothing. Look at the big
picture.
• Design and install are right the first time.
• Zero unplanned down time.
• Pay as you need and get an expert every time.
35. Summary
• Do you buy car insurance?
• Do you buy health insurance?
• Do you buy life insurance?
• Do you buy business insurance?
• Why would you risk your data … your
Company … your Patients’ … to not have the
proper IT expertise, equipment, policies, and
procedures in place. Do IT right!