Take Risks in Life, Not with Your Security

Similar documents
2017 Annual Meeting of Members and Board of Directors Meeting

10/11/2016 WHYWE RE HERE AGENDA. What It Means For Your Future. Threat Landscape. Social Engineering. - Phishing. - Pretexting.

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Cyber security tips and self-assessment for business

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

AT&T Endpoint Security

ISE North America Leadership Summit and Awards

ANATOMY OF AN ATTACK!

Cybersecurity The Evolving Landscape

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

K12 Cybersecurity Roadmap

Forging a Stronger Approach for the Cybersecurity Challenge. Session 34, February 12, 2019 Tom Stafford, VP & CIO, Halifax Health

What It Takes to be a CISO in 2017

Effective Data Security Takes More Than Just Technology

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

ACM Retreat - Today s Topics:

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

How Breaches Really Happen

align security instill confidence

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

CYBERSECURITY RISK LOWERING CHECKLIST

A practical guide to IT security

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

How NOT To Get Hacked

Security Issues and Best Practices for Water Facilities

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Managing an Active Incident Response Case. Paul Underwood, COO

Changing face of endpoint security

Methods for Reducing Cybersecurity Vulnerabilities of Power Substations Using Multi-Vendor Smart Devices in a Smart Grid Environment

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Must Have Items for Your Cybersecurity or IT Budget in 2018

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

NEN The Education Network

Protecting productivity with Industrial Security Services

Protect Your Organization from Cyber Attacks

External Supplier Control Obligations. Cyber Security

JAPAN CYBER-SAVVINESS REPORT 2016 CYBERSECURITY: USER KNOWLEDGE, BEHAVIOUR AND ATTITUDES IN JAPAN

How to Improve Your. Cyber Health. Cybersecurity Ten Best Practices For a Healthy Network

Cyber Liability Preventive Services & Tools Specific & Pre-Emptive Considerations BEFORE the Inevitable Cyber Event.

Personal Physical Security

Ransomware A case study of the impact, recovery and remediation events

Effective Strategies for Managing Cybersecurity Risks

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Aligning with the Critical Security Controls to Achieve Quick Security Wins

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Cybersecurity Auditing in an Unsecure World

Cyber Review Sample report

Security Awareness & Best Practices Best Practices for Maintaining Data Security in Your Business Environment

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Building a Business Case for Cyber Threat Intelligence. 5Reasons Your. Organization Needs a Risk-Based 5Approach to Cybersecurity

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

10 FOCUS AREAS FOR BREACH PREVENTION

PT Unified Application Security Enforcement. ptsecurity.com

Surprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS

A Comedy of Errors: Assessing and Managing the Human Element of Cyber Risk

Healthcare HIPAA and Cybersecurity Update

Designing and Building a Cybersecurity Program

Strategy is Key: How to Successfully Defend and Protect. Session # CS1, February 19, 2017 Karl West, CISO, Intermountain Healthcare

Cyber Security Stress Test SUMMARY REPORT

Managing Cybersecurity Risk

CYBER SECURITY AND MITIGATING RISKS

Department of Management Services REQUEST FOR INFORMATION

Security+ SY0-501 Study Guide Table of Contents

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

The emerging battle between Cyber Defense and Cybercrime: How Technology is changing to keep Company and HR data safe

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

mhealth SECURITY: STATS AND SOLUTIONS

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17

Sage Data Security Services Directory

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Information Technology General Control Review

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Think Oslo 2018 Where Technology Meets Humanity. Oslo. Felicity March Cyber Resilience - Europe

Cyber Security Audit & Roadmap Business Process and

Payment Card Industry (PCI) Data Security Standard

The Common Controls Framework BY ADOBE

Service Provider View of Cyber Security. July 2017

Defensible and Beyond

Cyber Security. Building and assuring defence in depth

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

Ransomware A case study of the impact, recovery and remediation events

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

Cyber Criminal Methods & Prevention Techniques. By

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group

Education Network Security

PREPARE & PREVENT. The SD Comprehensive Cybersecurity Portfolio for Business Aviation

Information Security Controls Policy

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Transcription:

Take Risks in Life, Not with Your Security Redefining Cybersecurity Why We re Here agio.com Agenda The Problem(s): Threat Landscape Current Threat Landscape People are the Problem Protect Yourself Solutions for the Organization: 360 Security Security Policy Incident Response Security Awareness Training Brilliance in the Basics 4

It s Getting Worse Why It Matters 1 1 1 2 1. Source: CYREN Cyber Threat Report, 2015 2. Source: http://www.networkworld.com/article/2164139/network-security/how-to-blunt-spear-phishing-attacks.html 5 1. Source: 2013 Cost of Data Breach Study: Global Analysis, Ponemon Institute 7 Why the Bad Guys are Winning The New Normal Source: 2015 Verizon Data Breach Incident Report (DBIR) 6 8

People are the Problem Why It Matters How many of you, or your employees, use the same password for personal accounts as you do for your firm s systems? 11 #1 Killer: Phishing Be Proactive 10 12

Be Cautious on Social 7 Deadly Sins 1. Unnecessary Administrative Account Use 2. Software Downloads from Untrusted Sources 3. Inconsistent Use or Lack of Anti-Virus 4. Inadequate Monitoring of Financial Account Activity 5. Surfing Risky Sites (gambling, foreign, etc.) Malvertising 6. Not Applying Security Updates, e.g. Java, IE, Windows, Adobe 7. Clicking Before You Think 13 15 Mobile Devices Solutions for the Organization 1. Privacy Settings 2. Encryption 3. Remote Wiping 4. Secure Wi-Fi 14

Start with a Security Policy 1. Executive Buy-In: This is a Business Problem 2. Where s Your Sensitive Data? i. Create Inventory (Data Map) ii. Protect Based on Level of Risk, Budgetary Constraints, etc. 3. Determine Risk. Understand: i. Weaknesses (End of Life Software, Public Facing Servers, etc.) ii. Potential Exploits (Heartbleed, Shellshock, GHOST, etc.) iii. Probability 4. Establish Regular Schedule of Reviews & Updates i. Constantly Evolving Threat Landscape 17 5. Protect Network's Physical Security. Physical Access To: i. Computers ii. Routers iii. Firewalls 360 Go To Market Roadmap SECURITY philosophy SECURE Perimeter Security End-Point Protection Configuration & Patch Management Change Management Master Your Incident Response 1. Understand Threats to Your Firm Agio s security philosophy is founded on and executed through our diligence, expertise, process and technology. We protect your environment 24x7x365, from the inside out. IMPROVE Revise Security Policy Update Testing Schedule Enhance Hardening Standards Improve User Awareness Training Amend Vendor Contractual Language Multi-Factor Authentication Principle of Least Privilege User Awareness Training Vendor Assessment SECURITY POLICY Security Risk Assessment - Penetration Testing - Gap Analysis - Social Engineering Daily Vulnerability Scans Configuration Monitoring Incident Response Testing SIEM - 24x7x365 Monitoring - Log Consolidation & Correlation - Anomaly Detection Intrusion Prevention - Threat Detection - Active Defense - Incident Remediation DETECT 2. Establish Roles & Responsibilities for Response i. Internal v. External Resources ii. Train Internal Staff Related to Assigned Roles 3. Understand Legal Landscape & Document Applicable Requirements i. Include in Policies & Procedures 4. Contractually Require Vendors to Notify You When they Experience a Breach i. DDQ ii. Control Validation 5. Tabletop Exercises i. Test Validity of Plan ii. What s the Chain Reaction? TEST 6. Engage Legal Council & Your C-Suite Colleagues 18

Fortify Your Weakest Link Technology Doesn t Secure Your Environment; People Do. Employees & Contractors are Given Access to: Computers on the Network Gates Locked Doors Authentication Systems Firewalls & Encryption Systems Security Awareness Training: Seminars Computer-Based Training: Real-World Examples Malware How to Define a Security Incident Reporting of Anomalous Activity Ray Hillen 919-601-5026 ray.hillen@agio.com Brilliance in the Basics System Hardening (configuration defaults, etc.) Enable Two-Factor Authentication Enforce Strong Passwords Apply Principle of Least Privilege Use Install End-Point Protection Implement Network Segmentation Perform System Maintenance (Patching) Install Security Identification & Event Detection Monitor Anomalies (Active Anomaly Detection) Test Conduct Security Awareness Training

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback