Formulating a Security Policy for the Modern IT Landscape.

Slides:

Advertisements

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

Advertisements

Security Controls – What Works

Security+ Guide to Network Security Fundamentals

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

IBM Security A New Era of Security for a New Era of Computing Pelin Konakcı IBM Security Software Sales Leader.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Securing Information Systems

SEC835 Database and Web application security Information Security Architecture.

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

PCI: As complicated as it sounds? Gerry Lawrence CTO

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

Dell Connected Security Solutions Simplify & unify.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Information Assurance Program Manager U.S. Army Europe and Seventh Army Information Assurance in Large-Scale Practice International Scientific NATO PfP/PWP.

© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

IT Security – Scanning / Vulnerability Assessment David Geick State of Connecticut IT Security.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

Wireless Intrusion Prevention System

EECS 4482 Fall 2014 Session 8 Slides. IT Security Standards and Procedures An information security policy is at a corporate, high level and generally.

Desktop Security: Making Sure Your Office Environment is Secure.

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

Scott Charney Cybercrime and Risk Management PwC.

Frontline Enterprise Security

Weaving Security Blankets Make your own bespoke defensive toolkit Presentation by Max Cizauskas For BSides Toronto 2015.

FFIEC Cyber Security Assessment Tool

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

February 2, 2016 | Chicago NFA Cybersecurity Workshop.

Policies and Security for Internet Access

DR LEE BUCHANAN Venture Partner PALADIN CAPITAL GROUP.

Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.

Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

Best Cyber Security Practices for Counties An introduction to cybersecurity framework.

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

SYMANTEC ENDPOINT SECURITY SERVICE PROVIDERS | ALLIANCE PRO IT HYDERABAD (CORPORATE OFFICE) ALLIANCE PRO IT PRIVATE LIMITED, 3A, HYNDAVA TECHNO PARK, TECHNO.

SYMANTEC ENDPOINT SECURITY SERVICE PROVIDERS | ALLIANCE PRO IT HYDERABAD (CORPORATE OFFICE) ALLIANCE PRO IT PRIVATE LIMITED, 3A, HYNDAVA TECHNO PARK, TECHNO.

Defining your requirements for a successful security (and compliance

Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.

Risk management.

Cybersecurity - What’s Next? June 2017

Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.

Automating Security Frameworks

Hybrid Management and Security

Security Risk Profiles – Tips and Tricks

Security Insights: How Microsoft Secures IT

Leverage What’s Out There

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Joe, Larry, Josh, Susan, Mary, & Ken

Forensics Week 11.

Bill Banks | Security Engineer

Today’s Risk. Today’s Solutions. Cyber security and

I have many checklists: how do I get started with cyber security?

Risks & Reality Cyber Security Risks & Reality

Cyber Security 2017 Trends and Start Ups.

Cyber Defense Matrix Cyber Defense Matrix

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

We want to hear from you! chime16.org/evals

Securing the Threats of Tomorrow, Today.

How to Mitigate the Consequences What are the Countermeasures?

Cybersecurity Threat Assessment

In the attack index…what number is your Company?

Presentation transcript:

Formulating a Security Policy for the Modern IT Landscape

Founder L0pht Heavy Industries Creator Whacked Mac Archives Testified to Congress on “Weak Computer Security in Government” Blackhat, Defcon, HOPE – MTV, ABC, CNN Editor Hacker News Network Strategist Tenable Network Cris Thomas Space Rogue

How can you know if you are taking the right steps and if you are doing enough to protect your assets and business?

Will we be the next headline? Where are our Risks How effective is our security How do we measure success What to invest in next?

Best Practices The 20 Critical Security Controls from the SANS Institute and the Council on CyberSecurityCritical Security Controls The NIST Cybersecurity FrameworkNIST Cybersecurity Framework The National Campaign for Cyber Hygiene from the Center for Internet Security and the Council on CyberSecurityNational Campaign for Cyber Hygiene The PCI Data Security StandardPCI Data Security Standard

Best Practices The 20 Critical Security Controls from the SANS Institute and the Council on CyberSecurityCritical Security Controls The NIST Cybersecurity FrameworkNIST Cybersecurity Framework The National Campaign for Cyber Hygiene from the Center for Internet Security and the Council on CyberSecurityNational Campaign for Cyber Hygiene The PCI Data Security StandardPCI Data Security Standard

FUNDAMENTALS PRACTICE THE FIRST

TENABLE’S 5 CRITICAL CYBER CONTROLS

INVENTORY YOUR ASSETS 1 Software Hardware BYOD Virtual systems Cloud apps SoftwareHardwareBYOD Virtual systems Cloud apps

CONTINUOUSLY PATCH 2 Detect public vulnerabilities Find machines that are missing patches Operating systems Applications Infrastructure Detect public vulnerabilities Find machines that are missing patches Operating systems ApplicationsInfrastructure

SECURE THE NETWORK 3 Anti-virus Application white listing Intrusion prevention Access control Threat subscriptions Segment your network and data Anti-virus Application white listing Intrusion prevention Access control Threat subscriptions Segment your network and data

LIMIT USER ACCESS 4 No default accounts Enforce strong passwords Log all accesses Review which account have access to which resources Review which accounts have access to which resources Log all accesses Enforce strong passwords No default accounts

SEARCH FOR MALWARE 5 Malware Bad guys Insiders MalwareBad guysInsiders

The Modern Landscape Next Gen Vulnerability Management Malware Detection Compliance and Patch Monitoring Network Behavior Analysis Log Collection Forensic Analysis Incident Response Mobile, Virtual and Cloud Coverage