Presentation is loading. Please wait.

Presentation is loading. Please wait.

10 things you can do today to reduce your security risk.

Published byPhillip Underwood Modified over 8 years ago

Similar presentations

Presentation on theme: "10 things you can do today to reduce your security risk."— Presentation transcript:

1 10 things you can do today to reduce your security risk.

2 2 10 things to do today 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Review security budget

3 3  Asset allocation = prioritization  Security budgets are among the first casualties in a budget crunch  The cost of prevention is much lower then the cost of remediation Review security budget

4 4 10 things to do today 1. 2. 3. 4. 5. 6. 7. 8. 9. Review human resource practices 10. Review security budget

5 5  Fact: CSI ( Computer Security Institute ) states that insiders accounted for 80% of security attacks on IT systems  Consider your hiring practices and those of your Vendors  Are your employees security aware?  When practical distribute key resources, company assets and processes to prevent “domino effect” Review human resource practices

6 6 10 things to do today 1. 2. 3. 4. 5. 6. 7. 8. Review vendors 9. Review human resource practices 10. Review security budget

7 7  Obtain a copy of your vendors security policies  Review your vendors disaster recovery plan  Develop “plan b”  Review vendors cyber liability coverage Review vendors

8 8 10 things to do today 1. 2. 3. 4. 5. 6. 7. Stay current with software updates 8. Review vendors 9. Review human resource practices 10. Review security budget

9 9  Software security is evolutionary  Create an update routine  Operating system and antivirus updates are critical  Update both servers and personal machines Stay current with software updates

10 10 10 things to do today 1. 2. 3. 4. 5. 6. Firewall and antivirus 7. Stay current with software updates 8. Review vendors 9. Review human resource practices 10. Review security budget

11 11  Your primary lines of defense  Cheap and Easy  Keep your data and your friends  Not all products are created equal Firewall and antivirus

12 12 10 things to do today 1. 2. 3. 4. 5. Wi-Fi 6. Firewall and antivirus 7. Stay current with software updates 8. Review vendors 9. Review human resource practices 10. Review security budget

13 13  Change your SSID and admin password  Wired Equivalent Privacy (WEP)  Media Access Control (MAC) filtering  Turn on Firewall  Firmware Wi-Fi

14 14 10 things to do today 1. 2. 3. 4. I T policies and procedures 5. Wi-Fi 6. Firewall and antivirus 7. Stay current with software updates 8. Review vendors 9. Review human resource practices 10. Review security budget

15 15  Set the tone from day 1  Develop an Acceptable Use Policy (AUP)  Explicitly forbid bypassing security checkpoints  Establish desktop management policies  Audit your systems and procedures periodically IT policies and procedures

16 16 10 things to do today 1. 2. 3. Be judicious with information 4. I T policies and procedures 5. Wi-Fi 6. Firewall and antivirus 7. Stay current with software updates 8. Review vendors 9. Review human resource practices 10. Review security budget

17 17  Social engineering  Unsecured lines of communication (IM)  Two-thirds of companies surveyed do not restrict critical data to confined areas on the network, and servers that contain critical information communicate directly with other systems that are accessible from the Internet. -CIO  Taking it with you Be judicious with information

18 18 10 things to do today 1. 2. Review physical security 3. Be judicious with information 4. I T policies and procedures 5. Wi-Fi 6. Firewall and antivirus 7. Stay current with software updates 8. Review vendors 9. Review human resource practices 10. Review security budget

19 19  Be meticulous and consistent  Lock every wiring closet and server cabinet  Change locks or door pass codes, and passwords to any shared accounts immediately when employees leave  Don’t give keys to vendors  Paper Shredder  Escort visitors in and out of secure areas Review physical security

20 20 10 things to do today 1. Back up and recovery 2. Review physical security 3. Be judicious with information 4. I T policies and procedures 5. Wi-Fi 6. Firewall and antivirus 7. Stay current with software updates 8. Review vendors 9. Review human resource practices 10. Review security budget

21 21  Develop a backup and recovery strategy that fits your company  The creation and maintenance of backup metadata and media management. “The five golden rules” 1. That which has not been backed up cannot be recovered. 2. That which has not been backed up off-site will not survive a fire. 3. Any backup that has not been tested with a recovery is not a backup. 4. Ignored backup systems become poorly performing backup systems. 5. Back it up or give it up. Backup and recovery

Download ppt "10 things you can do today to reduce your security risk."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
Disaster Recovery Planning Because It’s Time! Copyright Columbia University and Bentley College, 2003. This work is the intellectual property of the author.

Disaster Recovery Planning Because It’s Time! Copyright Columbia University and Bentley College, This work is the intellectual property of the author.
Current Security Threats WMO CBS ET-CTS Toulouse, France 26-30 May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
© 2003, Educational Institute Chapter 12 Systems and Security Maintenance Managing Technology in the Hospitality Industry Fourth Edition (469T or 469)

© 2003, Educational Institute Chapter 12 Systems and Security Maintenance Managing Technology in the Hospitality Industry Fourth Edition (469T or 469)
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
© 2006 PCE Systems Ltd IT Systems Integrity Chris Nabavi BSc SMIEEE.

© 2006 PCE Systems Ltd IT Systems Integrity Chris Nabavi BSc SMIEEE.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 6 Enterprise Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 6 Enterprise Security.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.

October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.

Initial Findings  Secure all contracts with third party vendors immediately  Develop a strong understanding of the ‘Flow of PHI’ within and outside of.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Similar presentations

Ads by Google