This presentation was made by Cloudnexus Founder Jay Rollins at the Technology Association of Louisville Kentucky's Cybersecurity Summit on June 14, 2019.
2. Our Story
Too many small and midsized businesses do not take cyber security seriously.
Throughout my career, I have seen Cyber incidents cause companies to close their
doors. The full enterprise security that large companies do is much too expensive for
smaller businesses. We have a way to provide high quality security services at a lower
cost because we are able to spread our expensive technologies and employees across
multiple customers.
We are passionate about helping smaller businesses survive and thrive and
significantly reduce a risk that can destroy their business.
Copyright 2019 CloudNexus
3. Agenda
What are the threats?
Threat Modelling
Security Plan Manifestations
Employee Training
Disaster Recovery
Copyright 2019 CloudNexus
4. What Do Bad Actors Want?
Medical Record Uses
Redirect prescriptions
Request Dr. appointments on other people’s health plans
Financial Fraud
IoT Devices
Highjack Medical Devices
Alter scan images (CT, MRI, PET)
Gateways for payload delivery and credential theft
Copyright 2019 CloudNexus
5. Security Plan
Law Firms
Retainer customers requiring firms to have Security Plans
Healthcare
Standard Operating Procedures
Helps address shadow IT
IoT/Medical Device Quarantine/update/support
Manufacturing
Supply Chain Security
Copyright 2019 CloudNexus
6. What is in a Security Plan
Attack Modelling (Risk) Analysis
What is critical to the org
Who wants it
Set Security Measures and controls (KPIs)
Ensure Technology Selection is in line with KPIs and Risk Analysis (Note how the technologies
are connected)
Communication Plan
Who is the EIC? They say when to execute
Who needs to be contacted (regulatory or self imposed)
Board Communication
Decision Makers identified
Copyright 2019 CloudNexus
7. What is in a Security Plan
Employee Training
Specialized IT training
Employee Cyber Readiness Training
Testing
Penetration Testing
Red Team/Blue Team
Disaster Recovery and Business Continuity Testing
Copyright 2019 CloudNexus
8. Employee Training
Interactive Training is a must
Social Engineering Testing
Learning Management System-based
OPSEC (US Military)
Custom Course Creation
KnowB4
Copyright 2019 CloudNexus