SlideShare uma empresa Scribd logo

12 Simple Cybersecurity Rules For Your Small Business

N
NSUGSCIS

This document provides 12 cybersecurity rules for small businesses. It begins by stating that small businesses have a great need for cybersecurity but limited resources to dedicate to protection. The rules are designed to provide affordable guidelines. The first rule is to focus on the business needs rather than making security the primary focus. Other rules include deciding the appropriate level of security needed, emphasizing prevention over reaction, using existing security software, regularly backing up important data, and creating a written security policy. The document stresses that basic security measures can be effective and affordable for small businesses.

EducaçãoTecnologia
1 de 31
Baixar para ler offline
12  Simple  Cybersecurity  Rules  for   Your  Small  Business   James  Cannady,  Ph.D.  
Purpose  of  this  presenta@on   •  Small  businesses  form  the  founda@on  of  our   economy.    Their  need  for  informa@on  security  is   as  great  as  a  mul@-­‐na@onal  business,  but  they   usually  do  not  have  the  resources  to  dedicate  to   protec@ng  their  systems.   •  Security  does  not  have  to  be  as  complicated  (or   expensive)  as  it  may  seem   •  The  following  rules  are  designed  to  serve  as   guidelines  for  small  businesses  as  they  consider   op@ons  for  securing  their  computer  resources.  
Rule  #1:  Focus  on  the  Business  
Concentrate  on  the  Business     •  Security  is  a  support  func@on  for  the  business.     It  is  not  “the”  business.   •  Choose  security     technologies  and   techniques  that  support   and  enable  the  business   •  Avoid  changing  the  business   to  accommodate  security   products  (there  are  lot’s  of   op@ons)   2
Concentrate  on  the  Business   Secure   Opera@ons       Security  Technologies             Security  Services           Security  Policy       Business  Requirements  
Rule  #2:  Decide  How  Much                           Security  You  Really  Need  
What  do  you  need?   •  There  are  a  variety  of  available  security   technologies   •  Price/availability/interoperability  must  all  be   considered   •  Some@mes  doing  nothing  is  OK   •  Defense  in  Depth  as  a  strategy  for  a  secure   infrastructure  
What  do  you  need?   •  Security  is  cumula@ve   •  No  single  solu@on   •  “We  have  a  firewall!!!”   •  Examine  cost/benefit  of   each  approach  vs.  cost  of   security  incidents   •  Focus  first  on  biggest   vulnerabili@es   •  Get  what  you  need,  but  no  more.   3
Rule  #3:  Preven@on  Is  Easier  Than  The   Cure  
Security  is  more  than  technology   •  Employee  awareness  of  need  for  security   –  Formal  training  vs  teaching  moments   •  Opera@ons  Security   –  The  whole  point  of  opera@ons  security  is  to  have  a  set  of   opera@onal  (daily,  habit  ingrained)  prac@ces  that  make  it   harder  for  another  group  to  compile  cri@cal  informa@on.      
Rule  #4:  Understand  Your  Security  
It’s  Your  Security   •  Not  everything  can  be  done  in-­‐house   –  You  will  have  to  buy  at  least  some  commercial  products   –  You  may  need  to  bring  in  outside  consultants   •  Make  sure  that  all  security  components  are  well   documented     –  Configura@on,  installa@on,  etc.   –  Changes  will  need  to  be  made  eventually   •  Be  careful  with  faculty  defaults   –  Easier  for  remote  tech  services,  but  poten@al   vulnerabili@es  
Rule  #5:  Start  With  The  Security        That  You  Already  Have  
Use  The  Security  Sodware  That  You   Already  Own   •  OS  built-­‐in  security   –  Firewall   –  Built-­‐in  file  encryp@on     •  Not  the  strongest,  but…   •  Browser  Security   –  No  pop-­‐ups   –  Limit  access  to  certain  websites   –  Lock  segngs  to  avoid  changes   that  may  compromise  security   5
Rule  #6:  Back-­‐up  Your  Important  Data  
Data  Back-­‐ups   •  Simple  vs.  Complex   •  Cheap  vs.  Expensive   •  Timeconsuming  vs.   Scheduled   •  Manual  vs.  Automated   •  Op@ons   •  CD-­‐Roms/Thumb  drives   •  Carbonite   •  How  Oden?  
Rule  #7:  Use  An@viral  Programs  
An@virus   •  Rela@ve  cheap   •  User  friendly   •  Scan  every  download   •  Also  consider  spyware/ adware  protec@on   •  Keep  it  up-­‐to-­‐date   6
Rule  #8:  Limit  Access  To  Your        Sensi@ve  Data  
Access  Control   •  System  administra@on  is  a  one  person  job   –  Only  one  person  needs  to  be  able  to  have  full   control  over  the  system  (backup  sysadmin  ok,  but   no  more)   •  The  crown  jewels  of  the  business  need  to  be   limited  to  specific  personnel   –  How?   •  Password-­‐protected  files   •  Separate  computers  for  sensi@ve  data   4
Rule  #9:  Secure  Your  Wi-­‐Fi  
Secure  Your  Wi-­‐Fi   •  Almost  every  business  has  one.   •  They  are  easy  to  find  and  easy  to  exploit,   especially  if  simple  secure  measures  are  not   used   •  Current  encryp@on  standards  for  WIFI  are  not   par@cularly  strong,  but  it  is  usually  enough  to   dissuade  the  bad  guys,  especially  since  there   are  almost  certainly  unsecured  WiFi’s  nearby   1
Rule  #10:  Create  a  Security  Policy  
Security  Policies   —  Start  with  a  wrinen  Security  Policy.   —  You  must  have  a  plan   —  Know  your  assets  and  know  your  risks   —  Cover  the  basics  first.   —  Then  apply  technology  to  support  your  policy  and   solve  specific  problems.   —  —  —  —  Authen@ca@on   Confiden@ality  and  Integrity   Perimeter  defense   Intrusion  Detec@on  and  Audit   8
Rule  #11:  Don’t  Forget  to  Lock  the   Door  
Physical  Security   •  Physical  security  is  as  important  as  any  other   form  of  informa@on  security   •  Computers  should  not  be  accessible  by   unauthorized  users     Servers  should  be  guarded   •  with  sufficient  care  to   protect  the  data  they   contain.   •  Challenge  strangers     8
Rule  #12:  Security  is  Not  Magic  
There  is  no  panacea   Security  is  the  process  of  enabling  the   protected  informa@on  system  to  do  what   it  was  designed  to  do.    Nothing  more,   nothing  less.   You  will  not  have  perfect  security,  no  maner   how  much  money  you  are  able  to  spend   …but  it  doesn’t  have  to  be  perfect.     7
Take  Home  Points   •  Security  is  not  the  business,  it  supports  the  business   •  Decide  what  you  need,  don’t  rely  on  a  vendor  to  tell   you  what  you  need   •  There  are  a  variety  of  inexpensive  (or  free)  approaches   to  security  that  provide  excellent  protec@on   •  Physical  security  is  at  least  as  important  as  any  other   form  of  protec@on   •  Don’t  strive  for  perfect  security.    You  only  need  to   secure  enough  that  its  not  worth  the  effort  required  of   the  bad  guys    
James  Cannady,  Ph.D.     Graduate  School  of  Computer  and  Informa@on   Sciences   Nova  Southeastern  University   cannady@nova.edu  
Photo  Acknowledgements   1.  2.  3.  4.  5.  6.  7.  8.  hnp://www.pcworld.com/ar@cle/2052158/5-­‐wi-­‐fi-­‐security-­‐myths-­‐you-­‐must-­‐abandon-­‐ now.html   hnp://www.lbcc.edu/business/   hnp://www.walt.com/case-­‐studies/ssh/   hnps://wiki.duke.edu/display/oitwebstyle/Informa@on+Display+-­‐+Slide+Examples   hnp://blogs.sans.org/securingthehuman/files/2012/04/S@cker.png   hnp://www.cer@fiednerds.com/run-­‐regular-­‐an@-­‐virus-­‐updates-­‐and-­‐scans/   hnp://www.thisisvisceral.com/2013/08/development-­‐@ps-­‐tricks-­‐summer-­‐2013/   hnp://lave@.wordpress.com/2012/12/09/developing-­‐informa@on-­‐security-­‐policy/  

Recomendados

7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations7 Habits of Highly Secure Organizations
7 Habits of Highly Secure OrganizationsHelpSystems
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security StrategyLaura Vanassche
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecuritySmartCompliance
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Ben Rothke
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITYRazorpoint Security
 
Mca Erg Oct 09
Mca Erg Oct 09Mca Erg Oct 09
Mca Erg Oct 09Donald Tabone
 

Recomendados

7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations7 Habits of Highly Secure Organizations
7 Habits of Highly Secure OrganizationsHelpSystems
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security StrategyLaura Vanassche
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Lock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecurityLock it or Lose It: Why Every Company Should be Concerned About Data Security
Lock it or Lose It: Why Every Company Should be Concerned About Data SecuritySmartCompliance
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Ben Rothke
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISSaazan Shrestha
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITYRazorpoint Security
 
Mca Erg Oct 09
Mca Erg Oct 09Mca Erg Oct 09
Mca Erg Oct 09Donald Tabone
 
Why SMBs Outsource IT to MSPs
Why SMBs Outsource IT to MSPsWhy SMBs Outsource IT to MSPs
Why SMBs Outsource IT to MSPsThe TNS Group
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Rui Miguel Feio
 
How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)Rui Miguel Feio
 
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2Rui Miguel Feio
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017Etienne Liebetrau
 
(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)Rui Miguel Feio
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practicesBen Rothke
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryKevin Landale
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security ContinuumMartin Hingley
 
Selling to The IT Department
Selling to The IT DepartmentSelling to The IT Department
Selling to The IT Department3VR Inc.
 
Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Rui Miguel Feio
 
Secure Your Business 2009
Secure Your Business 2009Secure Your Business 2009
Secure Your Business 2009RCioffi
 
Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Rui Miguel Feio
 
Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)Rui Miguel Feio
 
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.22017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2Rui Miguel Feio
 
Boca Chamber and Simplitfy - Work From Home Game Plan
Boca Chamber and Simplitfy - Work From Home Game PlanBoca Chamber and Simplitfy - Work From Home Game Plan
Boca Chamber and Simplitfy - Work From Home Game PlanErick Solms
 
Feature and benefit it words
Feature and benefit it wordsFeature and benefit it words
Feature and benefit it wordsApixel IT Support
 
Website homepage presentation
Website homepage presentationWebsite homepage presentation
Website homepage presentationpeaceofmintech
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
SSL, HSTS and other stuff with two eSSes
SSL, HSTS and other stuff with two eSSesSSL, HSTS and other stuff with two eSSes
SSL, HSTS and other stuff with two eSSesTiago Mendo
 
SANS 20 Security Controls
SANS 20 Security ControlsSANS 20 Security Controls
SANS 20 Security ControlsCasey Wimmer
 
0214 sans - auditing critical cntrls
0214 sans - auditing critical cntrls0214 sans - auditing critical cntrls
0214 sans - auditing critical cntrlsWayne Parton
 

Mais conteúdo relacionado

Mais procurados

Why SMBs Outsource IT to MSPs
Why SMBs Outsource IT to MSPsWhy SMBs Outsource IT to MSPs
Why SMBs Outsource IT to MSPsThe TNS Group
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Rui Miguel Feio
 
How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)Rui Miguel Feio
 
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2Rui Miguel Feio
 
(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)Rui Miguel Feio
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practicesBen Rothke
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryKevin Landale
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security ContinuumMartin Hingley
 
Selling to The IT Department
Selling to The IT DepartmentSelling to The IT Department
Selling to The IT Department3VR Inc.
 
Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Rui Miguel Feio
 
Secure Your Business 2009
Secure Your Business 2009Secure Your Business 2009
Secure Your Business 2009RCioffi
 
Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Rui Miguel Feio
 
Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)Rui Miguel Feio
 
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.22017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2Rui Miguel Feio
 
Boca Chamber and Simplitfy - Work From Home Game Plan
Boca Chamber and Simplitfy - Work From Home Game PlanBoca Chamber and Simplitfy - Work From Home Game Plan
Boca Chamber and Simplitfy - Work From Home Game PlanErick Solms
 
Feature and benefit it words
Feature and benefit it wordsFeature and benefit it words
Feature and benefit it wordsApixel IT Support
 
Website homepage presentation
Website homepage presentationWebsite homepage presentation
Website homepage presentationpeaceofmintech
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 

Mais procurados (19)

Why SMBs Outsource IT to MSPs
Why SMBs Outsource IT to MSPsWhy SMBs Outsource IT to MSPs
Why SMBs Outsource IT to MSPs
 
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
 
How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)
 
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017
 
(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)
 
Rothke effective data destruction practices
Rothke effective data destruction practicesRothke effective data destruction practices
Rothke effective data destruction practices
 
ISM and its impact on Government Project Delivery
ISM and its impact on Government Project DeliveryISM and its impact on Government Project Delivery
ISM and its impact on Government Project Delivery
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security Continuum
 
Selling to The IT Department
Selling to The IT DepartmentSelling to The IT Department
Selling to The IT Department
 
Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)
 
Secure Your Business 2009
Secure Your Business 2009Secure Your Business 2009
Secure Your Business 2009
 
Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2
 
Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)
 
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.22017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
 
Boca Chamber and Simplitfy - Work From Home Game Plan
Boca Chamber and Simplitfy - Work From Home Game PlanBoca Chamber and Simplitfy - Work From Home Game Plan
Boca Chamber and Simplitfy - Work From Home Game Plan
 
Feature and benefit it words
Feature and benefit it wordsFeature and benefit it words
Feature and benefit it words
 
Website homepage presentation
Website homepage presentationWebsite homepage presentation
Website homepage presentation
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 

Destaque

SSL, HSTS and other stuff with two eSSes
SSL, HSTS and other stuff with two eSSesSSL, HSTS and other stuff with two eSSes
SSL, HSTS and other stuff with two eSSesTiago Mendo
 
SANS 20 Security Controls
SANS 20 Security ControlsSANS 20 Security Controls
SANS 20 Security ControlsCasey Wimmer
 
0214 sans - auditing critical cntrls
0214 sans - auditing critical cntrls0214 sans - auditing critical cntrls
0214 sans - auditing critical cntrlsWayne Parton
 
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...Venafi
 
SANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls SurveySANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls SurveyEdgar Alejandro Villegas
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Skybox Security
 
Ebook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security ControlsEbook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security ControlsDominique Dessy
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controlsEnclaveSecurity
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure EnterpriseIBM Security
 
Security initiatives here and down under
Security initiatives here and down underSecurity initiatives here and down under
Security initiatives here and down underRoger Hagedorn
 
National Security & National Interests – Implications
National Security & National Interests – ImplicationsNational Security & National Interests – Implications
National Security & National Interests – Implicationsrajaram.muthukrishnan
 

Destaque (14)

SSL, HSTS and other stuff with two eSSes
SSL, HSTS and other stuff with two eSSesSSL, HSTS and other stuff with two eSSes
SSL, HSTS and other stuff with two eSSes
 
SANS 20 Security Controls
SANS 20 Security ControlsSANS 20 Security Controls
SANS 20 Security Controls
 
0214 sans - auditing critical cntrls
0214 sans - auditing critical cntrls0214 sans - auditing critical cntrls
0214 sans - auditing critical cntrls
 
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
 
SANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls SurveySANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls Survey
 
Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11Using a Network Model to Address SANS Critical Controls 10 and 11
Using a Network Model to Address SANS Critical Controls 10 and 11
 
Ebook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security ControlsEbook: Splunk SANS - CIS Top 20 Critical Security Controls
Ebook: Splunk SANS - CIS Top 20 Critical Security Controls
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
 
Cyber_Defense_Presentation
Cyber_Defense_PresentationCyber_Defense_Presentation
Cyber_Defense_Presentation
 
SECURITY AWARENESS
SECURITY AWARENESSSECURITY AWARENESS
SECURITY AWARENESS
 
Security initiatives here and down under
Security initiatives here and down underSecurity initiatives here and down under
Security initiatives here and down under
 
Online banking ppt
Online banking pptOnline banking ppt
Online banking ppt
 
National Security & National Interests – Implications
National Security & National Interests – ImplicationsNational Security & National Interests – Implications
National Security & National Interests – Implications
 

Semelhante a 12 Simple Cybersecurity Rules For Your Small Business

IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentationJMS Secure Data
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
Securing Mobile Devices in the Workplace - Six Tips For Midsize Businesses
Securing Mobile Devices in the Workplace - Six Tips For Midsize BusinessesSecuring Mobile Devices in the Workplace - Six Tips For Midsize Businesses
Securing Mobile Devices in the Workplace - Six Tips For Midsize BusinessesMidmarketIBM
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are ComingErnest Staats
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012RECIPA
 
Net essentials6e ch10
Net essentials6e ch10Net essentials6e ch10
Net essentials6e ch10APSU
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...Leif Davidsen
 
Domains of network security
Domains of network securityDomains of network security
Domains of network securityKeithThai1
 
Java Card Platform Security and Performance
Java Card Platform Security and PerformanceJava Card Platform Security and Performance
Java Card Platform Security and PerformanceEric Vétillard
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are comingErnest Staats
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentationJMS Secure Data
 
Security & Privacy - Lecture D
Security & Privacy - Lecture DSecurity & Privacy - Lecture D
Security & Privacy - Lecture DCMDLearning
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 

Semelhante a 12 Simple Cybersecurity Rules For Your Small Business (20)

IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
IT Security Strategy
IT Security StrategyIT Security Strategy
IT Security Strategy
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentation
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
 
Hugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric ImpHugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric Imp
 
Securing Mobile Devices in the Workplace - Six Tips For Midsize Businesses
Securing Mobile Devices in the Workplace - Six Tips For Midsize BusinessesSecuring Mobile Devices in the Workplace - Six Tips For Midsize Businesses
Securing Mobile Devices in the Workplace - Six Tips For Midsize Businesses
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
 
17 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_201217 info sec_ma_imt_27_2_2012
17 info sec_ma_imt_27_2_2012
 
Net essentials6e ch10
Net essentials6e ch10Net essentials6e ch10
Net essentials6e ch10
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
Domains of network security
Domains of network securityDomains of network security
Domains of network security
 
Java Card Platform Security and Performance
Java Card Platform Security and PerformanceJava Card Platform Security and Performance
Java Card Platform Security and Performance
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are coming
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security Arsenal
 
Jms secure data presentation
Jms secure data presentationJms secure data presentation
Jms secure data presentation
 
Security & Privacy - Lecture D
Security & Privacy - Lecture DSecurity & Privacy - Lecture D
Security & Privacy - Lecture D
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security Operations
 

Último

SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 

Último (20)

SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 

12 Simple Cybersecurity Rules For Your Small Business

  • 1. 12  Simple  Cybersecurity  Rules  for   Your  Small  Business   James  Cannady,  Ph.D.  
  • 2. Purpose  of  this  presenta@on   •  Small  businesses  form  the  founda@on  of  our   economy.    Their  need  for  informa@on  security  is   as  great  as  a  mul@-­‐na@onal  business,  but  they   usually  do  not  have  the  resources  to  dedicate  to   protec@ng  their  systems.   •  Security  does  not  have  to  be  as  complicated  (or   expensive)  as  it  may  seem   •  The  following  rules  are  designed  to  serve  as   guidelines  for  small  businesses  as  they  consider   op@ons  for  securing  their  computer  resources.  
  • 3. Rule  #1:  Focus  on  the  Business  
  • 4. Concentrate  on  the  Business     •  Security  is  a  support  func@on  for  the  business.     It  is  not  “the”  business.   •  Choose  security     technologies  and   techniques  that  support   and  enable  the  business   •  Avoid  changing  the  business   to  accommodate  security   products  (there  are  lot’s  of   op@ons)   2
  • 5. Concentrate  on  the  Business   Secure   Opera@ons       Security  Technologies             Security  Services           Security  Policy       Business  Requirements  
  • 6. Rule  #2:  Decide  How  Much                           Security  You  Really  Need  
  • 7. What  do  you  need?   •  There  are  a  variety  of  available  security   technologies   •  Price/availability/interoperability  must  all  be   considered   •  Some@mes  doing  nothing  is  OK   •  Defense  in  Depth  as  a  strategy  for  a  secure   infrastructure  
  • 8. What  do  you  need?   •  Security  is  cumula@ve   •  No  single  solu@on   •  “We  have  a  firewall!!!”   •  Examine  cost/benefit  of   each  approach  vs.  cost  of   security  incidents   •  Focus  first  on  biggest   vulnerabili@es   •  Get  what  you  need,  but  no  more.   3
  • 9. Rule  #3:  Preven@on  Is  Easier  Than  The   Cure  
  • 10. Security  is  more  than  technology   •  Employee  awareness  of  need  for  security   –  Formal  training  vs  teaching  moments   •  Opera@ons  Security   –  The  whole  point  of  opera@ons  security  is  to  have  a  set  of   opera@onal  (daily,  habit  ingrained)  prac@ces  that  make  it   harder  for  another  group  to  compile  cri@cal  informa@on.      
  • 11. Rule  #4:  Understand  Your  Security  
  • 12. It’s  Your  Security   •  Not  everything  can  be  done  in-­‐house   –  You  will  have  to  buy  at  least  some  commercial  products   –  You  may  need  to  bring  in  outside  consultants   •  Make  sure  that  all  security  components  are  well   documented     –  Configura@on,  installa@on,  etc.   –  Changes  will  need  to  be  made  eventually   •  Be  careful  with  faculty  defaults   –  Easier  for  remote  tech  services,  but  poten@al   vulnerabili@es  
  • 13. Rule  #5:  Start  With  The  Security        That  You  Already  Have  
  • 14. Use  The  Security  Sodware  That  You   Already  Own   •  OS  built-­‐in  security   –  Firewall   –  Built-­‐in  file  encryp@on     •  Not  the  strongest,  but…   •  Browser  Security   –  No  pop-­‐ups   –  Limit  access  to  certain  websites   –  Lock  segngs  to  avoid  changes   that  may  compromise  security   5
  • 15. Rule  #6:  Back-­‐up  Your  Important  Data  
  • 16. Data  Back-­‐ups   •  Simple  vs.  Complex   •  Cheap  vs.  Expensive   •  Timeconsuming  vs.   Scheduled   •  Manual  vs.  Automated   •  Op@ons   •  CD-­‐Roms/Thumb  drives   •  Carbonite   •  How  Oden?  
  • 17. Rule  #7:  Use  An@viral  Programs  
  • 18. An@virus   •  Rela@ve  cheap   •  User  friendly   •  Scan  every  download   •  Also  consider  spyware/ adware  protec@on   •  Keep  it  up-­‐to-­‐date   6
  • 19. Rule  #8:  Limit  Access  To  Your        Sensi@ve  Data  
  • 20. Access  Control   •  System  administra@on  is  a  one  person  job   –  Only  one  person  needs  to  be  able  to  have  full   control  over  the  system  (backup  sysadmin  ok,  but   no  more)   •  The  crown  jewels  of  the  business  need  to  be   limited  to  specific  personnel   –  How?   •  Password-­‐protected  files   •  Separate  computers  for  sensi@ve  data   4
  • 21. Rule  #9:  Secure  Your  Wi-­‐Fi  
  • 22. Secure  Your  Wi-­‐Fi   •  Almost  every  business  has  one.   •  They  are  easy  to  find  and  easy  to  exploit,   especially  if  simple  secure  measures  are  not   used   •  Current  encryp@on  standards  for  WIFI  are  not   par@cularly  strong,  but  it  is  usually  enough  to   dissuade  the  bad  guys,  especially  since  there   are  almost  certainly  unsecured  WiFi’s  nearby   1
  • 23. Rule  #10:  Create  a  Security  Policy  
  • 24. Security  Policies   —  Start  with  a  wrinen  Security  Policy.   —  You  must  have  a  plan   —  Know  your  assets  and  know  your  risks   —  Cover  the  basics  first.   —  Then  apply  technology  to  support  your  policy  and   solve  specific  problems.   —  —  —  —  Authen@ca@on   Confiden@ality  and  Integrity   Perimeter  defense   Intrusion  Detec@on  and  Audit   8
  • 25. Rule  #11:  Don’t  Forget  to  Lock  the   Door  
  • 26. Physical  Security   •  Physical  security  is  as  important  as  any  other   form  of  informa@on  security   •  Computers  should  not  be  accessible  by   unauthorized  users     Servers  should  be  guarded   •  with  sufficient  care  to   protect  the  data  they   contain.   •  Challenge  strangers     8
  • 27. Rule  #12:  Security  is  Not  Magic  
  • 28. There  is  no  panacea   Security  is  the  process  of  enabling  the   protected  informa@on  system  to  do  what   it  was  designed  to  do.    Nothing  more,   nothing  less.   You  will  not  have  perfect  security,  no  maner   how  much  money  you  are  able  to  spend   …but  it  doesn’t  have  to  be  perfect.     7
  • 29. Take  Home  Points   •  Security  is  not  the  business,  it  supports  the  business   •  Decide  what  you  need,  don’t  rely  on  a  vendor  to  tell   you  what  you  need   •  There  are  a  variety  of  inexpensive  (or  free)  approaches   to  security  that  provide  excellent  protec@on   •  Physical  security  is  at  least  as  important  as  any  other   form  of  protec@on   •  Don’t  strive  for  perfect  security.    You  only  need  to   secure  enough  that  its  not  worth  the  effort  required  of   the  bad  guys    
  • 30. James  Cannady,  Ph.D.     Graduate  School  of  Computer  and  Informa@on   Sciences   Nova  Southeastern  University   cannady@nova.edu  
  • 31. Photo  Acknowledgements   1.  2.  3.  4.  5.  6.  7.  8.  hnp://www.pcworld.com/ar@cle/2052158/5-­‐wi-­‐fi-­‐security-­‐myths-­‐you-­‐must-­‐abandon-­‐ now.html   hnp://www.lbcc.edu/business/   hnp://www.walt.com/case-­‐studies/ssh/   hnps://wiki.duke.edu/display/oitwebstyle/Informa@on+Display+-­‐+Slide+Examples   hnp://blogs.sans.org/securingthehuman/files/2012/04/S@cker.png   hnp://www.cer@fiednerds.com/run-­‐regular-­‐an@-­‐virus-­‐updates-­‐and-­‐scans/   hnp://www.thisisvisceral.com/2013/08/development-­‐@ps-­‐tricks-­‐summer-­‐2013/   hnp://lave@.wordpress.com/2012/12/09/developing-­‐informa@on-­‐security-­‐policy/