SlideShare a Scribd company logo

Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC

AT-NET Services, Inc. - Charleston Division
AT-NET Services, Inc. - Charleston Division

Cyber Security presentation for the GS-GMIS in Columbia, SC on 7-19-2018, 125 people present, discussion at an Executive level to help Project Managers better understand Cyber Security and recent updates and guidance to help you plan for your company

Business
1 of 65
Download to read offline
CYBER SECURITY FOR NON-TECHNICAL EXECUTIVE
Corporate Overview AT-NET Services offers comprehensive engineering services for the life cycle of your system; design, build, secure and manage
CYBER SECURITY FOR NON-TECHNICAL EXECUTIVE ROGER.SWANSON@EXPERTIP.NET / 843-576-3773 @ROGER_SWANSON HTTPS://WWW.LINKEDIN.COM/IN/ROGERSWANSON
CYBER SECURITY FOR NON-TECHNICAL EXECUTIVE AGENDA: - 45 MIN PRESENTATION, 10-MINUTE BREAK, - 30-MINUTE SECOND SESSION, - QUESTION & ANSWER PERIOD
LEARNING OBJECTIVES 1.INTRODUCTION TO CYBER SECURITY 2.CYBER SECURITY PRINCIPLES 3.INFORMATION SECURITY LIFECYCLE MANAGEMENT 4.RISKS & VULNERABILITIES 5.PLANNING YOUR CYBER SECURITY PROGRAM 6.INCIDENT RESPONSE ACTIONS
1. INTRODUCTION TO CYBER SECURITY Internet RealWorld • Technology expansion helped Internet to develop, • Internet is integrated in almost all forms of human activity, • It can’t be observed apart from the real world, • Damage in cyber space significantly affect physical world.
Type of Action • Interception of data • Interference with data reception • Illegal access • Data destruction • spying • Sabotage • Service denial • Identity theft Type of Perpetrator • Hackers • Cyber criminals • Cyber warriors • Cyber terrorist Type of Target • Individuals • Companies • Public institutions • State bodies • Critical infrastructure 1.1. Cyber Security terms and definitions
1.2. Cyber Security roles Threat management forensics Risk analytics and management Policy makers and Strategists Engineering, Architecture and Design Education, training and awareness Operations and security management Lawyer (internet crime and data protection) Chief technology officersResearch
1.3. Cyber Security big picture
1.4. Differences between Information Security & Cyber Security Digital Information Information Other things than information Analog Information Things that are vulnerable through ICTInformation Information Security Cyber Security
2. Cyber Security Principles CONFIDENTIALITY INTEGRITY AVAILABILITY NON-REPUDATION AUTHENTICATION CYBERSECURITY • Fundamental properties that must be maintained. • These are what we protect
Authentication Non-repudiation •The ability to verify the identity of an individual or entity. Authentication is entity oriented. •The ability to correlate, with high certainty, a recorded action with its originating individual or entity. Non- repudiation is entity oriented 2.2. Authentication (2FA/TFA) & securing data at rest and in transit
2.3. Best practices for office and remote users 1. Balance Protection With Utility 2. Split Up the Users and Resources 3. Assign Minimum Privileges 4. Use Independent Defenses 5. Plan for Failure 6. Record, Record, Record 7. Run Frequent Tests
3.1. Lifecycle management landscape Seed And Development Startup Growth And Establishment Expansion Maturity And Possible Exit 3. Information Security (IS) within Lifecycle Management of business systems
3.2. Security architecture processes Phase 1: Conducting Security Assessments Phase 5: Integration of Security Practices to Maintain Secure Status Phase 3: Construction of Policies and Procedures Phase 2: Formulation of Target Security Architecture Designs Phase 4: Implementation of Target Security Architecture Design
3.2. Security Architecture Lifecycle Policy, Standards, Process, Metrics, Assurance Architectural Risk Analysis Security Architecture & Design Implementation Operations & Monitoring
3.3. Security architecture tools Process Defence in Depth Metrics SDL Identity Management Vulnerability Management Threat Management Data Application Host Network Risk Metrics Enterprise Reporting Domain Metrics Assurance Policy & Standards Risk Management Security Architecture Goals
Why you should get true professional guidance? Conducting technical investigations Providing resourcing and response expertise Performing cyber security analysis
3.4. Lifecycle management concepts ECONOMY Profit ENVIRNOMENT Planet SOCIATY People Livability Eco-efficiencyEquity SUSTAINABILITY
2.1. Confidentiality, Integrity, & Availability Confidentiality represents a set of rules that limits access to information, Integrity is the assurance that the information is accurate, and Availability is a guarantee of reliable access to the information by authorized people.
NIST FRAMEWORK This voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity- related risk. The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.
4. RISKS & VULNERABILITIES 4.1. Basics of risk management Risks • Business disruption • Financial losses • Loss of privacy • Damage to reputation • Loss of confidence • Legal penalties • Impaired growth • Loss of life Vulnerabilities • Software bugs • Broken processes • Ineffective controls • Hardware flaws • Business change • Legacy systems • inadequate BCP • Human error
The critical components of your business 1. Technical infrastructure that supports your critical assets 2. Cyber security landscape relevant to your organization 3. Different types of cyber security threats that you are concerned about 4. Sources of these threats, such as organized crime syndicates, state-sponsored organizations, extremist groups, hacktivists, insiders – or a combination of these 5. Possible threat vectors for attacks to exploit 6. Vulnerabilities to each particular threat
4.2. What can you do to minimize risk? 1 2 3 4 5 Start with a cyber security baseline All organizations face risks, no matter the size Accept some risk Think about situations in which you could be compromised Understand what you care about, and why 6 7 8 9 Balance cyber risks against other types of risk Learn from security solutions used by other organizations Keep an eye out for cyber security myths Be aware of the strengths and weaknesses of risk management techniques
What are the biggest threats? • Theft or unauthorized access of hardware, computers and mobile devices • Infect computers with viruses and malware • Attack your technology or website • Attack third party systems • Spam you with emails containing viruses • Gain access to information through your employees
What does the organization value most? • Customer records • Personal information • Financial records • Business plans • New business ideas • Marketing plans • Intellectual properties • Product design • Patent applications • Employee records
What kind of attack would be the most damaging to the organization? • from theft of money, information, disruption to businessFinancial loss • damage to reputation, damage to other companies you rely on to do businessBusiness loss • getting your affected systems up and running Costs • time notifying the relevant authorities and institutions of the incidentInvestment loss
Angry employees Dishonest employees Criminals Governments Terrorist The press Competitors Hackers 4.3. Operational threat environments
Conduct a criticality assessment 1 2 3 4 5 Defining their critical information assets Determining which cyber security threats are most likely to affect these critical information assets Determining the likely (or actual) level of business impact associated with a possible cyber security incident Raising awareness about the need for an effective cyber security response capability Applying the relevant management or technical controls to reduce the likelihood and impact of cyber security incidents affecting their critical information assets
Classes of attacks 1 2 3 4 5 6 7 8 9 10 Phishing Trojans, Botnets, Wiper Attacks Distributed Denial of Service (DDoS) Ransomware Man in the Middle (MITM) Spyware/Malware Theft of Money Data Manipulation and Destruction Intellectual Property Theft Rogue or Unpatched Software
Who could be a threat to your business? criminals clients you do business with business competitors current or former employees
Data Collection Identifying the Scope Analysis of Policies and Procedures Threat Analysis Vulnerability Analysis Correlation and assessment of Risk Acceptability 5. PLANNING YOUR CYBER SECURITY PROGRAM
This presentation – Cyber Security for Non-Tech Exec, 5.1. Templates for Immediate use WWW.LINKEDIN.COM/IN/ROGERSWANSON (SLIDESHARE) DR Checklist – action items listed for planning https://www.slideshare.net/roger_swanson/12-point-disaster-checklist Project Management - Cyber Planning NIST CSPW 04162018 https://www.slideshare.net/roger_swanson/framework-for- improving-critical-infrastructure-cybersecurity- nistcswp04162018
Cyber Security Program Development This essential guide, with its dozens of examples and case studies, breaks down every element of the development and management of a cybersecurity program for the executive. https://www.linkedin.com/in/chrismoschovitis/
CIA Triad - Confidentiality, Integrity, & Availability Confidentiality represents a set of rules that limits access to information, Integrity is the assurance that the information is accurate, and Availability is a guarantee of reliable access to the information by authorized people.
NIST FRAMEWORK Cybersecurity Enhancement Act of 2014 – CEA updated the role of the National Institute of Standards and Technology (NIST) to “facilitate and support the development of” cybersecurity risk frameworks”. Through CEA, NIST must identify: “a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls that may be voluntarily adopted by owners and operators of critical infrastructure to help them identify, assess, and manage cyber risks.”
NIST FRAMEWORK Cybersecurity Enhancement Act of 2014 – CEA updated the role of the National Institute of Standards and Technology (NIST) to “facilitate and support the development of” cybersecurity risk frameworks”. Through CEA, NIST must identify: “a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls that may be voluntarily adopted by owners and operators of critical infrastructure to help them identify, assess, and manage cyber risks.” Copy this short cut to watch video - bit.ly/NIST-VIDEO-FRAMEWORK
NIST FRAMEWORK This voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity- related risk. The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.
NIST FRAMEWORK The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Implementation Tiers, and the Framework Profiles
NIST FRAMEWORK Framework Core, provides a set of activities to achieve specific cybersecurity outcomes, and references examples of guidance to achieve those outcomes. These are call Functions they are used to help manage risk to show impact of investments in cyber security .
NIST FRAMEWORK Framework Functions and Categories:
NIST FRAMEWORK Implementation Tiers – The Framework Implementation Tiers (“Tiers”) provide context on how an organization views cybersecurity risk and the processes in place to manage that risk. Ranging from Partial (Tier 1) to Adaptive (Tier 4), Tiers describe an increasing degree of rigor and sophistication in cybersecurity risk management practices. Implementation Tiers: Tier 1 = not formalized, ad hoc Tier 2 = aware not established Tier 3 = formally approved, implemented Tier 4 = formal program, using predictive & risk informed tools with advanced adaptive response to threats
NIST FRAMEWORK Framework Profiles The Framework Profile (“Profile”) is the alignment of the Functions, Categories, and Subcategories with the business requirements, risk tolerance, and resources of the organization Supporting Risk Management with the Framework
NIST FRAMEWORK There are several governance stakeholders common to most organizations that span an organization. These stakeholders include senior leadership, a CIO, information security personnel, and a chief financial officer (CFO), among others. The specific requirements of each role may differ with the degree of information security governance centralization or in response to the specific missions and needs of an organization.
NIST FRAMEWORK Initiation Phase – All information technology (IT) projects have a starting point. During the initiation phase, the organization establishes the need for a particular system and documents its purpose.
NIST FRAMEWORK Development/Acquisition Phase - During this phase, the system is designed, purchased, programmed, developed, or otherwise constructed. This phase often consists of other defined cycles, such as the system development cycle or the acquisition cycle.
NIST FRAMEWORK Implementation Phase – In the implementation phase, the organization configures and enables system security features, tests the functionality of these features, installs or implements the system, and finally, obtains a formal authorization to operate the system.
NIST FRAMEWORK Operations/Maintenance Phase – The organization should continuously monitor performance of the system to ensure that it is consistent with pre-established user and security requirements, and needed system modifications are incorporated.
NIST FRAMEWORK Disposal Phase – The disposal phase of the system life cycle refers to the process of preserving (if applicable) and discarding system information, hardware, and software
NIST IR 8170 FRAMEWORK The Cybersecurity Framework Implementation Guidance for Federal Agencies SP 800-37, Guide for Applying the Risk Management Framework to Federal 666 Information Systems,
The Cybersecurity Framework Implementation Guidance This report illustrates eight use cases in which federal agencies can leverage the Cybersecurity Framework to address common cybersecurity- related responsibilities.
The Cybersecurity Framework Implementation Guidance 1. Integrate Enterprise and Cybersecurity Risk Management 2. Manage Cybersecurity Requirements 3. Integrate and Align Cybersecurity and Acquisition 4. Evaluate Organizational Cybersecurity 5. Manage the Cybersecurity Program 6. Maintain a Comprehensive Understanding of Cyber Risks 7. Report Cybersecurity Risks 8. Inform the Tailoring Process
5.2. Evaluating exposure for Risks & Vulnerabilities 1 2 3 Technical infrastructure that supports your critical assets Cyber security landscape relevant to your organization Different types of cyber security threats that you are concerned about 4 5 6 Possible threat vectors for attacks to exploit Sources of these threats Vulnerabilities to each particular threat
5.3. Action items and next step All federal agencies are charged and entrusted with safeguarding the information that is contained in their systems and with ensuring that these systems operate securely and reliably. http://bit.ly/NISTIR-8170
6.1. Who do you contact if you suspect a problem People within the Organization Law Enforcement The Department of Homeland Security Other Potential Victims 6. INCIDENT RESPONSE
6.2. SEIM (Security Emergency Implementation Management) Plan Step 1 Identify cyber security incident Step 2 . Define objectives and investigate situation Step 3 . Take appropriate action Step 4 . Recover systems, data and connectivity
6.3. Agencies: Local Federal Private forensic Choosing the right help
6.4. Best steps for remediation Investigate the incident more thoroughly Step1 Report the incident to relevant stakeholders Step2 Carry out a post incident review Step3 Perform trend analysis Step6 Communicate and build on lessons learnt Step4 Update key information, controls and processes Step5
Isolating the risk/attack
6.5. Ongoing protection/prevention • Develop clear policies and procedures for your business and employees. • Produce a cyber security incident response management plan • Train new and existing staff on your cyber security policies and procedures • Keep your computers, website and Point-of-Sale (POS) systems up-to-date • Ensure you back-up important data and information regularly
Methodology Our Solutions are designed to protect every aspect of your IT infrastructure. Our cyclical approach allows us to assist at any point in your company’s security process. • Assess - Discover Strengths & Vulnerabilities • Design - Create & Plan Strategies • Build - Construct Intuitive Solutions • Secure - Protect Valuable Assets • Manage - Complete Systems Support
Locations: Corporate Charlotte Office 3401 Vardell Lane, Suite D Charlotte, NC 28217 Phone: 704.831.2500 Email: sales@at-net.net Atlanta, GA Office Phone: 866.275.4734 Charleston, SC Office Phone: 843.576.3773 Columbia, SC Office Phone: 803.929.5372 Greenville, SC Office Phone: 864.679.0006 Knoxville, TN Office Phone: 866.708.0886 Washington, DC Office Phone: 877.734.4364
Questions & Answers
CYBER SECURITY FOR NON-TECHNICAL EXECUTIVE ROGER.SWANSON@EXPERTIP.NET / 843-576-3773 @ROGER_SWANSON HTTPS://WWW.LINKEDIN.COM/IN/ROGERSWANSON

Recommended

Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)AT-NET Services, Inc. - Charleston Division
 
Cyber security
Cyber securityCyber security
Cyber securityEduonix
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsJohn Gilligan
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityrahulbhardwaj312501
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 
Cybersecurity technology adoption survey
Cybersecurity technology adoption surveyCybersecurity technology adoption survey
Cybersecurity technology adoption surveyPaperjam_redaction
 

Recommended

Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)AT-NET Services, Inc. - Charleston Division
 
Cyber security
Cyber securityCyber security
Cyber securityEduonix
 
Cyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsCyber Security: Threats and Needed Actions
Cyber Security: Threats and Needed ActionsJohn Gilligan
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityrahulbhardwaj312501
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 
Cybersecurity technology adoption survey
Cybersecurity technology adoption surveyCybersecurity technology adoption survey
Cybersecurity technology adoption surveyPaperjam_redaction
 
The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017R-Style Lab
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018joshquarrie
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Protection against cyber threats
Protection against cyber threatsProtection against cyber threats
Protection against cyber threatsTIKAJ
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security TechnologiesRuchikaSachdeva4
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityADGP, Public Grivences, Bangalore
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber securitySAHANAHK
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityAvantika University
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityAdri Jovin
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityJamshidRaqi
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-managementMark Gibson
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Latest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security ThreatsLatest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security ThreatsB R SOFTECH PVT LTD
 
Microsoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterpriseMicrosoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterprisessuserd58af7
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
 

More Related Content

What's hot

The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017R-Style Lab
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018joshquarrie
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
 
Protection against cyber threats
Protection against cyber threatsProtection against cyber threats
Protection against cyber threatsTIKAJ
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security TechnologiesRuchikaSachdeva4
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber securitySAHANAHK
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public SectorScott Geye
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityAvantika University
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityAdri Jovin
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-managementMark Gibson
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)WAJAHAT IQBAL
 
Latest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security ThreatsLatest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security ThreatsB R SOFTECH PVT LTD
 

What's hot (20)

The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017The Importance of Cybersecurity in 2017
The Importance of Cybersecurity in 2017
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 
Protection against cyber threats
Protection against cyber threatsProtection against cyber threats
Protection against cyber threats
 
презентация1
презентация1презентация1
презентация1
 
Hot Cyber Security Technologies
Hot Cyber Security TechnologiesHot Cyber Security Technologies
Hot Cyber Security Technologies
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector2016 - Cyber Security for the Public Sector
2016 - Cyber Security for the Public Sector
 
What is Cyber Security - Avantika University
What is Cyber Security - Avantika UniversityWhat is Cyber Security - Avantika University
What is Cyber Security - Avantika University
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Icit analysis-identity-access-management
Icit analysis-identity-access-managementIcit analysis-identity-access-management
Icit analysis-identity-access-management
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
 
Latest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security ThreatsLatest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security Threats
 

Similar to Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC

Microsoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterpriseMicrosoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterprisessuserd58af7
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 
Laser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, EntredaLaser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, EntredaLaser App Software
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingSPI Conference
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Information Technology Security Management
Information Technology Security ManagementInformation Technology Security Management
Information Technology Security ManagementMITSDEDistance
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)OnRamp
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
 
Effective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesEffective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesShawn Tuma
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At MicrosoftMark J. Feldman
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Dalia Reda
 

Similar to Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC (20)

Microsoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterpriseMicrosoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterprise
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Laser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, EntredaLaser App Conference 2017 - Sid Yenamandra, Entreda
Laser App Conference 2017 - Sid Yenamandra, Entreda
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Information Technology Security Management
Information Technology Security ManagementInformation Technology Security Management
Information Technology Security Management
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)Too Small to Get Hacked? Think Again (Webinar)
Too Small to Get Hacked? Think Again (Webinar)
 
CCA study group
CCA study groupCCA study group
CCA study group
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
Effective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesEffective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businesses
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At Microsoft
 
Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...Security Solution - IBM Business Connect Qatar Defend your company against cy...
Security Solution - IBM Business Connect Qatar Defend your company against cy...
 

Recently uploaded

Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesDavidSamuel525586
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxsaniyaimamuddin
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 

Recently uploaded (20)

Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Entrepreneurship lessons in Philippines
Entrepreneurship lessons in PhilippinesEntrepreneurship lessons in Philippines
Entrepreneurship lessons in Philippines
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 

Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC

  • 2. Corporate Overview AT-NET Services offers comprehensive engineering services for the life cycle of your system; design, build, secure and manage
  • 3. CYBER SECURITY FOR NON-TECHNICAL EXECUTIVE ROGER.SWANSON@EXPERTIP.NET / 843-576-3773 @ROGER_SWANSON HTTPS://WWW.LINKEDIN.COM/IN/ROGERSWANSON
  • 4. CYBER SECURITY FOR NON-TECHNICAL EXECUTIVE AGENDA: - 45 MIN PRESENTATION, 10-MINUTE BREAK, - 30-MINUTE SECOND SESSION, - QUESTION & ANSWER PERIOD
  • 5. LEARNING OBJECTIVES 1.INTRODUCTION TO CYBER SECURITY 2.CYBER SECURITY PRINCIPLES 3.INFORMATION SECURITY LIFECYCLE MANAGEMENT 4.RISKS & VULNERABILITIES 5.PLANNING YOUR CYBER SECURITY PROGRAM 6.INCIDENT RESPONSE ACTIONS
  • 6. 1. INTRODUCTION TO CYBER SECURITY Internet RealWorld • Technology expansion helped Internet to develop, • Internet is integrated in almost all forms of human activity, • It can’t be observed apart from the real world, • Damage in cyber space significantly affect physical world.
  • 7.
  • 8. Type of Action • Interception of data • Interference with data reception • Illegal access • Data destruction • spying • Sabotage • Service denial • Identity theft Type of Perpetrator • Hackers • Cyber criminals • Cyber warriors • Cyber terrorist Type of Target • Individuals • Companies • Public institutions • State bodies • Critical infrastructure 1.1. Cyber Security terms and definitions
  • 9. 1.2. Cyber Security roles Threat management forensics Risk analytics and management Policy makers and Strategists Engineering, Architecture and Design Education, training and awareness Operations and security management Lawyer (internet crime and data protection) Chief technology officersResearch
  • 10. 1.3. Cyber Security big picture
  • 11. 1.4. Differences between Information Security & Cyber Security Digital Information Information Other things than information Analog Information Things that are vulnerable through ICTInformation Information Security Cyber Security
  • 12. 2. Cyber Security Principles CONFIDENTIALITY INTEGRITY AVAILABILITY NON-REPUDATION AUTHENTICATION CYBERSECURITY • Fundamental properties that must be maintained. • These are what we protect
  • 13. Authentication Non-repudiation •The ability to verify the identity of an individual or entity. Authentication is entity oriented. •The ability to correlate, with high certainty, a recorded action with its originating individual or entity. Non- repudiation is entity oriented 2.2. Authentication (2FA/TFA) & securing data at rest and in transit
  • 14. 2.3. Best practices for office and remote users 1. Balance Protection With Utility 2. Split Up the Users and Resources 3. Assign Minimum Privileges 4. Use Independent Defenses 5. Plan for Failure 6. Record, Record, Record 7. Run Frequent Tests
  • 15. 3.1. Lifecycle management landscape Seed And Development Startup Growth And Establishment Expansion Maturity And Possible Exit 3. Information Security (IS) within Lifecycle Management of business systems
  • 16. 3.2. Security architecture processes Phase 1: Conducting Security Assessments Phase 5: Integration of Security Practices to Maintain Secure Status Phase 3: Construction of Policies and Procedures Phase 2: Formulation of Target Security Architecture Designs Phase 4: Implementation of Target Security Architecture Design
  • 17. 3.2. Security Architecture Lifecycle Policy, Standards, Process, Metrics, Assurance Architectural Risk Analysis Security Architecture & Design Implementation Operations & Monitoring
  • 18. 3.3. Security architecture tools Process Defence in Depth Metrics SDL Identity Management Vulnerability Management Threat Management Data Application Host Network Risk Metrics Enterprise Reporting Domain Metrics Assurance Policy & Standards Risk Management Security Architecture Goals
  • 19. Why you should get true professional guidance? Conducting technical investigations Providing resourcing and response expertise Performing cyber security analysis
  • 20. 3.4. Lifecycle management concepts ECONOMY Profit ENVIRNOMENT Planet SOCIATY People Livability Eco-efficiencyEquity SUSTAINABILITY
  • 21. 2.1. Confidentiality, Integrity, & Availability Confidentiality represents a set of rules that limits access to information, Integrity is the assurance that the information is accurate, and Availability is a guarantee of reliable access to the information by authorized people.
  • 22. NIST FRAMEWORK This voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity- related risk. The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.
  • 23. 4. RISKS & VULNERABILITIES 4.1. Basics of risk management Risks • Business disruption • Financial losses • Loss of privacy • Damage to reputation • Loss of confidence • Legal penalties • Impaired growth • Loss of life Vulnerabilities • Software bugs • Broken processes • Ineffective controls • Hardware flaws • Business change • Legacy systems • inadequate BCP • Human error
  • 24. The critical components of your business 1. Technical infrastructure that supports your critical assets 2. Cyber security landscape relevant to your organization 3. Different types of cyber security threats that you are concerned about 4. Sources of these threats, such as organized crime syndicates, state-sponsored organizations, extremist groups, hacktivists, insiders – or a combination of these 5. Possible threat vectors for attacks to exploit 6. Vulnerabilities to each particular threat
  • 25. 4.2. What can you do to minimize risk? 1 2 3 4 5 Start with a cyber security baseline All organizations face risks, no matter the size Accept some risk Think about situations in which you could be compromised Understand what you care about, and why 6 7 8 9 Balance cyber risks against other types of risk Learn from security solutions used by other organizations Keep an eye out for cyber security myths Be aware of the strengths and weaknesses of risk management techniques
  • 26. What are the biggest threats? • Theft or unauthorized access of hardware, computers and mobile devices • Infect computers with viruses and malware • Attack your technology or website • Attack third party systems • Spam you with emails containing viruses • Gain access to information through your employees
  • 27. What does the organization value most? • Customer records • Personal information • Financial records • Business plans • New business ideas • Marketing plans • Intellectual properties • Product design • Patent applications • Employee records
  • 28. What kind of attack would be the most damaging to the organization? • from theft of money, information, disruption to businessFinancial loss • damage to reputation, damage to other companies you rely on to do businessBusiness loss • getting your affected systems up and running Costs • time notifying the relevant authorities and institutions of the incidentInvestment loss
  • 29. Angry employees Dishonest employees Criminals Governments Terrorist The press Competitors Hackers 4.3. Operational threat environments
  • 30. Conduct a criticality assessment 1 2 3 4 5 Defining their critical information assets Determining which cyber security threats are most likely to affect these critical information assets Determining the likely (or actual) level of business impact associated with a possible cyber security incident Raising awareness about the need for an effective cyber security response capability Applying the relevant management or technical controls to reduce the likelihood and impact of cyber security incidents affecting their critical information assets
  • 31. Classes of attacks 1 2 3 4 5 6 7 8 9 10 Phishing Trojans, Botnets, Wiper Attacks Distributed Denial of Service (DDoS) Ransomware Man in the Middle (MITM) Spyware/Malware Theft of Money Data Manipulation and Destruction Intellectual Property Theft Rogue or Unpatched Software
  • 32. Who could be a threat to your business? criminals clients you do business with business competitors current or former employees
  • 33. Data Collection Identifying the Scope Analysis of Policies and Procedures Threat Analysis Vulnerability Analysis Correlation and assessment of Risk Acceptability 5. PLANNING YOUR CYBER SECURITY PROGRAM
  • 34. This presentation – Cyber Security for Non-Tech Exec, 5.1. Templates for Immediate use WWW.LINKEDIN.COM/IN/ROGERSWANSON (SLIDESHARE) DR Checklist – action items listed for planning https://www.slideshare.net/roger_swanson/12-point-disaster-checklist Project Management - Cyber Planning NIST CSPW 04162018 https://www.slideshare.net/roger_swanson/framework-for- improving-critical-infrastructure-cybersecurity- nistcswp04162018
  • 35. Cyber Security Program Development This essential guide, with its dozens of examples and case studies, breaks down every element of the development and management of a cybersecurity program for the executive. https://www.linkedin.com/in/chrismoschovitis/
  • 36. CIA Triad - Confidentiality, Integrity, & Availability Confidentiality represents a set of rules that limits access to information, Integrity is the assurance that the information is accurate, and Availability is a guarantee of reliable access to the information by authorized people.
  • 37. NIST FRAMEWORK Cybersecurity Enhancement Act of 2014 – CEA updated the role of the National Institute of Standards and Technology (NIST) to “facilitate and support the development of” cybersecurity risk frameworks”. Through CEA, NIST must identify: “a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls that may be voluntarily adopted by owners and operators of critical infrastructure to help them identify, assess, and manage cyber risks.”
  • 38. NIST FRAMEWORK Cybersecurity Enhancement Act of 2014 – CEA updated the role of the National Institute of Standards and Technology (NIST) to “facilitate and support the development of” cybersecurity risk frameworks”. Through CEA, NIST must identify: “a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls that may be voluntarily adopted by owners and operators of critical infrastructure to help them identify, assess, and manage cyber risks.” Copy this short cut to watch video - bit.ly/NIST-VIDEO-FRAMEWORK
  • 39. NIST FRAMEWORK This voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity- related risk. The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.
  • 40. NIST FRAMEWORK The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Implementation Tiers, and the Framework Profiles
  • 41. NIST FRAMEWORK Framework Core, provides a set of activities to achieve specific cybersecurity outcomes, and references examples of guidance to achieve those outcomes. These are call Functions they are used to help manage risk to show impact of investments in cyber security .
  • 43. NIST FRAMEWORK Implementation Tiers – The Framework Implementation Tiers (“Tiers”) provide context on how an organization views cybersecurity risk and the processes in place to manage that risk. Ranging from Partial (Tier 1) to Adaptive (Tier 4), Tiers describe an increasing degree of rigor and sophistication in cybersecurity risk management practices. Implementation Tiers: Tier 1 = not formalized, ad hoc Tier 2 = aware not established Tier 3 = formally approved, implemented Tier 4 = formal program, using predictive & risk informed tools with advanced adaptive response to threats
  • 44. NIST FRAMEWORK Framework Profiles The Framework Profile (“Profile”) is the alignment of the Functions, Categories, and Subcategories with the business requirements, risk tolerance, and resources of the organization Supporting Risk Management with the Framework
  • 45. NIST FRAMEWORK There are several governance stakeholders common to most organizations that span an organization. These stakeholders include senior leadership, a CIO, information security personnel, and a chief financial officer (CFO), among others. The specific requirements of each role may differ with the degree of information security governance centralization or in response to the specific missions and needs of an organization.
  • 46. NIST FRAMEWORK Initiation Phase – All information technology (IT) projects have a starting point. During the initiation phase, the organization establishes the need for a particular system and documents its purpose.
  • 47. NIST FRAMEWORK Development/Acquisition Phase - During this phase, the system is designed, purchased, programmed, developed, or otherwise constructed. This phase often consists of other defined cycles, such as the system development cycle or the acquisition cycle.
  • 48. NIST FRAMEWORK Implementation Phase – In the implementation phase, the organization configures and enables system security features, tests the functionality of these features, installs or implements the system, and finally, obtains a formal authorization to operate the system.
  • 49. NIST FRAMEWORK Operations/Maintenance Phase – The organization should continuously monitor performance of the system to ensure that it is consistent with pre-established user and security requirements, and needed system modifications are incorporated.
  • 50. NIST FRAMEWORK Disposal Phase – The disposal phase of the system life cycle refers to the process of preserving (if applicable) and discarding system information, hardware, and software
  • 51. NIST IR 8170 FRAMEWORK The Cybersecurity Framework Implementation Guidance for Federal Agencies SP 800-37, Guide for Applying the Risk Management Framework to Federal 666 Information Systems,
  • 52. The Cybersecurity Framework Implementation Guidance This report illustrates eight use cases in which federal agencies can leverage the Cybersecurity Framework to address common cybersecurity- related responsibilities.
  • 53. The Cybersecurity Framework Implementation Guidance 1. Integrate Enterprise and Cybersecurity Risk Management 2. Manage Cybersecurity Requirements 3. Integrate and Align Cybersecurity and Acquisition 4. Evaluate Organizational Cybersecurity 5. Manage the Cybersecurity Program 6. Maintain a Comprehensive Understanding of Cyber Risks 7. Report Cybersecurity Risks 8. Inform the Tailoring Process
  • 54. 5.2. Evaluating exposure for Risks & Vulnerabilities 1 2 3 Technical infrastructure that supports your critical assets Cyber security landscape relevant to your organization Different types of cyber security threats that you are concerned about 4 5 6 Possible threat vectors for attacks to exploit Sources of these threats Vulnerabilities to each particular threat
  • 55. 5.3. Action items and next step All federal agencies are charged and entrusted with safeguarding the information that is contained in their systems and with ensuring that these systems operate securely and reliably. http://bit.ly/NISTIR-8170
  • 56. 6.1. Who do you contact if you suspect a problem People within the Organization Law Enforcement The Department of Homeland Security Other Potential Victims 6. INCIDENT RESPONSE
  • 57. 6.2. SEIM (Security Emergency Implementation Management) Plan Step 1 Identify cyber security incident Step 2 . Define objectives and investigate situation Step 3 . Take appropriate action Step 4 . Recover systems, data and connectivity
  • 59. 6.4. Best steps for remediation Investigate the incident more thoroughly Step1 Report the incident to relevant stakeholders Step2 Carry out a post incident review Step3 Perform trend analysis Step6 Communicate and build on lessons learnt Step4 Update key information, controls and processes Step5
  • 61. 6.5. Ongoing protection/prevention • Develop clear policies and procedures for your business and employees. • Produce a cyber security incident response management plan • Train new and existing staff on your cyber security policies and procedures • Keep your computers, website and Point-of-Sale (POS) systems up-to-date • Ensure you back-up important data and information regularly
  • 62. Methodology Our Solutions are designed to protect every aspect of your IT infrastructure. Our cyclical approach allows us to assist at any point in your company’s security process. • Assess - Discover Strengths & Vulnerabilities • Design - Create & Plan Strategies • Build - Construct Intuitive Solutions • Secure - Protect Valuable Assets • Manage - Complete Systems Support
  • 63. Locations: Corporate Charlotte Office 3401 Vardell Lane, Suite D Charlotte, NC 28217 Phone: 704.831.2500 Email: sales@at-net.net Atlanta, GA Office Phone: 866.275.4734 Charleston, SC Office Phone: 843.576.3773 Columbia, SC Office Phone: 803.929.5372 Greenville, SC Office Phone: 864.679.0006 Knoxville, TN Office Phone: 866.708.0886 Washington, DC Office Phone: 877.734.4364
  • 65. CYBER SECURITY FOR NON-TECHNICAL EXECUTIVE ROGER.SWANSON@EXPERTIP.NET / 843-576-3773 @ROGER_SWANSON HTTPS://WWW.LINKEDIN.COM/IN/ROGERSWANSON