it security for nonprofits 101

Post on 04-Jul-2015

190 Views

Category:

Technology

0 Downloads

Preview:

Click to see full reader

DESCRIPTION

An introduction to IT security for Nonprofit organizations

TRANSCRIPT

An Introduction

IT Security for Nonprofits 101

Ove

rvie

w o

f Se

ssio

n1. Introductions2. The Security Landscape3. 7 Easy Steps to Be More Secure4. Resource Sharing5. Q/A

Questions Sprinkled Throughout

Intr

od

uct

ion

s1. Name2. Organization3. Mission4. Approx. Number of Staff5. Why are you here?

• Get some idea of what security is about• It’s something I need to know about• Other reason?

User Oriented Levels of Security

Web

Cloud

Network (WAN)

Network (LAN)

Workstation + Mobile

Bal

anci

ng

Ne

ed

sSecurity is all about Balance

The Iron Triangle• Cost• Time• Quality

Main Factors for Most Groups

• Limited Budget + Lack of Awareness• Forget to sharpen the saw• No good sources for information

What has your experience been with balancing needs?

Question

Ove

rvie

wSeven Steps to a More Secure Organization

1. Keep All Software Updated2. Get Enterprise Antivirus3. Cultivate Aware Users4. Balance Privacy, Security, and Productivity5. Know Your Compliance Needs6. Establish a Strong Password Policy7. Stay Informed

1. K

ee

p S

oft

war

e U

pd

ate

dWorkstation Software Updates

• OS (Windows, Mac OS X)• Microsoft Office• Adobe (Acrobat, Flash, Air)• Browsers (Chrome, Firefox, IE)• Email Client (Outlook, Thunderbird)• Anti-Virus/Anti-Malware/Anti-Spyware• iTunes and Device Firmware• Remote Access/VPN

1. K

ee

p S

oft

war

e U

pd

ate

dServer Software Updates

• BIOS• Device Drivers (Especially RAID)• Windows Server• Exchange Server (Email)• SQL Server (Database)• Endpoint Protection (such as Symantec)• Backup Software (such as BackupExec)• Proprietary Systems

How does your team handle updates?

Question

2. G

et E

nte

rpri

se A

nti

viru

sTechsoup – Symantec Endpoint Protection

• $5/system• Server-based Management Option• Integrates with BackupExec• Anti-virus• Anti-malware• Anti-spyware• Firewall (Software)• Protect ALL Systems (Incl. Volunteer, etc)

What is your anti-virus experience? Product story?

Question

3. C

ult

ivat

e A

war

e U

sers

Everyone is responsible for security!

• Know your software• Read prompts, don’t just click Ok• Installation Approval Process• Dangers of USB Drives, Mobiles, iPods, etc• Explain why, not just how and what• Recruit your tech savvy users to help• Encourage them to speak up!

How does your organization cultivate an aware team?

Question

4. P

riva

cy, S

ecu

rity

, Pro

du

ctiv

ity Balance is the key to Security

• Be Real - If it ain’t used, it don’t work!• Be Honest – Tell users what to expect• Privacy – Tell users what you monitor• Balance Risk Prevention vs Recovery• Address Complaints with solutions

What are your privacy concerns (org and individual)?

Question

5. C

om

plia

nce

Know Your Compliance Needs

• PCI (Payment Processing)• HIPAA (Medical Information)• SAS70• SSAE16• Funder/Grant Requirements

6. S

tro

ng

Pas

swo

rd P

olic

ySecure Passwords:• At least 8 characters• At least one each of:

• Uppercase Letter• Lowercase Letter• Number• Symbol (!@#$%^&*())

Example: P@ssw0rdsSuck!

6. S

tro

ng

Pas

swo

rd P

olic

yUse a password database for ease• KeePass (Free and Open Source)• SplashID (Syncs between devices)

Use browsers to store passwords• Set master password• Only on your system (which is password

protected)

Protect your systems and devices

Question

What tips can you share for password success?

7. S

tay

Info

rme

dTop Resources for Security Information

• NTEN• US CERT• Symantec• Techrepublic• Techsoup Security Forum*• http://501cybersecurity.com/*• EDUCAUSE*

* Thanks to Robert Weiner for these resources

Question

What resources do you recommend?

Qu

est

ion

s, A

nsw

ers

, Dis

cuss

ion

Questions?

Sean Watson

sean@techeffectrocks.org919-373-4234

top related