cyber security for growing organizations...cyber security for growing organizations action plan for...
TRANSCRIPT
Cyber Security For Growing OrganizationsAction Plan For Executives
Presented by Steve Meek, CISSP
Copyright © 2019 The Fulcrum Group Inc.
Agenda
Cybersecurity news
Risk Management
What to do
Giveaway
Copyright © 2019 The Fulcrum Group Inc.
About Me?
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group Inc.
Cybersecurity News
Center for Internet Security- May 2019.
Copyright © 2019 The Fulcrum Group Inc.
Cybersecurity News
Copyright © 2019 The Fulcrum Group Inc.
Cybersecurity News
Common threats
Business Email Compromise
Digital Extortion
Ransomware
Crypto-mining
False sense of security
Verizon 2019 DBIR
Copyright © 2019 The Fulcrum Group Inc.
Risk Management
Security Events
Security Incidents
Data Breaches
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group Inc.
Risk Management
Risk Matrix
Likelihood- probability
that a risk can occur
Impact- potential effect on
the organizationExtremely
Harmful
Harmful Slightly
Harmful
Highly
Likely
Likely
Unlikely
40%
30%
Impact
Lik
eli
ho
od
Copyright © 2019 The Fulcrum Group Inc.
Risk Management
Different types of security
Doors
Windows
Locks
Fence
Alarm
Motion Sensor
Crime Watch
Monitoring
Dog
Gun(s)
Police
Insurance
Protect Detect Respond
Copyright © 2019 The Fulcrum Group Inc.
Risk Management
The National Institute of Standards and Technology
(NIST) Guidance
Copyright © 2019 The Fulcrum Group Inc.
Risk Management
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group Inc.
What to do?
Left of Boom Right of Boom
Risk assessments
Vulnerability scanning
Penetration testing
Compliance review
Firewalls
Anti-virus
Email filtering
IDS/IPS
Security Operations
Incident Response
Remediation
Forensics
Secure Workforce and Cyber Security Insurance
Copyright © 2019 The Fulcrum Group Inc.
What to do?
Center for
Internet
Security
Copyright © 2019 The Fulcrum Group Inc.
What to do- Exercise
SMB Security Maturity Model
Identify Protect Detect Respond Recover
Exec involvement
Hardware/software
Basic policies
Advanced policies
Threat intelligence
Risk assessment
Standards/
procedures
Key data
repositories
Third-party eval.
1
3
5
Physical security
Secure configs
Patch OS, A/V, f/w,
email filter
Security
awareness
Admin control
NGFW, URL, MFA
Secure network
Simulated phishing
Encryption at
rest/in transit
High availability
Logging configured
Owner
Network monitoring
Security
information and
event management
Log review
Continuous
security monitoring
Lessons learned
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group Inc.
What to do- Full
SMB Security Maturity Model
Identify Protect Detect Respond Recover
Who’s
responsible
Communication
Data
classification
Basic incident
response
Tracking
Analysis/mitigation
Detailed IRP/ SIRT
Work lessons
learned
Server backups
Cloud protections
PC/device
recover
Business impact
assessment
Basic recovery
plan
Lessons learned
Detailed recovery
Tested recovery
Manage retention,
recovery times
Copyright © 2019 The Fulcrum Group Inc.
Summary
Use threat intelligence to know
risks
Be the leader your organization
needs
Beware a false sense of
security
Identify key assets and data
repositories
Work both left and right of boom
Make detection a key security
effort
Copyright © 2019 The Fulcrum Group Inc.
Giveaway
The Fulcrum Group, Inc.
5751 Kroger Drive, Suite 279,
Fort Worth, TX 76244
Phone: 817-337-0300
Support Desk: 817-898-1277
Web: www.fulcrum.pro
Copyright © 2019 The Fulcrum Group Inc.
SMB LinksNational Cyber Awareness System
Alerts https://www.us-
cert.gov/ncas/alerts
2019 Data Breach Investigations Report
https://enterprise.verizon.com/resources
/reports/dbir/
National Institute of Standards and
Technology
https://www.nist.gov/cyberframework/sm
all-and-medium-business-resources
CIS® (Center for Internet Security, Inc.)
https://www.cisecurity.org/controls/
Global Cyber Alliance (GCA) toolkit
https://gcatoolkit.org/smallbusiness/
Ghost In The Wires: My Adventures as
the World's Most Wanted Hacker by
Kevin Mitnick