theresa payton take away packet
DESCRIPTION
Do you remember what you were doing 416 days ago? According to a recent security report from Mandiant, it takes more than a year before the average company realizes it has been a cybercrime target. Cybercrime expert Theresa Payton provides an overview of emerging security threats facing U.S. businesses as well as the latest developments in how companies can safeguard their brand, assets, information, intellectual property, and finances to prevent the worst-case scenario from happening. Payton also shares actionable and strategic solutions to stop hackers, saboteurs, fraudsters, and cybercriminals in their tracks, while describing ways businesses can combat “homegrown” insider threats. >> Faculty: Theresa Payton, Founder, FortaliceTRANSCRIPT
Plan of Attack| 5 Step Plan
Training
Policies and Procedures
Prac0cing Digital Doomsday
Technology Tuning
Security in the Supply Chain
80/20 Rule| 2 Steps = Biggest Impact
Best Practices & Improved Security Policies
Informed, Aware & Engaged Employees
Technology Improvements
Gov’t Regulation & Law Enforcement
58% 20% 18% 4%
2012 Bit9 Cyber Security Research Report
Back at the Office| Actions Basics Top Digital Assets – Who are they? Training Policies and Procedures Patches Configurations Hardening Encryption of PHI emails Encryption of data
Back at the Office| Actions
Password protect
Never loan devices or WiFi
Treat old devices and back up informa:on like gold
Timeout feature
4 TIPS TO REMEMBER
Back at the Office| Actions Next Phase Incident Management Disaster Recovery Digital Disaster Technology Tuning Supply Chain Review
Back at the Office| Actions
• Check the box! DANGER! Trap: Focusing on
regulatory compliance instead of comprehensive
security.
• Looks good but is it safe? A lack of security features
consistently built into elderly care and health care
systems.
• 411 Breakdown: Capability gap for sharing
information on cybersecurity and other issues.
• No Measurements: Lack of metrics for evaluating
cybersecurity.
Next Steps | Let’s Get to Work!
5 Things… • Training – just say NO to CBT only • Document IT AND End User policies and procedures • Where will your team get stuck during the digital
doomsday exercise? • 90% of our clients last year had the core technology they
needed but… • You are the weakest link? No!
Next Steps | Practice Makes Perfect Here’s your next staff meeting agenda Current State Assessment – Spend Dedicated Time Discussing: What security measures are in place? What do they protect? How vulnerable are you? How vulnerable are your clients? What client communication and response plans exist? Do you test incident management plans using plausible scenarios? Options Analysis What could be done within the next 90 days to improve security? How would your company respond to losing intellectual property,
internal emails posted on a public website, or worse? How can each security layer be enhanced, at what cost and at what
impact to productivity?
Next Steps | Practice Makes Perfect
Staff Meeting - Practice the Disaster Name Your Worst Digital Nightmare: Digital death, what happened? Go around the room and ask the team to tell you the
escalation plan and their list of actions. Do you know who to call? Do you know what to do? How do you stop the bad guys from taking more? Do you need outside help? Time yourself…how long does it take before you create a
plan of action?
Next Steps | Practice Makes Perfect
Supply Chain Security – 8 Vendor Checkpoints Information Security Identity Management Endpoint and Server Security Gateway and Network Security Web and Application Security Physical and Personnel Security Security Management Intellectual Property, Customer Information, and Financial
Transaction Security
Next Steps | Practice Makes Perfect
Supply Chain Security –Vendor Must Answer: Chain of Custody Least Privilege Access Separation of Duties Tamper Resistance and Evidence Persistent Compliance Management Code Testing and Verification Trusted and Vetted Staff
Next Steps | Cloud in your future?
Draw up the Pre-Nup First! When you “break up” what are their sanitization policies so
you get your data back and they don’t have your digital footprints?
Need a “Go to guide”? Try NIST: NIST Cloud Computing Reference Architecture SP 500-292