Upload
william-mcborrough
View
227
Download
1
Embed Size (px)
Citation preview
Cybersecurity Webinar Series5 Steps to Managing your Risks
“Size Doesn’t Matter”
Presenter• William J McBorrough, MSIA, CISSP, CISA, CRISC, CEH, CCSFP• Managing Principal, MCGlobalTech• 17 years Information Security Professional• 9 years Adjunct College Professor• Security and Risk Management “Expert”• Small Business Owner
The PROBLEM is Real• FACT: Cyber attacks on small business
are on the rise
• FACT: The impact to a small business is much greater than larger counterparts.
• FACT: Most small businesses aren’t prepared to face this reality.
The PROBLEM is Real
• Small Businesses are in denial when it comes to cyber risks. Common excuses are:
• “We’re too small.” • “We can’t afford it.”• “It’s too complicated.”• “Our IT guy is taking care of it.”
• But that’s not all, is it?• More pressing priorities• Competing demands on
time, resources and energy
Sources of Cyber Information
Security Vendors want to see their products.“If I’m selling hammers, I’m only interested inyour nails. I’m not concerned with the fact thatyour screws are all falling out” - WJM
News media reports are focused on sensational stories. Large brand names. Millions of affected users. A small business getting hacked is not sexy.
Risk Driven vs. Controls Focused
Security “Technology”
Risk Management “Business”
Case Study - Size Doesn’t Matter
Meet SamSolopreneur = Sam, Inc!
“Always on the Go!” “No office space.” “No Infrastrure” ”No Employees” ”No Security Program”
Risk Management Step 1
1. Identify Critical Asset
• Communication• (Calls, Email, Text, Social Media,etc)
• Data • (Contacts, emails, files, Photos, Videos,
etc)• Apps
• (Productivity, Financial, etc)
Risk Management Step 2
1. Identify Critical Assets2. Identify Threats
I. Gravity, Clumsy Fingers
II. Thieves, Faulty Memory
III. Shoulder surfers, Nosy people
IV. Software bugs
Risk Management Step 3
1. Identify Critical Assets2. Identify Threats3. Identify Vulnerabilities
I. Glass screen - Scratches, Cracks, Breaks
II. Small, portable - Easy to conceal, lose track of
III. Screen visible from above, sides
IV. Poor Software Development, Testing - Vendor
Risk Management Step 4
1. Identify Critical Assets2. Identify Threats3. Identify Vulnerabilities4. Assess Risks
I. HighII. HighIII. MediumIV. Low
Likelihood = Probability of threat exploiting VulnerabilityConsequences = Impact to businessRisk = Likelihood of Consequence
Risk Management Step 5
1. Identify Critical Assets2. Identify Threats3. Identify Vulnerabilities4. Assess Risks5. Manage Risk( Avoid, Mitigate, Transfer,
Accept)I. Mitigate - Purchase Case, Screen
CoverII. Mitigate, Transfer - Password,
Backup, Location Service/App, Insurance,
III. Mitigate - Privacy screen, BehaviorIV. Accept - Delay upgrades? Oh wellV. Avoid - Toss phone out the window
Now that you know…..
1. Have you identified your business critical assets?
2. Have to thought about the threats that may affect them and adversely impact your business?
3. Have you looked for where your assets might be susceptible to those threats?
4. Have you assessed the risk by considering the potential likelihood and impact to your business?
5. Have you made an informed, conscious decision in line with your business mission and needs about your risk?
Key Takeaways
Size doesn’t matter.
Your “IT Guy” can’t do this for you.
It doesn’t have to be expensive and complicated.
We can help.
QUESTIONS
About Us
MCGlobalTech– Mission Critical Global Technology Group (MCGlobalTech) is
a minority owned, small business founded by industry leaders to provide strategic advisory and security consulting services to public and private sector business managers to better align technology and security programs with organizational mission and business goals.
– The Principals at MCGlobalTech have been providing Information Security services to the Federal Government and the private sector for over 25 years
Our Values
At MCGlobalTech, we believe that strong values create long term relationships with our customers, employees, partners and the communities we serve. At the heart of everything we do, our corporate values are:– Providing customer satisfaction– Delivering innovative solutions – Empowering staff for success– Promoting Entrepreneurial spirit – Maintaining technical excellence MCGlobalTech
Staff
SkillsSuccess
What we offer
MCGlobalTech is able to provide our customers with innovative, mission-critical solutions in a broad variety of technologies. We consider the following our core competencies:– Information Assurance (Security Authorization)– Vulnerability Management– Security Risk Management– Security Engineering– Penetration Testing– Network Security
Contact Us
Mission Critical Global Technology Group1325 G Street, NW
Suite 500Washington, District of Columbia 20005
Phone: 202.355.9448Email: [email protected]
William J. McBorrough
Sales DivisionCo-Founder/Managing Principal Corporate [email protected]
[email protected] (202) 355-9448 x101
(202) 355-9448 x200(571) 249-4677 (cell)