© 2014 JurInnov, Ltd. All Rights Reserved

February 27, 2014

Security Awareness: 360 degree empowerment for cyber defense

Dr. Eric VanderburgDirector, Cybersecurity and Information Systemseav@jurinnov.com@evanderburg216-664-1100

© 2014 JurInnov, Ltd. All Rights Reserved 2

JurInnov: We know data. We…

Protect it from harm Document it for evidence

Obtain for discovery Organize it for litigation

Forensics

eDiscovery Lit Support

Cyber Security

© 2014 JurInnov, Ltd. All Rights Reserved 3

Cybersecurity Maturity: Where are You?

Ad Hoc

Developing

Practicing

OptimizingLeading

Elements of Effective CybersecurityCulture of SecurityLegal RequirementsTraining and EducationPolicy, Procedure and ControlsMonitor and AuditingResponse and DocumentationInformation ManagementAccountability

• Informal• Reactive• Inconsistent performance

• Likely repeatable• Some consistency• Lacks rigorous process discipline

• Defined controls• Documented standards• Consistent performance

• Effective controls• Uses process metrics• Targeted improvement

• Integrated strategies• Innovative changes• Seamless controls

© 2014 JurInnov, Ltd. All Rights Reserved 4

Process

Technology

People

10%

90%

How Security is comprised

© 2014 JurInnov, Ltd. All Rights Reserved 5

Computer Use

• Secure browsing• Popups and warnings• Certificate errors• Suspicious links

© 2014 JurInnov, Ltd. All Rights Reserved 6

It’s ok to discriminate against data

• You can’t treat it all the same– PHI– Personal information– Financial information– Trade secrets– Public information

• Where is all the data?– Head, paper, computer, server, backup, email

• What if we got rid of it?

© 2014 JurInnov, Ltd. All Rights Reserved 7

Malware

• Viruses– Detection– Defense

© 2014 JurInnov, Ltd. All Rights Reserved 8

Phishing

• Email• Text• Chat• Craigslist• Dating sites

© 2014 JurInnov, Ltd. All Rights Reserved 9

Passwords

• Passwords are like underwear– Change them often– Showing them to others can get you in trouble– Don’t leave them lying around

• Use different passwords for different purposes• Complexity• Passphrase• http://www.passwordmeter.com/

© 2014 JurInnov, Ltd. All Rights Reserved 10

Things your mother probably told you

• Don’t accept candy from strangers– Infected devices

• It’s ok to ask questions– Challenge

• Don’t leave your things lying around– Clean desk and locked screen

• Be careful who your friends are– Social networking

© 2014 JurInnov, Ltd. All Rights Reserved 11

• Priorities• Roles and

responsibilities• Targeted

capabilities• Specific goals

(timeframe)

InfoSecStrategy

BusinessStrategy

• Core values• Purpose• Capabilities• Client promise• Business targets• Specific goals• Initiatives• Action items• Assignments and

accountabilities

Business Integration

© 2014 JurInnov, Ltd. All Rights Reserved 12

Q&A

Don’t be shy…