View
176
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
© 2014 JurInnov, Ltd. All Rights Reserved
February 27, 2014
Security Awareness: 360 degree empowerment for cyber defense
Dr. Eric VanderburgDirector, Cybersecurity and Information [email protected]@evanderburg216-664-1100
© 2014 JurInnov, Ltd. All Rights Reserved 2
JurInnov: We know data. We…
Protect it from harm Document it for evidence
Obtain for discovery Organize it for litigation
Forensics
eDiscovery Lit Support
Cyber Security
© 2014 JurInnov, Ltd. All Rights Reserved 3
Cybersecurity Maturity: Where are You?
Ad Hoc
Developing
Practicing
OptimizingLeading
Elements of Effective CybersecurityCulture of SecurityLegal RequirementsTraining and EducationPolicy, Procedure and ControlsMonitor and AuditingResponse and DocumentationInformation ManagementAccountability
• Informal• Reactive• Inconsistent performance
• Likely repeatable• Some consistency• Lacks rigorous process discipline
• Defined controls• Documented standards• Consistent performance
• Effective controls• Uses process metrics• Targeted improvement
• Integrated strategies• Innovative changes• Seamless controls
© 2014 JurInnov, Ltd. All Rights Reserved 4
Process
Technology
People
10%
90%
How Security is comprised
© 2014 JurInnov, Ltd. All Rights Reserved 5
Computer Use
• Secure browsing• Popups and warnings• Certificate errors• Suspicious links
© 2014 JurInnov, Ltd. All Rights Reserved 6
It’s ok to discriminate against data
• You can’t treat it all the same– PHI– Personal information– Financial information– Trade secrets– Public information
• Where is all the data?– Head, paper, computer, server, backup, email
• What if we got rid of it?
© 2014 JurInnov, Ltd. All Rights Reserved 7
Malware
• Viruses– Detection– Defense
© 2014 JurInnov, Ltd. All Rights Reserved 8
Phishing
• Email• Text• Chat• Craigslist• Dating sites
© 2014 JurInnov, Ltd. All Rights Reserved 9
Passwords
• Passwords are like underwear– Change them often– Showing them to others can get you in trouble– Don’t leave them lying around
• Use different passwords for different purposes• Complexity• Passphrase• http://www.passwordmeter.com/
© 2014 JurInnov, Ltd. All Rights Reserved 10
Things your mother probably told you
• Don’t accept candy from strangers– Infected devices
• It’s ok to ask questions– Challenge
• Don’t leave your things lying around– Clean desk and locked screen
• Be careful who your friends are– Social networking
© 2014 JurInnov, Ltd. All Rights Reserved 11
• Priorities• Roles and
responsibilities• Targeted
capabilities• Specific goals
(timeframe)
InfoSecStrategy
BusinessStrategy
• Core values• Purpose• Capabilities• Client promise• Business targets• Specific goals• Initiatives• Action items• Assignments and
accountabilities
Business Integration
© 2014 JurInnov, Ltd. All Rights Reserved 12
Q&A
Don’t be shy…