SlideShare ist ein Scribd-Unternehmen logo

For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf

J
JustinBrown267905

Presentation from 2/9/23 Cybersecurity Frameworks, Fundamentals, and Foundations

Technologie
1 von 71
Downloaden Sie, um offline zu lesen
Cybersecurity: Frameworks, Fundamentals, and Foundations A Journey towards Improved Security 02.09.2023
RoundTable Technology is a strategic partner who will work with your organization to help you leverage technology to fulfill your mission. We understand what it's like to be a nonprofit, working with limited resources, budget, and people. That's why we only hire personnel that are themselves driven by serving those who serve. We are currently supporting over 200 nonprofit clients and helping them get their technology under control.
Destiny Bowers vCISO Nice to meet you.
POLL #1 What brought you here today?
Foundations: Where to Start
A Little Jargon Framework: A framework is high level structure that outlines what your program looks like and is responsible for. Designed to create a common language for managing risk within a company Control: Cybersecurity controls are the countermeasures that companies implement to detect, prevent, reduce, or counteract security risks Standard: Collections of best practices created by experts to protect organizations from cyber threats and help improve their cybersecurity posture Regulations: Have a legal binding impact. The way they describe how something should be performed indicates government and public support for the rules and processes set forth in the regulation (HIPAA, GDPR)
What is Driving the Need for Cybersecurity? Laws: NYS SHIELD, GDPR, CCPA, TMRPA Compliance/Regulations: HIPAA, PCI Insurance Companies Auditors Data Privacy Partners Pandemics Oh, and cyber criminals!
Know What You Have
Threat Modeling Good security decisions begin with assessing your security posture. To start, ask yourself the following questions: 1. What do I want to protect? 2. Who do I want to protect it from? 3. How likely is it that I’ll need to protect it? 4. How bad are the consequences if I fail? 5. How much trouble am I willing to go through to try to prevent potential consequences? Source: https://ssd.eff.org/module/seven-steps-digital-security
Imagine if a hacker gained access to… the email account of a staff member with authority to direct other staff members, or communicate with a client or partner. Imagine your reputational damage if… your connections to other partners or customers was exploited leading to their breach. Imagine the disruption to your business… if all of your files and records disappeared suddenly and your systems used were inaccessible.
The Fork in the Road - Ambiguity
Fundamentals: Planning Your Route Cybersecurity is a garden of mostly low-hanging fruit.
5 Must Have Security Controls for Cyber Insurance These controls will help satisfy most of the Insurance requirements: 1. Multi-Factor Authentication (MFA) on all systems, Admin accounts and Remote Access 2. Backups 3. Endpoints Detection and Response (EDR) antivirus 4. Patch Management for Endpoints 5. Ongoing Cybersecurity Training for Staff
🍎 Setting and enforcing application controls (Control what applications can do) 🍎 Patching applications (Run updates and use current versions) 🍎 Configuring Microsoft Office Macro settings (keep Macros micro) 🍎 Hardening user applications (Control what web browsers can do) 🍎 Restricting administrative privileges (Keep regular and admin accounts separate) 🍎 Patching operating systems (Run updates and use current versions) 🍎 Using Multi-Factor Authentication (MFA all the way!) 🍎 Ensuring daily backups (including the SaaS and Cloud apps) Source: https://www.cyber.gov.au/acsc/view-all-content/publications/essential-eight-maturity-model Ground Fruit 🐨
Frameworks: Hitting the Road
Your Map
Spin the Wheel, Pick a Cybersecurity Framework (CSF)
National Institute of Standards & Technology - Cybersecurity Framework (NIST CSF) Identify Protect Detect Respond Recover Organizations must identify and classify assets and develop an understanding of their environment, threats, and exposures in order to manage cybersecurity risk to systems, people, assets, data and capabilities. Organizations must develop and implement the appropriate safeguards to prevent, limit or contain impact from potential cybersecurity events. Organizations must implement appropriate measures to quickly identify cybersecurity events. Should a cyber incident occur, organizations must have the ability to contain the impact, implement an effective response, perform all required activities to remediate the incident. Organizations must develop and implement effective activities to restore any capabilities or services that were impaired due to a cybersecurity event and incorporate lessons learned into revised response strategies.
NIST CSF Checklist Identify Protect Detect Respond Recover ● Asset Inventory ● Risk Assessment ● C/I/A ● Data Classification ● Regulatory Compliance ● Threat Modeling ● Defense in Depth ● Network Defense ● Endpoint Protection (EPP) ● SaaS Protection and Zero Trust ● Encryption ● Identity ● Human Layer ● People ● Endpoint Detection and Response (EDR) ● Monitoring and Alerts ● Honeypots ● Scanning (network, dark web, etc.) ● Managed Detection & Response (MDR) ● Extended Detection & Response (XDR) ● SOC/ NOC/ 3rd Party Responders ● Tabletops ● Incident Response Plan ● Cyber Liability Insurance ● Backups ● Business Continuity and Disaster Recovery (BCDR)
Know What You Have Do you know your TechStack? Windows 10 Windows 2008 Server Filemaker Pro Salesforce NPSP Google Workspace Email, calendars & some file sharing File sharing, Active Directory, QuickBooks, Volunteer DB Salesforce Nonprofit Starter Pack for Donor Management Most workstations running Windows 10. Mixed versions of MS Office. 2-8 years old - avg 5 years old. Volunteer Management database - custom built 10+ years ago Shadow IT Misc USB drives, DropBox and rogue Google Accounts
IDENTIFY ASSETS Tangible & Intangible IDENTIFY THREATS & VULNERABILITIES Internal & External ASSESS CURRENT STATE Processes Systems Roles EVALUATE RISKS Business Impact Probability and Impact Assessment Prioritize Risk Mitigation Steps ASSIGN OWNERSHIP Responsible Individual Risk Assessment
C - How bad would it be if the information was exposed? I - How bad would it be if the information was lost? A - How bad would it be if the information was not available? Low - Wouldn’t Care Medium - Not great, but not catastrophic High - Possibly catastrophic CIA Framework / Triad
Source: https://laconteconsulting.com/2018/12/02/calculate-impact-and-probability/ Qualitative Risk Assessment
Quantitative Assessment: The ALE you would prefer not to drink *Source: https://netdiligence.com/wp-content/uploads/2021/03/NetD_2020_Claims_Study_1.2.pdf ● Estimate cost of an incident - $77K* ● Estimate annual probability - 30% ● Calculate Super Simple ALE - 30% of $77K = $23,100 Annual Loss Expectancy - current state - $23,100 Takeaway: If we can reduce probability to 10% through improved cybersecurity, it’s worth over $15,000 in annual loss expectancy reduction.
POLL #2 What cybersecurity measures are you currently taking?
Swiss Cheese Defense-in-Depth for Cybersecurity Recognizing that no single intervention is sufficient to prevent harm Threat Modeling & Risk Assessment Training & Awareness Identity & Authentication Endpoint Protection Policies Testing & Monitoring Preparedness & Incident Response
The Human Layer
Training ● Social Engineering ● Phishing/Smishing/Vishing ● Policies ● Environmental Awareness ● Open Source Intelligence (OSINT) ● Security Culture ● Repeat
Password 123456 Password 45gg$5609932fc% Password I like to eat pickles 2 days a week. Password X9fg44!2 Weaker Stronger Easy to remember Easy to type ) Difficult to remember Difficult to type ● The average person has to logon to over 170+ sites/services and only has 3 to 19 passwords ● Lots of weak, shared passwords (or password patterns) ● Lots of passwords that are easy for adversaries to guess ● One compromise more easily leads to other compromises Think Passphrases - Not Passwords Source: How Secure Is My Password? | Password Strength Checker
Password Managers Allow you to create and easily use unique, strong, perfectly random passwords for each site/service ● Passwords made up by people tend to be guessable within the lifetime of the password, most within hours to days ● User created password needs to be 20-char or longer to be unguessable/uncrackable but a 12-character perfectly random password is unguessable/uncrackable ● Protect against phishing ● Audit your passwords ● Share passwords securely
Source: Multi-Factor Authentication - CyberProtex Multi-Factor Authentication (MFA)
The Technical Layer
Defense-in-Depth
Secure Data Access Model
Organizational Data Lifecycle Management
Device Checklist Antivirus / Anti-malware Current OS and Software Screen Lock Strong Device Password OS and Security Updates Hard drive and device Encryption Website Filters Camera Cover Good home Wifi security
Additional Checklist ❏ Web, Application, and Network Firewalls ❏ Mobile Device Management ❏ Proper Cloud/SaaS Application Configuration ❏ Patching and Updates ❏ Website Updates
POLL #3 When was the last time you provided measurable security awareness training to your staff?
Alerts MS365 Microsoft 365 alert policies - Microsoft Purview (compliance) Real-Time Alerting with Microsoft 365 Alert Policies - Office 365 Reports Google Workspace Configure alert center email notifications - Google Workspace Admin Help
Endpoint Detection & Response (EDR) /Managed Detection & Response (MDR)
Monitoring and Scanning Domain Doppelganger Firefox Monitor / Have I Been Pwned Sucuri SiteCheck Angry IP Scanner Changes in your network | runZero ❏ Identify Look-Alike Domains ❏ Email and Phone Data Breaches ❏ Website Vulnerabilities ❏ Network Scans ❏ Network Monitoring
● Risk Assessment ● Compliance Verification ● Penetration Testing ● Vulnerability Scanning ● Awareness Training ● Endpoint protection ● Firewalls ● IDS/IPS ● AV ● EDR ● WAFs ● Alerts ● Security Operations ● Remediation ● Incident Response & Triage ● Forensics ● Backups
Cyber Defense Matrix
What Is A Tabletop Exercise?
Tabletop Exercise - Objectives Create a safe space Identify gaps in crisis management Identify gaps in current practices
Why Is A Fire Drill Useful?
Have a Plan!
POLL #4 How protected do you feel?
Backups - Cover Your SaaS Your data on the cloud is vulnerable to loss and breaches due to these reasons: Human error: Everyday human errors account for up to 64% of data loss incidents according to Aberdeen research. Employees inevitably delete the wrong email, contacts, or critical configurations. Malicious insiders: Employee action is involved in up to 23% of all electronic crime events, according to the CERT Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute. Illegitimate deletion requests: SaaS providers will honor your deletion request without question. They have no way of knowing if it’s a hasty (or malicious) request and they are not responsible for any unexpected results Malware and viruses: Rogue software can spread mayhem with programmatic efficiency without an active attack from a hacker. Many malware programs and viruses emerge from existing code after hibernation, making them especially hard to defend against. Synchronization errors: Syncing or updating multiple SaaS applications, which is a common software scenario in organizations, is not always seamless and can cause loss of SaaS data. Hackers, Malware, Ransomware, Cryptomining, Phishing: There is an ever-growing list of malware types and scams. Social engineering which target employees with phishing and whaling attacks are proving to be incredibly successful as per Verizon’s data breach report. The damages due to such data breaches are devastating not only in terms of financial loss, but also damage the business’ reputation and cause loss of customers.
Cyber Insurance
Business Continuity and Disaster Recovery BCDR Inventory Example Information Description Location Recovery Point Objective (RPO) Recovery Time Objective (RTO) Recovery Level Objective (RLO) In-place Safeguards Comments What is this information called? Description Where is this information housed? The amount of data at risk. It's determined by the amount of time between backups and reflects the amount of data that potentially could be lost during a disaster recovery. The metric refers to the amount of time it takes to recover from a data loss event and how long it takes to return to service. RTO refers then to the amount of time the system's data is unavailable. This is the level of granularity required for restoration of the selected information. For example, is it sufficient to be able to restore only the entire database from a point in time, or do you require the ability to restore a specific record? What existing protections are in place for the backup and recovery of this data/service? Indicate any changes to be made or questions to investigate. Salesforce CRM database Salesforce (Cloud) 4 hours 24 hours Record level restore Basic Salesforce Retention Review restore options and consider backing up with Spanning Email All organizational email Gmail (G Suite for Nonprofits) 4 hours 4 hours Full single mailbox restore acceptable Spanning.com Satisfactory File Shares All organizational files File Server (in-house) 24 hours 24 hours Individual file restore USB Backup Drives (onsite) Look into offsite backup option with Crashplan or BackBlaze Voice Phone system Dialpad (Cloud) 24 hours 1 hour Full system restore acceptable None Document administrative accounts and authorized personnel Website Organization's website WordPress, hosted at BlueHost 24 hours 1 hour Full site restore acceptable Unknown Speak with BlueHost, gain understanding of backup/restore options and what is already in place
Your Co-Pilot CIS Controls
The CIS Framework was originally developed in 2008 to help small and mid-sized organizations manage complex cybersecurity requirements. This was a change to the discussion from “what should my enterprise do” to “what should we ALL be doing” to improve security. CIS Framework Controls are broken down into three categories. Basic controls, Foundational Controls, and Organizational Controls. CIS Controls are meant to apply easily to any industry or sector. Many CIS controls can be directly mapped back to both NIST and ISO. Center for Internet Security Controls v.8 Source: https://storage.pardot.com/799323/1638289699nZsVAZCD/CIS_Controls_v8_Mapping_to_NIST_CSF_FINAL_06_11_2021.xlsx
Center for Internet Security Controls v.8
CIS Implementation Groups The CIS Controls framework then goes even further to define three implementation groups. ● IG 1 is for organizations with limited resources and cybersecurity expertise. ● IG 2 is for organizations with moderate resources and cybersecurity expertise. ● IG 3 is for mature organizations with significant resources and cybersecurity expertise. Under each of the 18 controls, the CIS Controls framework provides a list of sub-controls, color-coded to indicate which implementation group should be using them. For example, CIS Control 1 “Inventory and Control of Hardware Assets” lists sub-control “Utilize an Active Discovery Tool” is appropriate for Implementation Groups 2 and 3 but considered too much of a burden for Group 1.
CIS Controls Self Assessment Tool (CIS CSAT) Source: https://csat.cisecurity.org/accounts/signup/
CIS Controls Self Assessment Tool (CIS CSAT) Source: https://csat.cisecurity.org/accounts/signup/
● ACSC publications ● Strategies to Mitigate Cyber Security Incidents | Cyber.gov.au ● The 18 CIS Critical Security Controls ● CIS Controls v8 Cloud Companion Guide ● https://learn.cisecurity.org/Establishing-Essential-Cyber-Hygiene ● Top 25 Cybersecurity Frameworks to Consider |… | SecurityScorecard ● Cybersecurity for Small Business | Federal Trade Commission ● CYBERSECURITY BASICS ● Cybersecurity Framework | NIST ● Canarytokens ● https://storage.pardot.com/799323/1638289699nZsVAZCD/CIS_Controls_v 8_Mapping_to_NIST_CSF_FINAL_06_11_2021.xlsx ● CIS Controls Self Assessment Tool (CIS CSAT) Public Resources
Takeaway ● Pick up that ground and low hanging fruit ● Inventory everything ● CIA it ● Threat Model it ● Apply your Framework ● Use your CIS Controls ● Grind away!
What Next? Go to NonprofitIT.com/cpa to Schedule a Discovery Call to learn about a Free Cybersecurity Posture Analysis Cybersecurity Posture Analysis 3rd party vulnerability scan ● Easy to understand report ● Identifies, tests, and highlights network vulnerabilities ● Typically costs $297
Thank You! @RoundTableIT RoundTable Technology @roundtabletechnology Stay Connected

Empfohlen

Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 

Empfohlen

Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chainAnkita Ganguly
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIAInformation Security- Threats and Attacks presentation by DHEERAJ KATARIA
Information Security- Threats and Attacks presentation by DHEERAJ KATARIADheeraj Kataria
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainSuwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk AssessmentsJoAnna Cheshire
 
Comprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityComprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityJasonTrinhNguyenTruo
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 

Weitere ähnliche Inhalte

Was ist angesagt?

Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsToño Herrera
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesSlideTeam
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Comprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityComprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityJasonTrinhNguyenTruo
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 

Was ist angesagt? (20)

Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
Introduction to Cybersecurity Fundamentals
Introduction to Cybersecurity FundamentalsIntroduction to Cybersecurity Fundamentals
Introduction to Cybersecurity Fundamentals
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
 
Comprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber securityComprehensive plans are in place to improve our institutional cyber security
Comprehensive plans are in place to improve our institutional cyber security
 
Network security
Network securityNetwork security
Network security
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
 

Ähnlich wie For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf

Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)April Mardock CISSP
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideInspiring Women
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackAujas
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 
Risk Management
Risk ManagementRisk Management
Risk Managementijtsrd
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management ProgramTripwire
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018Open Security Summit
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Accounting_Whitepapers
 
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docxyoroflowproduct
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic SecurityChad Korosec
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilienceSymantec
 

Ähnlich wie For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf (20)

Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chain
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Simple Safe Steps to Cyber Security
Simple Safe Steps to Cyber SecuritySimple Safe Steps to Cyber Security
Simple Safe Steps to Cyber Security
 
NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)NIST CSF review - Essential Protections (a K12 perspective)
NIST CSF review - Essential Protections (a K12 perspective)
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice Guide
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Network Security
Network SecurityNetwork Security
Network Security
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity Risk
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program
 
w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018w-cyber-risk-modeling Owasp cyber risk quantification 2018
w-cyber-risk-modeling Owasp cyber risk quantification 2018
 
Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015Cyber risk management-white-paper-v8 (2) 2015
Cyber risk management-white-paper-v8 (2) 2015
 
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 

Kürzlich hochgeladen

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 

Kürzlich hochgeladen (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 

For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf

  • 1. Cybersecurity: Frameworks, Fundamentals, and Foundations A Journey towards Improved Security 02.09.2023
  • 2. RoundTable Technology is a strategic partner who will work with your organization to help you leverage technology to fulfill your mission. We understand what it's like to be a nonprofit, working with limited resources, budget, and people. That's why we only hire personnel that are themselves driven by serving those who serve. We are currently supporting over 200 nonprofit clients and helping them get their technology under control.
  • 4. POLL #1 What brought you here today?
  • 6. A Little Jargon Framework: A framework is high level structure that outlines what your program looks like and is responsible for. Designed to create a common language for managing risk within a company Control: Cybersecurity controls are the countermeasures that companies implement to detect, prevent, reduce, or counteract security risks Standard: Collections of best practices created by experts to protect organizations from cyber threats and help improve their cybersecurity posture Regulations: Have a legal binding impact. The way they describe how something should be performed indicates government and public support for the rules and processes set forth in the regulation (HIPAA, GDPR)
  • 7. What is Driving the Need for Cybersecurity? Laws: NYS SHIELD, GDPR, CCPA, TMRPA Compliance/Regulations: HIPAA, PCI Insurance Companies Auditors Data Privacy Partners Pandemics Oh, and cyber criminals!
  • 8.
  • 10. Threat Modeling Good security decisions begin with assessing your security posture. To start, ask yourself the following questions: 1. What do I want to protect? 2. Who do I want to protect it from? 3. How likely is it that I’ll need to protect it? 4. How bad are the consequences if I fail? 5. How much trouble am I willing to go through to try to prevent potential consequences? Source: https://ssd.eff.org/module/seven-steps-digital-security
  • 11. Imagine if a hacker gained access to… the email account of a staff member with authority to direct other staff members, or communicate with a client or partner. Imagine your reputational damage if… your connections to other partners or customers was exploited leading to their breach. Imagine the disruption to your business… if all of your files and records disappeared suddenly and your systems used were inaccessible.
  • 12. The Fork in the Road - Ambiguity
  • 13.
  • 14. Fundamentals: Planning Your Route Cybersecurity is a garden of mostly low-hanging fruit.
  • 15. 5 Must Have Security Controls for Cyber Insurance These controls will help satisfy most of the Insurance requirements: 1. Multi-Factor Authentication (MFA) on all systems, Admin accounts and Remote Access 2. Backups 3. Endpoints Detection and Response (EDR) antivirus 4. Patch Management for Endpoints 5. Ongoing Cybersecurity Training for Staff
  • 16. 🍎 Setting and enforcing application controls (Control what applications can do) 🍎 Patching applications (Run updates and use current versions) 🍎 Configuring Microsoft Office Macro settings (keep Macros micro) 🍎 Hardening user applications (Control what web browsers can do) 🍎 Restricting administrative privileges (Keep regular and admin accounts separate) 🍎 Patching operating systems (Run updates and use current versions) 🍎 Using Multi-Factor Authentication (MFA all the way!) 🍎 Ensuring daily backups (including the SaaS and Cloud apps) Source: https://www.cyber.gov.au/acsc/view-all-content/publications/essential-eight-maturity-model Ground Fruit 🐨
  • 19. Spin the Wheel, Pick a Cybersecurity Framework (CSF)
  • 20. National Institute of Standards & Technology - Cybersecurity Framework (NIST CSF) Identify Protect Detect Respond Recover Organizations must identify and classify assets and develop an understanding of their environment, threats, and exposures in order to manage cybersecurity risk to systems, people, assets, data and capabilities. Organizations must develop and implement the appropriate safeguards to prevent, limit or contain impact from potential cybersecurity events. Organizations must implement appropriate measures to quickly identify cybersecurity events. Should a cyber incident occur, organizations must have the ability to contain the impact, implement an effective response, perform all required activities to remediate the incident. Organizations must develop and implement effective activities to restore any capabilities or services that were impaired due to a cybersecurity event and incorporate lessons learned into revised response strategies.
  • 21. NIST CSF Checklist Identify Protect Detect Respond Recover ● Asset Inventory ● Risk Assessment ● C/I/A ● Data Classification ● Regulatory Compliance ● Threat Modeling ● Defense in Depth ● Network Defense ● Endpoint Protection (EPP) ● SaaS Protection and Zero Trust ● Encryption ● Identity ● Human Layer ● People ● Endpoint Detection and Response (EDR) ● Monitoring and Alerts ● Honeypots ● Scanning (network, dark web, etc.) ● Managed Detection & Response (MDR) ● Extended Detection & Response (XDR) ● SOC/ NOC/ 3rd Party Responders ● Tabletops ● Incident Response Plan ● Cyber Liability Insurance ● Backups ● Business Continuity and Disaster Recovery (BCDR)
  • 22.
  • 23. Know What You Have Do you know your TechStack? Windows 10 Windows 2008 Server Filemaker Pro Salesforce NPSP Google Workspace Email, calendars & some file sharing File sharing, Active Directory, QuickBooks, Volunteer DB Salesforce Nonprofit Starter Pack for Donor Management Most workstations running Windows 10. Mixed versions of MS Office. 2-8 years old - avg 5 years old. Volunteer Management database - custom built 10+ years ago Shadow IT Misc USB drives, DropBox and rogue Google Accounts
  • 24. IDENTIFY ASSETS Tangible & Intangible IDENTIFY THREATS & VULNERABILITIES Internal & External ASSESS CURRENT STATE Processes Systems Roles EVALUATE RISKS Business Impact Probability and Impact Assessment Prioritize Risk Mitigation Steps ASSIGN OWNERSHIP Responsible Individual Risk Assessment
  • 25. C - How bad would it be if the information was exposed? I - How bad would it be if the information was lost? A - How bad would it be if the information was not available? Low - Wouldn’t Care Medium - Not great, but not catastrophic High - Possibly catastrophic CIA Framework / Triad
  • 27. Quantitative Assessment: The ALE you would prefer not to drink *Source: https://netdiligence.com/wp-content/uploads/2021/03/NetD_2020_Claims_Study_1.2.pdf ● Estimate cost of an incident - $77K* ● Estimate annual probability - 30% ● Calculate Super Simple ALE - 30% of $77K = $23,100 Annual Loss Expectancy - current state - $23,100 Takeaway: If we can reduce probability to 10% through improved cybersecurity, it’s worth over $15,000 in annual loss expectancy reduction.
  • 28. POLL #2 What cybersecurity measures are you currently taking?
  • 29.
  • 30. Swiss Cheese Defense-in-Depth for Cybersecurity Recognizing that no single intervention is sufficient to prevent harm Threat Modeling & Risk Assessment Training & Awareness Identity & Authentication Endpoint Protection Policies Testing & Monitoring Preparedness & Incident Response
  • 32. Training ● Social Engineering ● Phishing/Smishing/Vishing ● Policies ● Environmental Awareness ● Open Source Intelligence (OSINT) ● Security Culture ● Repeat
  • 33. Password 123456 Password 45gg$5609932fc% Password I like to eat pickles 2 days a week. Password X9fg44!2 Weaker Stronger Easy to remember Easy to type ) Difficult to remember Difficult to type ● The average person has to logon to over 170+ sites/services and only has 3 to 19 passwords ● Lots of weak, shared passwords (or password patterns) ● Lots of passwords that are easy for adversaries to guess ● One compromise more easily leads to other compromises Think Passphrases - Not Passwords Source: How Secure Is My Password? | Password Strength Checker
  • 34. Password Managers Allow you to create and easily use unique, strong, perfectly random passwords for each site/service ● Passwords made up by people tend to be guessable within the lifetime of the password, most within hours to days ● User created password needs to be 20-char or longer to be unguessable/uncrackable but a 12-character perfectly random password is unguessable/uncrackable ● Protect against phishing ● Audit your passwords ● Share passwords securely
  • 35. Source: Multi-Factor Authentication - CyberProtex Multi-Factor Authentication (MFA)
  • 40. Device Checklist Antivirus / Anti-malware Current OS and Software Screen Lock Strong Device Password OS and Security Updates Hard drive and device Encryption Website Filters Camera Cover Good home Wifi security
  • 41. Additional Checklist ❏ Web, Application, and Network Firewalls ❏ Mobile Device Management ❏ Proper Cloud/SaaS Application Configuration ❏ Patching and Updates ❏ Website Updates
  • 42. POLL #3 When was the last time you provided measurable security awareness training to your staff?
  • 43.
  • 44. Alerts MS365 Microsoft 365 alert policies - Microsoft Purview (compliance) Real-Time Alerting with Microsoft 365 Alert Policies - Office 365 Reports Google Workspace Configure alert center email notifications - Google Workspace Admin Help
  • 45. Endpoint Detection & Response (EDR) /Managed Detection & Response (MDR)
  • 46. Monitoring and Scanning Domain Doppelganger Firefox Monitor / Have I Been Pwned Sucuri SiteCheck Angry IP Scanner Changes in your network | runZero ❏ Identify Look-Alike Domains ❏ Email and Phone Data Breaches ❏ Website Vulnerabilities ❏ Network Scans ❏ Network Monitoring
  • 47.
  • 48. ● Risk Assessment ● Compliance Verification ● Penetration Testing ● Vulnerability Scanning ● Awareness Training ● Endpoint protection ● Firewalls ● IDS/IPS ● AV ● EDR ● WAFs ● Alerts ● Security Operations ● Remediation ● Incident Response & Triage ● Forensics ● Backups
  • 50.
  • 51. What Is A Tabletop Exercise?
  • 52. Tabletop Exercise - Objectives Create a safe space Identify gaps in crisis management Identify gaps in current practices
  • 53. Why Is A Fire Drill Useful?
  • 55.
  • 56. POLL #4 How protected do you feel?
  • 57. Backups - Cover Your SaaS Your data on the cloud is vulnerable to loss and breaches due to these reasons: Human error: Everyday human errors account for up to 64% of data loss incidents according to Aberdeen research. Employees inevitably delete the wrong email, contacts, or critical configurations. Malicious insiders: Employee action is involved in up to 23% of all electronic crime events, according to the CERT Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute. Illegitimate deletion requests: SaaS providers will honor your deletion request without question. They have no way of knowing if it’s a hasty (or malicious) request and they are not responsible for any unexpected results Malware and viruses: Rogue software can spread mayhem with programmatic efficiency without an active attack from a hacker. Many malware programs and viruses emerge from existing code after hibernation, making them especially hard to defend against. Synchronization errors: Syncing or updating multiple SaaS applications, which is a common software scenario in organizations, is not always seamless and can cause loss of SaaS data. Hackers, Malware, Ransomware, Cryptomining, Phishing: There is an ever-growing list of malware types and scams. Social engineering which target employees with phishing and whaling attacks are proving to be incredibly successful as per Verizon’s data breach report. The damages due to such data breaches are devastating not only in terms of financial loss, but also damage the business’ reputation and cause loss of customers.
  • 59. Business Continuity and Disaster Recovery BCDR Inventory Example Information Description Location Recovery Point Objective (RPO) Recovery Time Objective (RTO) Recovery Level Objective (RLO) In-place Safeguards Comments What is this information called? Description Where is this information housed? The amount of data at risk. It's determined by the amount of time between backups and reflects the amount of data that potentially could be lost during a disaster recovery. The metric refers to the amount of time it takes to recover from a data loss event and how long it takes to return to service. RTO refers then to the amount of time the system's data is unavailable. This is the level of granularity required for restoration of the selected information. For example, is it sufficient to be able to restore only the entire database from a point in time, or do you require the ability to restore a specific record? What existing protections are in place for the backup and recovery of this data/service? Indicate any changes to be made or questions to investigate. Salesforce CRM database Salesforce (Cloud) 4 hours 24 hours Record level restore Basic Salesforce Retention Review restore options and consider backing up with Spanning Email All organizational email Gmail (G Suite for Nonprofits) 4 hours 4 hours Full single mailbox restore acceptable Spanning.com Satisfactory File Shares All organizational files File Server (in-house) 24 hours 24 hours Individual file restore USB Backup Drives (onsite) Look into offsite backup option with Crashplan or BackBlaze Voice Phone system Dialpad (Cloud) 24 hours 1 hour Full system restore acceptable None Document administrative accounts and authorized personnel Website Organization's website WordPress, hosted at BlueHost 24 hours 1 hour Full site restore acceptable Unknown Speak with BlueHost, gain understanding of backup/restore options and what is already in place
  • 61. The CIS Framework was originally developed in 2008 to help small and mid-sized organizations manage complex cybersecurity requirements. This was a change to the discussion from “what should my enterprise do” to “what should we ALL be doing” to improve security. CIS Framework Controls are broken down into three categories. Basic controls, Foundational Controls, and Organizational Controls. CIS Controls are meant to apply easily to any industry or sector. Many CIS controls can be directly mapped back to both NIST and ISO. Center for Internet Security Controls v.8 Source: https://storage.pardot.com/799323/1638289699nZsVAZCD/CIS_Controls_v8_Mapping_to_NIST_CSF_FINAL_06_11_2021.xlsx
  • 62. Center for Internet Security Controls v.8
  • 63. CIS Implementation Groups The CIS Controls framework then goes even further to define three implementation groups. ● IG 1 is for organizations with limited resources and cybersecurity expertise. ● IG 2 is for organizations with moderate resources and cybersecurity expertise. ● IG 3 is for mature organizations with significant resources and cybersecurity expertise. Under each of the 18 controls, the CIS Controls framework provides a list of sub-controls, color-coded to indicate which implementation group should be using them. For example, CIS Control 1 “Inventory and Control of Hardware Assets” lists sub-control “Utilize an Active Discovery Tool” is appropriate for Implementation Groups 2 and 3 but considered too much of a burden for Group 1.
  • 64.
  • 65. CIS Controls Self Assessment Tool (CIS CSAT) Source: https://csat.cisecurity.org/accounts/signup/
  • 66. CIS Controls Self Assessment Tool (CIS CSAT) Source: https://csat.cisecurity.org/accounts/signup/
  • 67. ● ACSC publications ● Strategies to Mitigate Cyber Security Incidents | Cyber.gov.au ● The 18 CIS Critical Security Controls ● CIS Controls v8 Cloud Companion Guide ● https://learn.cisecurity.org/Establishing-Essential-Cyber-Hygiene ● Top 25 Cybersecurity Frameworks to Consider |… | SecurityScorecard ● Cybersecurity for Small Business | Federal Trade Commission ● CYBERSECURITY BASICS ● Cybersecurity Framework | NIST ● Canarytokens ● https://storage.pardot.com/799323/1638289699nZsVAZCD/CIS_Controls_v 8_Mapping_to_NIST_CSF_FINAL_06_11_2021.xlsx ● CIS Controls Self Assessment Tool (CIS CSAT) Public Resources
  • 68. Takeaway ● Pick up that ground and low hanging fruit ● Inventory everything ● CIA it ● Threat Model it ● Apply your Framework ● Use your CIS Controls ● Grind away!
  • 69. What Next? Go to NonprofitIT.com/cpa to Schedule a Discovery Call to learn about a Free Cybersecurity Posture Analysis Cybersecurity Posture Analysis 3rd party vulnerability scan ● Easy to understand report ● Identifies, tests, and highlights network vulnerabilities ● Typically costs $297
  • 70.
  • 71. Thank You! @RoundTableIT RoundTable Technology @roundtabletechnology Stay Connected