C-Suite Guide to Cybersecurity

MICHAEL MOSHIRI
MICHAEL MOSHIRIManaging Partner, Cyber Security & Risk Services at IntelliSec Partners • International #1 Bestselling Author um IntelliSec Partners
C-SUITE GUIDE TO CYBERSECURITY A P R 1 5 , 2 0 1 5
• W H Y T H I S M AT T E R S • W H O T H I S I S F O R • 5 K E Y P R I N C I P L E S • K E Y TA K E - A WAY I N S I D E
IBM Security Services 2014 Cyber Security Intelligence Index 91
 Million security events per year for the average company T H E R E I S N O G O O D N E W S
IBM Security Services 2014 Cyber Security Intelligence Index $5.9 Million Average cost per breach T H E R E I S N O G O O D N E W S
PwC Global State of Information Security Survey 2015 T H E R E I S N O G O O D N E W S 48%Increase in security incidents from last year
Y O U A R E N O T I M M U N E R E G A R D L E S S O F Y O U R S I Z E , I N D U S T RY, O R M A R K E T
T H I S I M PA C T S Y O U D I R E C T LY… I F Y O U A R E A C E O C O O C F O C I O C R O
W H E N I T C O M E S T O C Y B E R S E C U R I T Y … Y O U C A N ’ T M A N A G E W H AT Y O U D O N ’ T U N D E R S TA N D
B U T T O B E E F F E C T I V E … Y O U D O N ’ T H AV E T O B E C O M E A C Y B E R S E C U R I T Y E X P E R T
L E A R N H O W T O F R A M E I S S U E S I N R E F E R E N C E T O A N I N D U S T RY- S TA N D A R D F R A M E W O R K T H E FA S T E S T WA Y T O B E C O M E P R O F I C I E N T:
N I S T C Y B E R S E C U R I T Y F R A M E W O R K
P R I N C I P L E # 1 : IDENTIFY
K E Y I S S U E : I D E N T I F Y & M E A S U R E R I S K S
R I S K : T H E P O T E N T I A L F O R L O S S , D A M A G E , O R D E S T R U C T I O N O F A N A S S E T A S A R E S U LT O F A T H R E AT E X P L O I T I N G A V U L N E R A B I L I T Y.
A S S E S S I N G R I S K I D E N T I F Y: • A S S E T S • T H R E A T S • V U L N E R A B I L I T I E S • C O N T R O L S • R E S I D U A L R I S K
Y O U R A S S E T S … W H AT A R E Y O U R M O S T C R I T I C A L A S S E T S ?
Y O U R A S S E T S … W H E R E A R E Y O U R M O S T C R I T I C A L A S S E T S ?
Y O U R A S S E T S … H O W A R E Y O U R M O S T C R I T I C A L A S S E T S P R O T E C T E D ?
T H R E A T: A F O R C E , O R G A N I Z AT I O N , O R P E R S O N T H AT S E E K S T O E X P L O I T A V U L N E R A B I L I T Y T O O B TA I N , C O M P R O M I S E , O R D E S T R O Y A N A S S E T
V U L N E R A B I L I T Y: A W E A K N E S S T H AT C A N B E E X P L O I T E D B Y T H R E AT S T O G A I N U N A U T H O R I Z E D A C C E S S T O A N A S S E T
T Y P I C A L T H R E AT S • N AT U R A L D I S A S T E R S 
 F L O O D S A N D F I R E S • I N T E R N A L T H R E AT S 
 M A L I C I O U S O R U N A WA R E E M P L O Y E E S • P H Y S I C A L T H R E AT S 
 T H E F T, D E S T R U C T I O N • I N T E R N E T T H R E AT S 
 H A C K E R S
R E S I D U A L R I S K : T H E L E V E L O F R I S K A N A S S E T I S E X P O S E D T O I F M I T I G AT I N G C O N T R O L S A R E E F F E C T I V E
Q U E S T I O N S T O A S K • D O W E U N D E R S TA N D W H A T C R I T I C A L I N F O R M A T I O N W E M A N A G E , W H E R E I T I S S T O R E D , H O W S E N S I T I V E I T I S , A N D W H O H A S A C C E S S T O I T ? • W H A T A R E O U R “ C R O W N J E W E L S ” O R K E Y B U S I N E S S A S S E T S ? D O W E H A V E A D E Q U A T E P R O T E C T I O N T O S E C U R E T H E M ? • W H A T T Y P E S O F C O N N E C T I O N S T O O U R “ C R O W N J E W E L S ” D O W E H A V E ( V P N s , W I R E L E S S , L A N , T H I R D PA R T I E S , E T C . ) A N D H O W A R E W E M A N A G I N G A N D S E C U R I N G T H E S E C O N N E C T I O N S ? • H O W I S O U R S TA F F I D E N T I F Y I N G R I S K S , A N D P R O V I D I N G U S W I T H A C C U R A T E A N D T I M E LY I N F O R M A T I O N A B O U T T H O S E R I S K S ? • W H A T I S O U R A B I L I T Y T O M I T I G A T E T H O S E R I S K S ?
I D E N T I F Y I N G A N D M E A S U R I N G R I S K I S N O T A O N E - T I M E E X E R C I S E . I T I S A N O N G O I N G P R O C E S S .
C Y B E R R I S K M A N A G E M E N T P R O C E S S EVERY ORGANIZATION MUST HAVE A…
P R I N C I P L E # 2 : PROTECT
K E Y I S S U E : P R O T E C T C R I T I C A L A S S E T S
E N S U R E T H E A P P R O P R I AT E S A F E G U A R D S O R C O N T R O L S A R E I N P L A C E T O M I T I G AT E T H E VA R I O U S T Y P E S O F T H R E AT S T O Y O U R A S S E T S I N O T H E R W O R D S …
T H R E E T Y P E S O F C O N T R O L S 1. P R E V E N T I V E 2. D E T E C T I V E 3. C O R R E C T I V E
P R E V E N T I V E C O N T R O L S : P R E V E N T A T H R E AT F R O M E X P L O I T I N G A V U L N E R A B I L I T Y
P R E V E N T I V E C O N T R O L S • F I R E WA L L S • E N C RY P T I O N • 2 - FA C T O R A U T H E N T I C A T I O N • I N T R U S I O N D E T E C T I O N S Y S T E M S ( I D S ) • S E C U R I T Y A WA R E N E S S T R A I N I N G
D E T E C T I V E C O N T R O L S : D E T E C T S E C U R I T Y E V E N T S , B R E A C H E S , A N D FA I L U R E S
D E T E C T I V E C O N T R O L S • N E T W O R K M O N I T O R I N G • S Y S T E M S C A N S • A N T I - V I R U S S O F T WA R E • P E N E T R A T I O N T E S T S • I N T R U S I O N P R E V E N T I O N S Y S T E M S ( I P S )
C O R R E C T I V E C O N T R O L S : R E S T O R E S Y S T E M O R P R O C E S S T O I T S S TAT E P R I O R T O S E C U R I T Y E V E N T T O M I N I M I Z E L O S S
C O R R E C T I V E C O N T R O L S • R E S T O R I N G B A C K U P S • O S U P G R A D E • A N T I - V I R U S S O F T WA R E • P E N E T R A T I O N T E S T S • F I R E WA L L S
Q U E S T I O N S T O A S K • W H A T C O N T R O L S D O W E H A V E F O R P R O T E C T I N G O U R C R I T I C A L I N F O R M A T I O N A S S E T S ? H O W E F F E C T I V E A R E T H E Y ? • D O E S O U R I T S TA F F H A V E T H E A P P R O P R I A T E K N O W L E D G E A N D S K I L L S T O P R O T E C T O U R C R I T I C A L I N F O R M A T I O N A S S E T S F R O M A P O T E N T I A L C Y B E R - A T TA C K ? • I S O U R E N T I R E S TA F F I N F O R M E D A B O U T C Y B E R T H R E A T S ? D O T H E Y H A V E A N U N D E R S TA N D I N G O F R I S K A S S O C I A T E D W I T H T H E I R A C T I O N S ?
P R I N C I P L E # 3 : DETECT
K E Y I S S U E : D E T E C T D E V I AT I O N S F R O M N O R M A L S TAT E O F A C T I V I T Y
C O R E C A PA B I L I T I E S 1. U N D E R S TA N D “ N O R M A L ” 2. D E T E C T D E V I A T I O N S
N O R M A L S TA T E : T H E E X P E C T E D , N AT U R A L , A N D C U S T O M A RY S TAT E O F S Y S T E M S , P R O C E S S E S , A N D A S S E T S D U R I N G N O R M A L B U S I N E S S O P E R AT I O N S
N O R M A L S TAT E S H O U L D C O N S I D E R • N E T W O R K T R A F F I C PA T T E R N S • S Y S T E M U S A G E • D E V I C E S O N N E T W O R K • I N S TA L L E D S O F T WA R E • S Y S T E M / N E T W O R K U S E R S
D E V I A T I O N S : A N Y U N E X P E C T E D , U N P L A N N E D , O R U N U S U A L A C T I V I T Y, E V E N T, O R S TAT E T H AT I S D I F F E R E N T F R O M T H E N O R M A L S TAT E
D E T E C T I N G D E V I AT I O N S • I N T R U S I O N D E T E C T I O N S Y S T E M S ( I D S ) • N E T W O R K B E H A V I O R A N O M A LY D E T E C T I O N ( N B A D ) T O O L S • S E C U R I T Y I N F O R M A T I O N A N D E V E N T M A N A G E M E N T ( S I E M ) T O O L S • C O N F I G U R A T I O N M A N A G E M E N T T O O L S
Q U E S T I O N S T O A S K • H O W I S T H E E X E C U T I V E L E A D E R S H I P K E P T A B R E A S T O F T H E C H A N G I N G C Y B E R T H R E A T L A N D S C A P E ? • H O W D O W E D E T E C T D E V I A T I O N S F R O M O U R N O R M A L O P E R A T I O N S ? • H O W I S T H E L E A D E R S H I P K E P T I N F O R M E D A B O U T C Y B E R I N C I D E N T S , A T TA C K S , A N D B R E A C H E S ?
P R I N C I P L E # 4 : RESPOND
K E Y I S S U E : R E S P O N D R A P I D LY T O S E C U R I T Y AT TA C K S & B R E A C H E S
E V E RY O R G A N I Z AT I O N M U S T H AV E A T E S T E D C Y B E R - I N C I D E N T R E S P O N S E P L A N
K E Y P R O V I S I O N S T O A D D R E S S • L I M I T I N G P O T E N T I A L D A M A G E • L I M I T I N G L O S S O F R E S O U R C E S • P R E S E R V I N G E V I D E N C E • U S E O F D I G I TA L F O R E N S I C S • S E R V I C E A VA I L A B I L I T Y • N E E D E D T I M E & R E S O U R C E S • E X P E C T E D E F F E C T I V E N E S S , D U R A T I O N , & P E R M A N E N C E O F P L A N N E D R E S P O N S E S • I N T E R N A L & E X T E R N A L C O M M U N I C A T I O N S
C O M M U N I C A T I N G A B R E A C H Y O U M AY H AV E L E G A L O B L I G AT I O N S T O I N F O R M Y O U R C U S T O M E R S , L A W E N F O R C E M E N T, A N D R E G U L AT O R S
Q U E S T I O N S T O A S K • D O W E H A V E A N E F F E C T I V E C Y B E R - I N C I D E N T R E S P O N S E P L A N ? H O W O F T E N ( A N D H O W ) D O W E T E S T I T ? • W H A T, W H E N A N D H O W D O W E C O M M U N I C A T E T O T H E E X E C U T I V E L E A D E R S H I P, I F W E W E R E H A C K E D T O D A Y ? • H O W A N D W H E N D O W E I N F O R M I N T E R N A L A N D E X T E R N A L S TA K E H O L D E R S , F O R E N S I C S E R V I C E P R O V I D E R S , P R F I R M S , L A W E N F O R C E M E N T, C U S T O M E R S , T H I R D PA R T I E S , O R R E G U L A T O R S ?
P R I N C I P L E # 5 : RECOVER Ʊ
K E Y I S S U E : R E S T O R E F U L L F U N C T I O N A L I T Y A N D C O N F I D E N C E I N Y O U R R E C O V E R E D S Y S T E M S , P R O C E S S E S , A N D D ATA
R E C O V E RY M U S T A D D R E S S • I D E N T I F I C A T I O N O F E X P L O I T E D V U L N E R A B I L I T I E S • R E A S S E S S M E N T O F R I S K S • I M P L E M E N TA T I O N O F A D D I T I O N A L O R U P D A T E D C O N T R O L S • E VA L U A T I O N O F C Y B E R - I N C I D E N T R E S P O N S E • I M P R O V E M E N T S T O C Y B E R - I N C I D E N T R E S P O N S E P L A N
E V E RY C Y B E R - AT TA C K C A N M A K E Y O U S T R O N G E R T O P R O T E C T A G A I N S T F U T U R E C Y B E R - AT TA C K S , U S E T H E L E S S O N S L E A R N E D F R O M A N Y AT TA C K T O I D E N T I F Y A N D E L I M I N AT E T H E V U L N E R A B I L I T I E S T H E AT TA C K E R S E X P L O I T E D
Q U E S T I O N S T O A S K • W H A T S T E P S D O E S O U R I N C I D E N T R E S P O N S E P L A N I N C L U D E F O R R E C O V E R I N G A F T E R A C Y B E R - A T TA C K ? • H O W W E L L D I D W E R E C O V E R F R O M O U R I N C I D E N T ? • W H A T C H A N G E S D I D W E M A K E T O O U R C Y B E R - I N C I D E N T R E S P O N S E P L A N A S A R E S U LT ?
A W E L L - I N F O R M E D C - S U I T E I S T H E M O S T C R I T I C A L C O M P O N E N T O F A C Y B E R - R I S K M A N A G E M E N T P R O G R A M KEY TAKE-AWAY:
W E C A N H E L P INTELLISECPARTNERS.COM 602.341.3435
1 von 57

C-Suite Guide to Cybersecurity

Business

A well-informed C-Suite is the most critical part of an effective cyber risk management program. This presentation provides the essential knowledge every executive must possess about cybersecurity to be effective when discussing the topic.

MICHAEL MOSHIRI
MICHAEL MOSHIRIManaging Partner, Cyber Security & Risk Services at IntelliSec Partners • International #1 Bestselling Author um IntelliSec Partners

Recomendados

Drilling engineering von
Drilling engineeringDrilling engineering
Drilling engineeringSteffones K
4.3K views282 Folien
Inventarisasi dan identifikasi makroalga di teluk lombok von
Inventarisasi dan identifikasi makroalga di teluk lombokInventarisasi dan identifikasi makroalga di teluk lombok
Inventarisasi dan identifikasi makroalga di teluk lombokEci Oktaviani
4.1K views8 Folien
Groasis Waterboxx Handbook on Planting Instructions for Trees & Crops in Dese... von
Groasis Waterboxx Handbook on Planting Instructions for Trees & Crops in Dese...Groasis Waterboxx Handbook on Planting Instructions for Trees & Crops in Dese...
Groasis Waterboxx Handbook on Planting Instructions for Trees & Crops in Dese...School Vegetable Gardening - Victory Gardens
2.6K views33 Folien
0620 w12 qp_33 von
0620 w12 qp_330620 w12 qp_33
0620 w12 qp_33King Ali
3K views16 Folien
FinalProjectFall2014presentation von
FinalProjectFall2014presentationFinalProjectFall2014presentation
FinalProjectFall2014presentationMichael Okuneye
1.4K views43 Folien
Organic reactions by experiments with answers 1 von
Organic reactions by experiments with answers 1Organic reactions by experiments with answers 1
Organic reactions by experiments with answers 1MRSMPC
7K views7 Folien

Más contenido relacionado

Was ist angesagt?

Drilling Lab - Mud Filtration von
Drilling Lab - Mud FiltrationDrilling Lab - Mud Filtration
Drilling Lab - Mud FiltrationMuhammadSRaniYah
3.1K views9 Folien
Mud weight and density test ex.no(1) von
Mud weight and density test ex.no(1)Mud weight and density test ex.no(1)
Mud weight and density test ex.no(1)chian zaxo
1.2K views10 Folien
Drilling Lab - Sand Content von
Drilling Lab - Sand ContentDrilling Lab - Sand Content
Drilling Lab - Sand ContentMuhammadSRaniYah
5.8K views8 Folien
sand content experiment von
sand content experimentsand content experiment
sand content experimentAhmedHalgurdArif1
366 views8 Folien
00 flexible drill pipe usr -ultra short radius drilling - von
00 flexible drill pipe usr -ultra short radius drilling - 00 flexible drill pipe usr -ultra short radius drilling -
00 flexible drill pipe usr -ultra short radius drilling - Adam Guo
125 views38 Folien
(Mud Filtration) von
(Mud Filtration)(Mud Filtration)
(Mud Filtration)Bakhtyar Star
7.9K views13 Folien

Was ist angesagt?(7)

Drilling Lab - Mud Filtration von MuhammadSRaniYah
Drilling Lab - Mud FiltrationDrilling Lab - Mud Filtration
Drilling Lab - Mud Filtration
MuhammadSRaniYah3.1K views
Mud weight and density test ex.no(1) von chian zaxo
Mud weight and density test ex.no(1)Mud weight and density test ex.no(1)
Mud weight and density test ex.no(1)
chian zaxo 1.2K views
Drilling Lab - Sand Content von MuhammadSRaniYah
Drilling Lab - Sand ContentDrilling Lab - Sand Content
Drilling Lab - Sand Content
MuhammadSRaniYah5.8K views
sand content experiment von AhmedHalgurdArif1
sand content experimentsand content experiment
sand content experiment
AhmedHalgurdArif1366 views
00 flexible drill pipe usr -ultra short radius drilling - von Adam Guo
00 flexible drill pipe usr -ultra short radius drilling - 00 flexible drill pipe usr -ultra short radius drilling -
00 flexible drill pipe usr -ultra short radius drilling -
Adam Guo125 views
(Mud Filtration) von Bakhtyar Star
(Mud Filtration)(Mud Filtration)
(Mud Filtration)
Bakhtyar Star7.9K views
Drilling Lab - Mud Weight Balancing von MuhammadSRaniYah
Drilling Lab - Mud Weight Balancing Drilling Lab - Mud Weight Balancing
Drilling Lab - Mud Weight Balancing
MuhammadSRaniYah1.2K views

Similar a C-Suite Guide to Cybersecurity

1.1 Introducción a la gestión empresarial von
1.1 Introducción a la gestión empresarial1.1 Introducción a la gestión empresarial
1.1 Introducción a la gestión empresarialJorge Edgar Mora Reyes
1.2K views27 Folien
Codecademy Live QA Presentation von
Codecademy Live QA PresentationCodecademy Live QA Presentation
Codecademy Live QA PresentationJames Kim
360 views25 Folien
Test quick, build smart, be awesome von
Test quick, build smart, be awesomeTest quick, build smart, be awesome
Test quick, build smart, be awesomeWP&UP
76 views23 Folien
Occ Cinque Terre von
Occ Cinque TerreOcc Cinque Terre
Occ Cinque TerreWilliam Smith
187 views30 Folien
local_media5339393617520343093.pptx von
local_media5339393617520343093.pptxlocal_media5339393617520343093.pptx
local_media5339393617520343093.pptxCharieCatarmanOrboc
3 views23 Folien
Building Legends at One World Observatory von
Building Legends at One World ObservatoryBuilding Legends at One World Observatory
Building Legends at One World ObservatoryAddison O'Connor
53 views20 Folien

Similar a C-Suite Guide to Cybersecurity(20)

1.1 Introducción a la gestión empresarial von Jorge Edgar Mora Reyes
1.1 Introducción a la gestión empresarial1.1 Introducción a la gestión empresarial
1.1 Introducción a la gestión empresarial
Jorge Edgar Mora Reyes1.2K views
Codecademy Live QA Presentation von James Kim
Codecademy Live QA PresentationCodecademy Live QA Presentation
Codecademy Live QA Presentation
James Kim360 views
Test quick, build smart, be awesome von WP&UP
Test quick, build smart, be awesomeTest quick, build smart, be awesome
Test quick, build smart, be awesome
WP&UP76 views
Occ Cinque Terre von William Smith
Occ Cinque TerreOcc Cinque Terre
Occ Cinque Terre
William Smith187 views
local_media5339393617520343093.pptx von CharieCatarmanOrboc
local_media5339393617520343093.pptxlocal_media5339393617520343093.pptx
local_media5339393617520343093.pptx
CharieCatarmanOrboc3 views
Building Legends at One World Observatory von Addison O'Connor
Building Legends at One World ObservatoryBuilding Legends at One World Observatory
Building Legends at One World Observatory
Addison O'Connor53 views
M|SOURCE WORK ORDER SYSTEM von Scott Urich
M|SOURCE WORK ORDER SYSTEMM|SOURCE WORK ORDER SYSTEM
M|SOURCE WORK ORDER SYSTEM
Scott Urich188 views
PEACE EDUCATION (PEACE THEME 5) von Reymart Dellomas
PEACE EDUCATION (PEACE THEME 5)PEACE EDUCATION (PEACE THEME 5)
PEACE EDUCATION (PEACE THEME 5)
Reymart Dellomas9.5K views
Conventions of a thriller von emmalouise01
Conventions of a thrillerConventions of a thriller
Conventions of a thriller
emmalouise01302 views
4 reasons that you cannot engage your team after election von Flora Liu
4 reasons that you cannot engage your team after election4 reasons that you cannot engage your team after election
4 reasons that you cannot engage your team after election
Flora Liu362 views
Trabajo impresoras von Jhoonn Jairo
Trabajo impresorasTrabajo impresoras
Trabajo impresoras
Jhoonn Jairo303 views
messagingLAB_thought leadership class slides von messagingLAB
messagingLAB_thought leadership class slidesmessagingLAB_thought leadership class slides
messagingLAB_thought leadership class slides
messagingLAB267 views
American Marketing Association - Strategy Presentation von Sam Cheema
American Marketing Association - Strategy Presentation American Marketing Association - Strategy Presentation
American Marketing Association - Strategy Presentation
Sam Cheema284 views
Photogrammetry von Luis Raúl Osorio Muñoz
Photogrammetry Photogrammetry
Photogrammetry
Luis Raúl Osorio Muñoz183 views
Industria 4.0 von canoceballos
Industria 4.0Industria 4.0
Industria 4.0
canoceballos17 views
Metodologia simulacro von Martha Salas
Metodologia simulacroMetodologia simulacro
Metodologia simulacro
Martha Salas94 views
Packaging Trends von Steiner Werbung AG
Packaging TrendsPackaging Trends
Packaging Trends
Steiner Werbung AG404 views
Team Ramen, Marketing Samurai'19, 2nd Round.pdf von Afnan Faruk
Team Ramen, Marketing Samurai'19, 2nd Round.pdfTeam Ramen, Marketing Samurai'19, 2nd Round.pdf
Team Ramen, Marketing Samurai'19, 2nd Round.pdf
Afnan Faruk26 views
Manejo de redes von AndreaGuadalupeAceve
Manejo de redesManejo de redes
Manejo de redes
AndreaGuadalupeAceve20 views
Blue Moon - Advertising Plan (Group Project) von Sam Cheema
Blue Moon - Advertising Plan (Group Project)Blue Moon - Advertising Plan (Group Project)
Blue Moon - Advertising Plan (Group Project)
Sam Cheema197 views

Último

Building Careers at Specialty TRE 2023 von
Building Careers at Specialty TRE 2023Building Careers at Specialty TRE 2023
Building Careers at Specialty TRE 2023Jennifer Sanborn
42 views22 Folien
CORPORATE COMMUNICATION.pdf von
CORPORATE COMMUNICATION.pdfCORPORATE COMMUNICATION.pdf
CORPORATE COMMUNICATION.pdfAKarthikeyan8
12 views71 Folien
Top 10 IT Tasks Small Businesses Can Entrust to Offshore Professionals von
Top 10 IT Tasks Small Businesses Can Entrust to Offshore ProfessionalsTop 10 IT Tasks Small Businesses Can Entrust to Offshore Professionals
Top 10 IT Tasks Small Businesses Can Entrust to Offshore Professionalsaltafhsayyednimetler
13 views14 Folien
UCA towards I5.0 OECD.pdf von
UCA towards I5.0 OECD.pdfUCA towards I5.0 OECD.pdf
UCA towards I5.0 OECD.pdfAPPAU_Ukraine
7 views16 Folien
ANTHROPOIDS WHITE PAPER.pdf von
ANTHROPOIDS WHITE PAPER.pdfANTHROPOIDS WHITE PAPER.pdf
ANTHROPOIDS WHITE PAPER.pdfAnthropoids Nfts
40 views12 Folien
duck railing.pdf von
duck railing.pdfduck railing.pdf
duck railing.pdfaluminumdeckrailingc
8 views1 Folie

Último(20)

Building Careers at Specialty TRE 2023 von Jennifer Sanborn
Building Careers at Specialty TRE 2023Building Careers at Specialty TRE 2023
Building Careers at Specialty TRE 2023
Jennifer Sanborn42 views
CORPORATE COMMUNICATION.pdf von AKarthikeyan8
CORPORATE COMMUNICATION.pdfCORPORATE COMMUNICATION.pdf
CORPORATE COMMUNICATION.pdf
AKarthikeyan812 views
Top 10 IT Tasks Small Businesses Can Entrust to Offshore Professionals von altafhsayyednimetler
Top 10 IT Tasks Small Businesses Can Entrust to Offshore ProfessionalsTop 10 IT Tasks Small Businesses Can Entrust to Offshore Professionals
Top 10 IT Tasks Small Businesses Can Entrust to Offshore Professionals
altafhsayyednimetler13 views
UCA towards I5.0 OECD.pdf von APPAU_Ukraine
UCA towards I5.0 OECD.pdfUCA towards I5.0 OECD.pdf
UCA towards I5.0 OECD.pdf
APPAU_Ukraine7 views
ANTHROPOIDS WHITE PAPER.pdf von Anthropoids Nfts
ANTHROPOIDS WHITE PAPER.pdfANTHROPOIDS WHITE PAPER.pdf
ANTHROPOIDS WHITE PAPER.pdf
Anthropoids Nfts 40 views
duck railing.pdf von aluminumdeckrailingc
duck railing.pdfduck railing.pdf
duck railing.pdf
aluminumdeckrailingc8 views
terms_2.pdf von JAWADIQBAL40
terms_2.pdfterms_2.pdf
terms_2.pdf
JAWADIQBAL4051 views
Businesses to Start in 2024.pdf von Dante St James
Businesses to Start in 2024.pdfBusinesses to Start in 2024.pdf
Businesses to Start in 2024.pdf
Dante St James16 views
voice logger software aegis.pdf von Nirmal Sharma
voice logger software aegis.pdfvoice logger software aegis.pdf
voice logger software aegis.pdf
Nirmal Sharma30 views
PMU Launch - Guaranteed Slides von pmulaunch
PMU Launch - Guaranteed SlidesPMU Launch - Guaranteed Slides
PMU Launch - Guaranteed Slides
pmulaunch15 views
See the new MTN tariffs effected November 28, 2023 von Kweku Zurek
See the new MTN tariffs effected November 28, 2023See the new MTN tariffs effected November 28, 2023
See the new MTN tariffs effected November 28, 2023
Kweku Zurek29.4K views
The Truth About Customer Journey Mapping von Aggregage
The Truth About Customer Journey MappingThe Truth About Customer Journey Mapping
The Truth About Customer Journey Mapping
Aggregage55 views
2023 Photo Contest.pptx von culhama
2023 Photo Contest.pptx2023 Photo Contest.pptx
2023 Photo Contest.pptx
culhama26 views
Leading in A Culture von Seta Wicaksana
Leading in A CultureLeading in A Culture
Leading in A Culture
Seta Wicaksana12 views
Navigating EUDR Compliance within the Coffee Industry von Peter Horsten
Navigating EUDR Compliance within the Coffee IndustryNavigating EUDR Compliance within the Coffee Industry
Navigating EUDR Compliance within the Coffee Industry
Peter Horsten35 views
Group and Teams: Increasing Cooperation and Reducing Conflict von Seta Wicaksana
Group and Teams: Increasing Cooperation and Reducing Conflict Group and Teams: Increasing Cooperation and Reducing Conflict
Group and Teams: Increasing Cooperation and Reducing Conflict
Seta Wicaksana17 views
Cattery Warrington von OutlandGroup Ltd
Cattery WarringtonCattery Warrington
Cattery Warrington
OutlandGroup Ltd10 views
Bloomerang_Forecasting Your Fundraising Revenue 2024.pptx.pdf von Bloomerang
Bloomerang_Forecasting Your Fundraising Revenue 2024.pptx.pdfBloomerang_Forecasting Your Fundraising Revenue 2024.pptx.pdf
Bloomerang_Forecasting Your Fundraising Revenue 2024.pptx.pdf
Bloomerang101 views
Tanishq von supiriyakithuva
Tanishq Tanishq
Tanishq
supiriyakithuva12 views
Business Process Reengineering (BPR) von Operational Excellence Consulting (Singapore)
Business Process Reengineering (BPR)Business Process Reengineering (BPR)
Business Process Reengineering (BPR)
Operational Excellence Consulting (Singapore)18 views

C-Suite Guide to Cybersecurity

  • 2. • W H Y T H I S M AT T E R S • W H O T H I S I S F O R • 5 K E Y P R I N C I P L E S • K E Y TA K E - A WAY I N S I D E
  • 3. IBM Security Services 2014 Cyber Security Intelligence Index 91
 Million security events per year for the average company T H E R E I S N O G O O D N E W S
  • 4. IBM Security Services 2014 Cyber Security Intelligence Index $5.9 Million Average cost per breach T H E R E I S N O G O O D N E W S
  • 5. PwC Global State of Information Security Survey 2015 T H E R E I S N O G O O D N E W S 48%Increase in security incidents from last year
  • 6. Y O U A R E N O T I M M U N E R E G A R D L E S S O F Y O U R S I Z E , I N D U S T RY, O R M A R K E T
  • 7. T H I S I M PA C T S Y O U D I R E C T LY… I F Y O U A R E A C E O C O O C F O C I O C R O
  • 8. W H E N I T C O M E S T O C Y B E R S E C U R I T Y … Y O U C A N ’ T M A N A G E W H AT Y O U D O N ’ T U N D E R S TA N D
  • 9. B U T T O B E E F F E C T I V E … Y O U D O N ’ T H AV E T O B E C O M E A C Y B E R S E C U R I T Y E X P E R T
  • 10. L E A R N H O W T O F R A M E I S S U E S I N R E F E R E N C E T O A N I N D U S T RY- S TA N D A R D F R A M E W O R K T H E FA S T E S T WA Y T O B E C O M E P R O F I C I E N T:
  • 11. N I S T C Y B E R S E C U R I T Y F R A M E W O R K
  • 12. P R I N C I P L E # 1 : IDENTIFY
  • 13. K E Y I S S U E : I D E N T I F Y & M E A S U R E R I S K S
  • 14. R I S K : T H E P O T E N T I A L F O R L O S S , D A M A G E , O R D E S T R U C T I O N O F A N A S S E T A S A R E S U LT O F A T H R E AT E X P L O I T I N G A V U L N E R A B I L I T Y.
  • 15. A S S E S S I N G R I S K I D E N T I F Y: • A S S E T S • T H R E A T S • V U L N E R A B I L I T I E S • C O N T R O L S • R E S I D U A L R I S K
  • 16. Y O U R A S S E T S … W H AT A R E Y O U R M O S T C R I T I C A L A S S E T S ?
  • 17. Y O U R A S S E T S … W H E R E A R E Y O U R M O S T C R I T I C A L A S S E T S ?
  • 18. Y O U R A S S E T S … H O W A R E Y O U R M O S T C R I T I C A L A S S E T S P R O T E C T E D ?
  • 19. T H R E A T: A F O R C E , O R G A N I Z AT I O N , O R P E R S O N T H AT S E E K S T O E X P L O I T A V U L N E R A B I L I T Y T O O B TA I N , C O M P R O M I S E , O R D E S T R O Y A N A S S E T
  • 20. V U L N E R A B I L I T Y: A W E A K N E S S T H AT C A N B E E X P L O I T E D B Y T H R E AT S T O G A I N U N A U T H O R I Z E D A C C E S S T O A N A S S E T
  • 21. T Y P I C A L T H R E AT S • N AT U R A L D I S A S T E R S 
 F L O O D S A N D F I R E S • I N T E R N A L T H R E AT S 
 M A L I C I O U S O R U N A WA R E E M P L O Y E E S • P H Y S I C A L T H R E AT S 
 T H E F T, D E S T R U C T I O N • I N T E R N E T T H R E AT S 
 H A C K E R S
  • 22. R E S I D U A L R I S K : T H E L E V E L O F R I S K A N A S S E T I S E X P O S E D T O I F M I T I G AT I N G C O N T R O L S A R E E F F E C T I V E
  • 23. Q U E S T I O N S T O A S K • D O W E U N D E R S TA N D W H A T C R I T I C A L I N F O R M A T I O N W E M A N A G E , W H E R E I T I S S T O R E D , H O W S E N S I T I V E I T I S , A N D W H O H A S A C C E S S T O I T ? • W H A T A R E O U R “ C R O W N J E W E L S ” O R K E Y B U S I N E S S A S S E T S ? D O W E H A V E A D E Q U A T E P R O T E C T I O N T O S E C U R E T H E M ? • W H A T T Y P E S O F C O N N E C T I O N S T O O U R “ C R O W N J E W E L S ” D O W E H A V E ( V P N s , W I R E L E S S , L A N , T H I R D PA R T I E S , E T C . ) A N D H O W A R E W E M A N A G I N G A N D S E C U R I N G T H E S E C O N N E C T I O N S ? • H O W I S O U R S TA F F I D E N T I F Y I N G R I S K S , A N D P R O V I D I N G U S W I T H A C C U R A T E A N D T I M E LY I N F O R M A T I O N A B O U T T H O S E R I S K S ? • W H A T I S O U R A B I L I T Y T O M I T I G A T E T H O S E R I S K S ?
  • 24. I D E N T I F Y I N G A N D M E A S U R I N G R I S K I S N O T A O N E - T I M E E X E R C I S E . I T I S A N O N G O I N G P R O C E S S .
  • 25. C Y B E R R I S K M A N A G E M E N T P R O C E S S EVERY ORGANIZATION MUST HAVE A…
  • 26. P R I N C I P L E # 2 : PROTECT
  • 27. K E Y I S S U E : P R O T E C T C R I T I C A L A S S E T S
  • 28. E N S U R E T H E A P P R O P R I AT E S A F E G U A R D S O R C O N T R O L S A R E I N P L A C E T O M I T I G AT E T H E VA R I O U S T Y P E S O F T H R E AT S T O Y O U R A S S E T S I N O T H E R W O R D S …
  • 29. T H R E E T Y P E S O F C O N T R O L S 1. P R E V E N T I V E 2. D E T E C T I V E 3. C O R R E C T I V E
  • 30. P R E V E N T I V E C O N T R O L S : P R E V E N T A T H R E AT F R O M E X P L O I T I N G A V U L N E R A B I L I T Y
  • 31. P R E V E N T I V E C O N T R O L S • F I R E WA L L S • E N C RY P T I O N • 2 - FA C T O R A U T H E N T I C A T I O N • I N T R U S I O N D E T E C T I O N S Y S T E M S ( I D S ) • S E C U R I T Y A WA R E N E S S T R A I N I N G
  • 32. D E T E C T I V E C O N T R O L S : D E T E C T S E C U R I T Y E V E N T S , B R E A C H E S , A N D FA I L U R E S
  • 33. D E T E C T I V E C O N T R O L S • N E T W O R K M O N I T O R I N G • S Y S T E M S C A N S • A N T I - V I R U S S O F T WA R E • P E N E T R A T I O N T E S T S • I N T R U S I O N P R E V E N T I O N S Y S T E M S ( I P S )
  • 34. C O R R E C T I V E C O N T R O L S : R E S T O R E S Y S T E M O R P R O C E S S T O I T S S TAT E P R I O R T O S E C U R I T Y E V E N T T O M I N I M I Z E L O S S
  • 35. C O R R E C T I V E C O N T R O L S • R E S T O R I N G B A C K U P S • O S U P G R A D E • A N T I - V I R U S S O F T WA R E • P E N E T R A T I O N T E S T S • F I R E WA L L S
  • 36. Q U E S T I O N S T O A S K • W H A T C O N T R O L S D O W E H A V E F O R P R O T E C T I N G O U R C R I T I C A L I N F O R M A T I O N A S S E T S ? H O W E F F E C T I V E A R E T H E Y ? • D O E S O U R I T S TA F F H A V E T H E A P P R O P R I A T E K N O W L E D G E A N D S K I L L S T O P R O T E C T O U R C R I T I C A L I N F O R M A T I O N A S S E T S F R O M A P O T E N T I A L C Y B E R - A T TA C K ? • I S O U R E N T I R E S TA F F I N F O R M E D A B O U T C Y B E R T H R E A T S ? D O T H E Y H A V E A N U N D E R S TA N D I N G O F R I S K A S S O C I A T E D W I T H T H E I R A C T I O N S ?
  • 37. P R I N C I P L E # 3 : DETECT
  • 38. K E Y I S S U E : D E T E C T D E V I AT I O N S F R O M N O R M A L S TAT E O F A C T I V I T Y
  • 39. C O R E C A PA B I L I T I E S 1. U N D E R S TA N D “ N O R M A L ” 2. D E T E C T D E V I A T I O N S
  • 40. N O R M A L S TA T E : T H E E X P E C T E D , N AT U R A L , A N D C U S T O M A RY S TAT E O F S Y S T E M S , P R O C E S S E S , A N D A S S E T S D U R I N G N O R M A L B U S I N E S S O P E R AT I O N S
  • 41. N O R M A L S TAT E S H O U L D C O N S I D E R • N E T W O R K T R A F F I C PA T T E R N S • S Y S T E M U S A G E • D E V I C E S O N N E T W O R K • I N S TA L L E D S O F T WA R E • S Y S T E M / N E T W O R K U S E R S
  • 42. D E V I A T I O N S : A N Y U N E X P E C T E D , U N P L A N N E D , O R U N U S U A L A C T I V I T Y, E V E N T, O R S TAT E T H AT I S D I F F E R E N T F R O M T H E N O R M A L S TAT E
  • 43. D E T E C T I N G D E V I AT I O N S • I N T R U S I O N D E T E C T I O N S Y S T E M S ( I D S ) • N E T W O R K B E H A V I O R A N O M A LY D E T E C T I O N ( N B A D ) T O O L S • S E C U R I T Y I N F O R M A T I O N A N D E V E N T M A N A G E M E N T ( S I E M ) T O O L S • C O N F I G U R A T I O N M A N A G E M E N T T O O L S
  • 44. Q U E S T I O N S T O A S K • H O W I S T H E E X E C U T I V E L E A D E R S H I P K E P T A B R E A S T O F T H E C H A N G I N G C Y B E R T H R E A T L A N D S C A P E ? • H O W D O W E D E T E C T D E V I A T I O N S F R O M O U R N O R M A L O P E R A T I O N S ? • H O W I S T H E L E A D E R S H I P K E P T I N F O R M E D A B O U T C Y B E R I N C I D E N T S , A T TA C K S , A N D B R E A C H E S ?
  • 45. P R I N C I P L E # 4 : RESPOND
  • 46. K E Y I S S U E : R E S P O N D R A P I D LY T O S E C U R I T Y AT TA C K S & B R E A C H E S
  • 47. E V E RY O R G A N I Z AT I O N M U S T H AV E A T E S T E D C Y B E R - I N C I D E N T R E S P O N S E P L A N
  • 48. K E Y P R O V I S I O N S T O A D D R E S S • L I M I T I N G P O T E N T I A L D A M A G E • L I M I T I N G L O S S O F R E S O U R C E S • P R E S E R V I N G E V I D E N C E • U S E O F D I G I TA L F O R E N S I C S • S E R V I C E A VA I L A B I L I T Y • N E E D E D T I M E & R E S O U R C E S • E X P E C T E D E F F E C T I V E N E S S , D U R A T I O N , & P E R M A N E N C E O F P L A N N E D R E S P O N S E S • I N T E R N A L & E X T E R N A L C O M M U N I C A T I O N S
  • 49. C O M M U N I C A T I N G A B R E A C H Y O U M AY H AV E L E G A L O B L I G AT I O N S T O I N F O R M Y O U R C U S T O M E R S , L A W E N F O R C E M E N T, A N D R E G U L AT O R S
  • 50. Q U E S T I O N S T O A S K • D O W E H A V E A N E F F E C T I V E C Y B E R - I N C I D E N T R E S P O N S E P L A N ? H O W O F T E N ( A N D H O W ) D O W E T E S T I T ? • W H A T, W H E N A N D H O W D O W E C O M M U N I C A T E T O T H E E X E C U T I V E L E A D E R S H I P, I F W E W E R E H A C K E D T O D A Y ? • H O W A N D W H E N D O W E I N F O R M I N T E R N A L A N D E X T E R N A L S TA K E H O L D E R S , F O R E N S I C S E R V I C E P R O V I D E R S , P R F I R M S , L A W E N F O R C E M E N T, C U S T O M E R S , T H I R D PA R T I E S , O R R E G U L A T O R S ?
  • 51. P R I N C I P L E # 5 : RECOVER Ʊ
  • 52. K E Y I S S U E : R E S T O R E F U L L F U N C T I O N A L I T Y A N D C O N F I D E N C E I N Y O U R R E C O V E R E D S Y S T E M S , P R O C E S S E S , A N D D ATA
  • 53. R E C O V E RY M U S T A D D R E S S • I D E N T I F I C A T I O N O F E X P L O I T E D V U L N E R A B I L I T I E S • R E A S S E S S M E N T O F R I S K S • I M P L E M E N TA T I O N O F A D D I T I O N A L O R U P D A T E D C O N T R O L S • E VA L U A T I O N O F C Y B E R - I N C I D E N T R E S P O N S E • I M P R O V E M E N T S T O C Y B E R - I N C I D E N T R E S P O N S E P L A N
  • 54. E V E RY C Y B E R - AT TA C K C A N M A K E Y O U S T R O N G E R T O P R O T E C T A G A I N S T F U T U R E C Y B E R - AT TA C K S , U S E T H E L E S S O N S L E A R N E D F R O M A N Y AT TA C K T O I D E N T I F Y A N D E L I M I N AT E T H E V U L N E R A B I L I T I E S T H E AT TA C K E R S E X P L O I T E D
  • 55. Q U E S T I O N S T O A S K • W H A T S T E P S D O E S O U R I N C I D E N T R E S P O N S E P L A N I N C L U D E F O R R E C O V E R I N G A F T E R A C Y B E R - A T TA C K ? • H O W W E L L D I D W E R E C O V E R F R O M O U R I N C I D E N T ? • W H A T C H A N G E S D I D W E M A K E T O O U R C Y B E R - I N C I D E N T R E S P O N S E P L A N A S A R E S U LT ?
  • 56. A W E L L - I N F O R M E D C - S U I T E I S T H E M O S T C R I T I C A L C O M P O N E N T O F A C Y B E R - R I S K M A N A G E M E N T P R O G R A M KEY TAKE-AWAY:
  • 57. W E C A N H E L P INTELLISECPARTNERS.COM 602.341.3435