SlideShare ist ein Scribd-Unternehmen logo

The Demystification of successful cybersecurity initiatives.

FitCEO, Inc. (FCI)
FitCEO, Inc. (FCI)

The Demystification of successful cybersecurity initiatives.

Technologie
1 von 4
Downloaden Sie, um offline zu lesen
Restricting Authenticating Tracking User Access? Time Is Not On Our Side! 12100 Sunrise Valley Dr. Suite 290-1 Reston, VA 20191 The Demystification of Successful Cyber Security! VIMRO’s Cyber Security Enabling Methodology Overview In order to avoid exposing your company, its clients, your employees (not to mention yourself!) to cybercrime, it is vital to invest in a good cyber security program. VIMRO’s approach to an effective cyber security program involves a holistic security methodology. Our methodology maximizes value and effec- tiveness because we have combined the most efficient tactics to include frame- works, best practice guides, and work papers from reputable security organiza- tions such as NIST, ISO2700/27002 and MITRE. Combining vetted complementary frameworks yields a program that is effec- tive and yet efficient; a program dynamic enough to anticipate new risks, yet iterative enough to become familiar. Equally important, a holistic methodolo- gy prevents oversights within your program. For example, while a cyber secu- rity framework alone equips you with the controls you must implement and manage, it leaves you without the metrics you need to validate those controls and the overall success of your cyber security system. A successful methodology is dynamic, adapting to ever-changing threats; and that can only happen if you treat it as an evolving process. For any methodol- ogy to work, you must adopt it in a controlled, systematic manner. Imple- menting a cyber security program too quickly or without the adequate resources reduces its effectiveness and demotivates the team members involved. The financial and operational benefits of holistic customized cyber security solutions.
COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS The following is an overview of a VIMRO cyber security system: • The foundation of our security system first aligns your organization’s business needs with your IT security, allowing you to focus on the critical business applications, systems, and processes that need strong security controls. For example, when you implement a new application, include a security represen- tative in the development of the budget and project plan. This is how you ensure that time and resources are allocated for security controls throughout the project; and for support throughout the new applica- tion’s lifecycle. If you overlook security requirements in the beginning stages of a project, the application and associated systems may require rework for failure to meet your company’s approved security stan- dards. And rework, delays, or budget excesses invariably reduce your new application’s ROI. (See VIM- RO’s paper: Omitting Static Code Security Analysis Can Cost You. BIG!) • The second layer of our foundation includes implementing a security framework. Many of VIMRO’s clients have adopted either the NIST Cybersecurity Framework(1) or ISO27001/ISO27002(2). • Along with the framework, organizations have adopted a cyber security Capability Maturity Model (CMM) that involves a strategy to optimize critical security controls, mechanisms, and processes (Level 5 in the CMM). The cyber security CMM includes: o Level 1 – Initial: Processes are unpredictable, poorly controlled, and reactive o Level 2 – Managed: Processes are characterized for projects and are still often reactive o Level 3 – Defined: Processes are characterized for the organization and are proactive, taking their procedures from the organization’s standards o Level 4 – Quantitatively Managed: Processes are measured and controlled o Level 5 – Optimizing: Focuses on process improvement • To manage performance leading toward the optimal level (Level 5) in the security CMM, we recom- mend Key Performance Indicator (KPI) metrics. Many clients start with MITRE Cyber Resiliency Met- rics(3). • VIMRO policies, standards, and procedures include all of the verbiage necessary to raise your organiza- tion to the upper levels of the cyber security CMM. These are critical to success. Without these, your organization will not even surpass Level 2 in the security CMM. • After writing your security policies, standards, and procedures, we implement technological mechanisms (these include IPS, DLP, SIEM, and so forth) to support your cyber security program, and train workforce members to apply the requirements of the formal documents to their practices • VIMRO’s risk management program includes continuous evaluation of your technological mechanisms and processes to validate them, and find areas, which need improvement, so that your company always maintains optimized security controls. The Demystification of Successful Cyber Security! (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL
COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS Below is an example application of the VIMRO methodology to one specific security control item: a firewall. The NIST Cybersecu- rity Framework includes Configuration Management in the family of controls. Using the firewall as our example: • An organization includes firewall configuration requirements in a policy; procedures are written for how the firewall will be implemented and managed. • The procedure includes a baseline security assessment vulnerability report. The baseline is to be updated whenever a change is made on the firewall. • The policy, procedure, and baseline reports define the controls (CMM Level 3) for the firewall. • In order to determine if the company is maintaining controls for the firewall to meet CMM Level 4, the firewall is audited using KPIs (a common approach is to conduct firewall configuration audits every six months). • Some examples of KPIs include: o There must be a change record for each change made to the firewall. The acceptable KPI for changes without corresponding records is 0. o A vulnerability assessment report must not result in high or medium scores. The acceptable KPI for high or medium findings in a vulnerabili- ty assessment is 0. • If during firewall configuration audits, some findings do not meet the KPI requirements, it is an opportunity to determine why this is the case. Perhaps there are too few people to meet the KPI objectives; perhaps skillsets are lacking and training on maintaining the firewall is necessary. For any items that do not meet KPIs, we implement a Corrective Action Plan (CAP), which sets expectation dates for the resolution of any issues cited. We conduct an audit immediately after said date to ensure that the items have been improved based on the CAP. This is an example of an optimized process (Level 5) for firewall controls practices. The Demystification of Successful Cyber Security! (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL For any items that do not meet KPI, we implement a Corrective Action Plan, which sets expectations dates for the resolution of any issues cited. Authored by VIMRO’s Cybersecurity Leaders
COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS All layers of our Cyber Security Enabling Methodology are equally critical and require your steady dedication. Systematic attention to each level of the process yields a solid foundation today that is also dynamic enough to safeguard you going forward. VIMRO’s holistic approach arms your organization to prevent, detect, and respond to cybercriminal attacks that threaten your business, clients, employees, or sensitive data. The Demystification of Successful Cyber Security! (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL “The holistic approach arms your organization to prevent, detect, and respond to cybercriminal attacks.......” Authored by VIMRO’s Cybersecurity Leaders Contact VIMRO to learn more details about our approach and how we can help you build and maintain an Optimized Cybersecurity Risk Management Program.

Empfohlen

Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityA Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityTripwire
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119FitCEO, Inc. (FCI)
 
Security posture: Dashboard Implementation through Wireframe
Security posture: Dashboard Implementation through WireframeSecurity posture: Dashboard Implementation through Wireframe
Security posture: Dashboard Implementation through WireframeShriya Rai
 
Gpc case study_eng_0221
Gpc case study_eng_0221Gpc case study_eng_0221
Gpc case study_eng_0221SALIH AHMED ISLAM
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkWilliam McBorrough
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerEnclaveSecurity
 

Empfohlen

Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Stop Chasing the Version: Compliance with CIPv5 through CIPv99
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityA Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityTripwire
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119FitCEO, Inc. (FCI)
 
Security posture: Dashboard Implementation through Wireframe
Security posture: Dashboard Implementation through WireframeSecurity posture: Dashboard Implementation through Wireframe
Security posture: Dashboard Implementation through WireframeShriya Rai
 
Gpc case study_eng_0221
Gpc case study_eng_0221Gpc case study_eng_0221
Gpc case study_eng_0221SALIH AHMED ISLAM
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkWilliam McBorrough
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerEnclaveSecurity
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2newbie2019
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte Assurance Platform
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
NIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation ProcessNIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation Processtimmcguinness
 
Iso 9000 iso 9001
Iso 9000 iso 9001Iso 9000 iso 9001
Iso 9000 iso 9001billgates3970
 
SIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security FrameworkSIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security FrameworkBernie Leung, P.E., CISSP
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit processDivya Tiwari
 
Guide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuillermo Remache
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and proceduresCAS
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 
Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?honeywellgf
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Tripwire
 
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 ComplianceAchieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 ComplianceTripwire
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Educause+V4
Educause+V4Educause+V4
Educause+V4ecarrow
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityMike Lemire
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2newbie2019
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber securityWGroup
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologiesgenetics
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte Assurance Platform
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
NIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation ProcessNIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation Processtimmcguinness
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit processDivya Tiwari
 
Guide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuillermo Remache
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and proceduresCAS
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 
Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?honeywellgf
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Tripwire
 
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 ComplianceAchieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 ComplianceTripwire
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Educause+V4
Educause+V4Educause+V4
Educause+V4ecarrow
 

Was ist angesagt? (20)

Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
 
Five principles for improving your cyber security
Five principles for improving your cyber securityFive principles for improving your cyber security
Five principles for improving your cyber security
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
NIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation ProcessNIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation Process
 
Iso 9000 iso 9001
Iso 9000 iso 9001Iso 9000 iso 9001
Iso 9000 iso 9001
 
SIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security FrameworkSIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security Framework
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security Management
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit process
 
Guide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information SystemsGuide for Applying The Risk Management Framework to Federal Information Systems
Guide for Applying The Risk Management Framework to Federal Information Systems
 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and procedures
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
 
Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?Industrial Cyber Security: What is Application Whitelisting?
Industrial Cyber Security: What is Application Whitelisting?
 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
 
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 ComplianceAchieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 Compliance
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
 
Educause+V4
Educause+V4Educause+V4
Educause+V4
 

Ähnlich wie The Demystification of successful cybersecurity initiatives.

Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityMike Lemire
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual cisoMichael Ball
 
Managing an enterprise cyber security program
Managing an enterprise cyber security programManaging an enterprise cyber security program
Managing an enterprise cyber security programabdulkhalid murady
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb finalChristophe Monnier
 
ByteCode pentest report example
ByteCode pentest report exampleByteCode pentest report example
ByteCode pentest report exampleIhor Uzhvenko
 
Cyber Defence - Service portfolio
Cyber Defence - Service portfolioCyber Defence - Service portfolio
Cyber Defence - Service portfolioKaloyan Krastev
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurAlan Yau Ti Dun
 
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudHappiest Minds Technologies
 
MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement William McBorrough
 

Ähnlich wie The Demystification of successful cybersecurity initiatives. (20)

Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on security
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
 
Role of the virtual ciso
Role of the virtual cisoRole of the virtual ciso
Role of the virtual ciso
 
Managing an enterprise cyber security program
Managing an enterprise cyber security programManaging an enterprise cyber security program
Managing an enterprise cyber security program
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpoint
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
Unit 4 standards.ppt
Unit 4 standards.pptUnit 4 standards.ppt
Unit 4 standards.ppt
 
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...Diskusi buku: Securing an IT Organization through Governance, Risk Management...
Diskusi buku: Securing an IT Organization through Governance, Risk Management...
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Applying Lean for information security operations centre
Applying Lean for information security operations centreApplying Lean for information security operations centre
Applying Lean for information security operations centre
 
Kevin Else LegalTech event Feb 2023
Kevin Else LegalTech event Feb 2023Kevin Else LegalTech event Feb 2023
Kevin Else LegalTech event Feb 2023
 
Risk management for cloud computing hb final
Risk management for cloud computing hb finalRisk management for cloud computing hb final
Risk management for cloud computing hb final
 
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfCybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
 
SIEM
SIEMSIEM
SIEM
 
ByteCode pentest report example
ByteCode pentest report exampleByteCode pentest report example
ByteCode pentest report example
 
Managing Compliance
Managing ComplianceManaging Compliance
Managing Compliance
 
Cyber Defence - Service portfolio
Cyber Defence - Service portfolioCyber Defence - Service portfolio
Cyber Defence - Service portfolio
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
 
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The CloudSimplify Your Approach To_Assess The Risks Of Moving Into The Cloud
Simplify Your Approach To_Assess The Risks Of Moving Into The Cloud
 
MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement
 

Mehr von FitCEO, Inc. (FCI)

The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzThe Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzFitCEO, Inc. (FCI)
 
Passwords don't work multifactor controls do!
Passwords don't work multifactor controls do!Passwords don't work multifactor controls do!
Passwords don't work multifactor controls do!FitCEO, Inc. (FCI)
 
HIPAA and HITECH Compliance Guide
HIPAA and HITECH Compliance GuideHIPAA and HITECH Compliance Guide
HIPAA and HITECH Compliance GuideFitCEO, Inc. (FCI)
 
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016Data exfiltration so many threats 2016
Data exfiltration so many threats 2016FitCEO, Inc. (FCI)
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016FitCEO, Inc. (FCI)
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119FitCEO, Inc. (FCI)
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15FitCEO, Inc. (FCI)
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119FitCEO, Inc. (FCI)
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016FitCEO, Inc. (FCI)
 
VIMRO Cyber Security Methodology
VIMRO Cyber Security MethodologyVIMRO Cyber Security Methodology
VIMRO Cyber Security MethodologyFitCEO, Inc. (FCI)
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksFitCEO, Inc. (FCI)
 
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...FitCEO, Inc. (FCI)
 
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzDark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzFitCEO, Inc. (FCI)
 
Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2FitCEO, Inc. (FCI)
 
Cyber Insurance - What you need to know
Cyber Insurance - What you need to knowCyber Insurance - What you need to know
Cyber Insurance - What you need to knowFitCEO, Inc. (FCI)
 
SCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesSCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesFitCEO, Inc. (FCI)
 
PCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMROPCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMROFitCEO, Inc. (FCI)
 
MHF-joins-VIMRO-Press-Release-FINAL3
MHF-joins-VIMRO-Press-Release-FINAL3MHF-joins-VIMRO-Press-Release-FINAL3
MHF-joins-VIMRO-Press-Release-FINAL3FitCEO, Inc. (FCI)
 

Mehr von FitCEO, Inc. (FCI) (20)

The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzThe Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
 
Passwords don't work multifactor controls do!
Passwords don't work multifactor controls do!Passwords don't work multifactor controls do!
Passwords don't work multifactor controls do!
 
HIPAA and HITECH Compliance Guide
HIPAA and HITECH Compliance GuideHIPAA and HITECH Compliance Guide
HIPAA and HITECH Compliance Guide
 
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016Data exfiltration so many threats 2016
Data exfiltration so many threats 2016
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016
 
VIMRO Cyber Security Methodology
VIMRO Cyber Security MethodologyVIMRO Cyber Security Methodology
VIMRO Cyber Security Methodology
 
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering AttacksStrengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
Strengthening the Weakest Link - Reducing Risks from Social Engineering Attacks
 
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
Using Motive, Opportunity, and Means (M.O.M.) and ISO 27001 as Cyber Crime Pr...
 
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzDark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
 
Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2Internet of Things - A Different Kind of Scary v2
Internet of Things - A Different Kind of Scary v2
 
Cyber Insurance - What you need to know
Cyber Insurance - What you need to knowCyber Insurance - What you need to know
Cyber Insurance - What you need to know
 
SCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US UtilitiesSCADA Exposure Will Short-Circuit US Utilities
SCADA Exposure Will Short-Circuit US Utilities
 
PCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMROPCI DSS Reaper - Are you ready - VIMRO
PCI DSS Reaper - Are you ready - VIMRO
 
IPV6 a tale of two protocols
IPV6 a tale of two protocolsIPV6 a tale of two protocols
IPV6 a tale of two protocols
 
CODE INSPECTION VIMRO 2015 MHF
CODE INSPECTION VIMRO 2015 MHFCODE INSPECTION VIMRO 2015 MHF
CODE INSPECTION VIMRO 2015 MHF
 
MHF-joins-VIMRO-Press-Release-FINAL3
MHF-joins-VIMRO-Press-Release-FINAL3MHF-joins-VIMRO-Press-Release-FINAL3
MHF-joins-VIMRO-Press-Release-FINAL3
 

Kürzlich hochgeladen

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 

Kürzlich hochgeladen (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

The Demystification of successful cybersecurity initiatives.

  • 1. Restricting Authenticating Tracking User Access? Time Is Not On Our Side! 12100 Sunrise Valley Dr. Suite 290-1 Reston, VA 20191 The Demystification of Successful Cyber Security! VIMRO’s Cyber Security Enabling Methodology Overview In order to avoid exposing your company, its clients, your employees (not to mention yourself!) to cybercrime, it is vital to invest in a good cyber security program. VIMRO’s approach to an effective cyber security program involves a holistic security methodology. Our methodology maximizes value and effec- tiveness because we have combined the most efficient tactics to include frame- works, best practice guides, and work papers from reputable security organiza- tions such as NIST, ISO2700/27002 and MITRE. Combining vetted complementary frameworks yields a program that is effec- tive and yet efficient; a program dynamic enough to anticipate new risks, yet iterative enough to become familiar. Equally important, a holistic methodolo- gy prevents oversights within your program. For example, while a cyber secu- rity framework alone equips you with the controls you must implement and manage, it leaves you without the metrics you need to validate those controls and the overall success of your cyber security system. A successful methodology is dynamic, adapting to ever-changing threats; and that can only happen if you treat it as an evolving process. For any methodol- ogy to work, you must adopt it in a controlled, systematic manner. Imple- menting a cyber security program too quickly or without the adequate resources reduces its effectiveness and demotivates the team members involved. The financial and operational benefits of holistic customized cyber security solutions.
  • 2. COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS The following is an overview of a VIMRO cyber security system: • The foundation of our security system first aligns your organization’s business needs with your IT security, allowing you to focus on the critical business applications, systems, and processes that need strong security controls. For example, when you implement a new application, include a security represen- tative in the development of the budget and project plan. This is how you ensure that time and resources are allocated for security controls throughout the project; and for support throughout the new applica- tion’s lifecycle. If you overlook security requirements in the beginning stages of a project, the application and associated systems may require rework for failure to meet your company’s approved security stan- dards. And rework, delays, or budget excesses invariably reduce your new application’s ROI. (See VIM- RO’s paper: Omitting Static Code Security Analysis Can Cost You. BIG!) • The second layer of our foundation includes implementing a security framework. Many of VIMRO’s clients have adopted either the NIST Cybersecurity Framework(1) or ISO27001/ISO27002(2). • Along with the framework, organizations have adopted a cyber security Capability Maturity Model (CMM) that involves a strategy to optimize critical security controls, mechanisms, and processes (Level 5 in the CMM). The cyber security CMM includes: o Level 1 – Initial: Processes are unpredictable, poorly controlled, and reactive o Level 2 – Managed: Processes are characterized for projects and are still often reactive o Level 3 – Defined: Processes are characterized for the organization and are proactive, taking their procedures from the organization’s standards o Level 4 – Quantitatively Managed: Processes are measured and controlled o Level 5 – Optimizing: Focuses on process improvement • To manage performance leading toward the optimal level (Level 5) in the security CMM, we recom- mend Key Performance Indicator (KPI) metrics. Many clients start with MITRE Cyber Resiliency Met- rics(3). • VIMRO policies, standards, and procedures include all of the verbiage necessary to raise your organiza- tion to the upper levels of the cyber security CMM. These are critical to success. Without these, your organization will not even surpass Level 2 in the security CMM. • After writing your security policies, standards, and procedures, we implement technological mechanisms (these include IPS, DLP, SIEM, and so forth) to support your cyber security program, and train workforce members to apply the requirements of the formal documents to their practices • VIMRO’s risk management program includes continuous evaluation of your technological mechanisms and processes to validate them, and find areas, which need improvement, so that your company always maintains optimized security controls. The Demystification of Successful Cyber Security! (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL
  • 3. COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS Below is an example application of the VIMRO methodology to one specific security control item: a firewall. The NIST Cybersecu- rity Framework includes Configuration Management in the family of controls. Using the firewall as our example: • An organization includes firewall configuration requirements in a policy; procedures are written for how the firewall will be implemented and managed. • The procedure includes a baseline security assessment vulnerability report. The baseline is to be updated whenever a change is made on the firewall. • The policy, procedure, and baseline reports define the controls (CMM Level 3) for the firewall. • In order to determine if the company is maintaining controls for the firewall to meet CMM Level 4, the firewall is audited using KPIs (a common approach is to conduct firewall configuration audits every six months). • Some examples of KPIs include: o There must be a change record for each change made to the firewall. The acceptable KPI for changes without corresponding records is 0. o A vulnerability assessment report must not result in high or medium scores. The acceptable KPI for high or medium findings in a vulnerabili- ty assessment is 0. • If during firewall configuration audits, some findings do not meet the KPI requirements, it is an opportunity to determine why this is the case. Perhaps there are too few people to meet the KPI objectives; perhaps skillsets are lacking and training on maintaining the firewall is necessary. For any items that do not meet KPIs, we implement a Corrective Action Plan (CAP), which sets expectation dates for the resolution of any issues cited. We conduct an audit immediately after said date to ensure that the items have been improved based on the CAP. This is an example of an optimized process (Level 5) for firewall controls practices. The Demystification of Successful Cyber Security! (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL For any items that do not meet KPI, we implement a Corrective Action Plan, which sets expectations dates for the resolution of any issues cited. Authored by VIMRO’s Cybersecurity Leaders
  • 4. COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS All layers of our Cyber Security Enabling Methodology are equally critical and require your steady dedication. Systematic attention to each level of the process yields a solid foundation today that is also dynamic enough to safeguard you going forward. VIMRO’s holistic approach arms your organization to prevent, detect, and respond to cybercriminal attacks that threaten your business, clients, employees, or sensitive data. The Demystification of Successful Cyber Security! (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL “The holistic approach arms your organization to prevent, detect, and respond to cybercriminal attacks.......” Authored by VIMRO’s Cybersecurity Leaders Contact VIMRO to learn more details about our approach and how we can help you build and maintain an Optimized Cybersecurity Risk Management Program.