SlideShare ist ein Scribd-Unternehmen logo

Information Security for Small Business

Julius Clark, CISSP, CISA
Julius Clark, CISSP, CISA

Presentation highlighting the important aspects of Information Security for Small Business.

Technologie
1 von 58
Downloaden Sie, um offline zu lesen
by Julius Clark Sr., MBA, CISSP, CISA INFORMATION SECURITY FOR SMALL BUSINESS
About Me • BDPA History • Julius Clark Sr. • 2010-2012 Charlotte President • 2010-2012 National BDPA CISO • Location: Charlotte, NC • 2007-2009 Charlotte President-Elect • Current home, been residing in • 2006-2004 VP of SITES (Education) Charlotte, NC for over 10 years • 2001-2003 Charlotte HSCC Coordinator • Hometown • Education • Boston, Ma • MBA in Information Security • Profession Salem International University, Salem, WV • MSIS in Information Security • Information Security Professional. University of Fairfax, Fairfax, VA • BS in Electronic Engineering Wentworth Institute of Technology, Boston, MA • Certifications • Certified Information Systems Security Professional (CISSP) • Certified Information Systems Auditor (CISA) • Microsoft Certified System Engineer (MSCE). 2
Agenda Information Security for Small Business IT Security & Business Wholeness What Is Information Security? Components of Information Security Architecture Cyber Crime in the News 3
Agenda (Continued) Information Security for Small Business Business Continuity & Disaster Recovery Planning Indentifying Business Critical Assets Safeguarding Critical Assets Highly Recommended IT Security Practices 4
IT SECURITY & BUSINESS WHOLENESS 5
Maslow’s Hierarchy of Needs • Being aware of one’s Wholeness keeps bad things from happening. A solid foundation must be built to advance. Understanding your environment, your health and activities helps one to continually perform a risk assessments and move to the next level. • Self – Actualization – Being All You Can Be • Esteem - Recognition for Good Work • Love - Acceptance • Safety & Security – Stability • Needs – Air , Food, Water, Shelter 6
Maslow’s Business Comparison • Maslow’s Hierarchy of Needs can be applied to building a successful business. IT Security is a foundation that businesses must build upon to lower IT Security risks, which can help your business gain a competitive edge. • Self – Actualization – Meeting the Mission Statement • Esteem - Recognition in Market Place • Love - Acceptance by Clients or Customers • Safety & Security – IT Security & Insurance • Needs – Capital & People 7
Importance of Small Businesses • Statistic: • There are over 26 million small businesses in the U.S. Source: NIST 8
What Is At Stake? • Your Business! • Your business is at risk of being damaged due to: • Financial loss • Lawsuits • Reputation loss • loss of market share • Theft of its technology , resources and products • Denial of service attacks • Blackmail 9
WHAT IS INFORMATION SECURITY? 10
What Is Information Security? • Protecting your information, technology, property, products and people, thus protecting your business. • The Information Security Triad is the foundation for Information Security and is based on concepts and principles known as CIA. • Confidentiality • Integrity • Availability 11
What Is Information Security? • Confidentiality • Concept of protecting information from improper disclosure and protecting the secrecy and privacy of sensitive data so that the intellectual property and reputation of an organization is not damaged and that data related to individuals is not released in violation of regulations or the privacy policy of the organization. - From the CISSP® CBK® 12
What Is Information Security? • Integrity • Addresses two objects, which are protecting data and processes from improper modification, and ensuring the operations of the information is reliable and performing as expected. - From the CISSP® CBK® 13
What Is Information Security? • Availability • The concept of ensuring that the systems and data can be accessed when required. Availability is impacted by human error, cabling problems, software bug, hardware failures, loss of skilled staff, malicious code, and the many other threats that can render a system un- usable or unreliable. - From the CISSP® CBK®: 14
COMPONENTS OF INFORMATION SECURITY ARCHITECTURE 15
Components of Information Security Architecture • The process of instituting a complete information security People solution to the architecture of a business, ensuring the security of business information at every point in the architecture. Processes Technology • People • Processes • Technology 16
Components of Information Security Architecture • People • People are the weakest link of a business’ process. • You all know why! 17
Components of Information Security Architecture • Processes • The operational aspects of small business. Safeguards can be automated or manual. 18
Components of Information Security Architecture • Technology • All of the tools, applications, software, and infrastructure that allows a business process to work and perform efficiently. Thus as a business owner you must ensure that you have adequate logical controls in place to help you stay on track with your business’ mission or purpose. 19
CYBER CRIME IN THE NEWS 20
Who Are The Actors? • Their Roles: • Experimenters • Hacktivists • Cyber criminals • Information Warriors • Employees • Dumpster divers • Natural disasters • Terrorist activities 21
Who Are The Actors? • Malicious Code! • Key loggers – Stealing your keystrokes • Viruses • Denial of service • Turning your computer into a zombie aka “Bot” 22
Cyber Crime In the News 23
Cyber Crime Statistics! •Insider threats are responsible for over 80% of small business issues. •There are over 70,000 active viruses ; and exponentially growing •Information Security threats can damage or destroy small business •33% businesses with 100 employees or less had a computer incident Source: NIST 24
Cyber Crime Statistics! Small Business Cyber Crime Report •42 % of businesses has a Laptop theft •44% of businesses suffered from Insider Abuse •21% of businesses reported Denial of Service •50% of businesses detected a viruses •20% of business systems became a “Bot” Source: Computer Security Institute Survey 25
Cyber Crime Statistics! Reported Data Breaches •2007 - there were 445 data breaches reported •2008 – there were 656 data breaches reported •2009 – approx. 392 data breaches reported. Source: October 9, 2009 USAToday 26
Chronology of Data Breaches www.privacyrights.org 27
Chronology of Data Breaches www.privacyrights.org The 354,537,108 indicates the total number of records compromised 28
BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING 29
Business Continuity & Disaster Recovery Planning NIST IT Security Fundamentals For Small Business Contingency and Disaster Recover planning considerations • What happens if there is a disaster (flood, fire, tornado, etc) or a contingency (power outage, sewer backup, accidental sprinkler activation, etc)? Do you have a plan for restoring business operations during or after a disaster or a contingency? Since we all experience power outages or brownouts from time to time, do you have Uninterruptible Power Supplies (UPS) on each of your computers and critical network components? They allow you to work through short power outages and to save your data when the electricity goes off. • Conduct an inventory of all information used in running your business. • Do you know where each type of information is located (on which computer or server)? • Have you prioritized your business information so that you know which type of information is most critical to the operation of your business – and, therefore, which type of information must be restored first in order to run your most critical operations? • If you have never (or not recently) done a full inventory of your important business information, now is the time. For a very small business, this shouldn’t take longer than a few hours. For a larger small business, this might take from a day to a week or so. • While you are doing this inventory, ensure that the information is prioritized relative to importance for the entire business, not necessarily for a single part of the business. When you have your prioritized information inventory (on an electronic spreadsheet), add three columns to address the kind of protection that each type of information needs. Some information will need protection for confidentiality, some for integrity, and some for availability. 30
IDENTIFYING BUSINESS CRITICAL ASSETS 31
Identifying Business Critical Assets 32
Identifying Business Critical Assets 33
Identifying Business Critical Assets 34
Actions for The Business Owner To Take • Identify what threats are a danger to your business? Many threats are found in a specific geographic area – what is a common threat in your area? • As you read/research your trade/professional publications, take note of the data security issues covered in these publications. Ask yourself “Is my business vulnerable to something like this? If so, what have others done that I could copy to protect my business?” • As you network with your peers, talk cyber security issues. Give and get advice, hints, tips, etc. • Make every effort to stay in touch with and on top of every threat or incident that does or could affect your business. • Join InfraGard to get critical information about current threats in your local area (and to act as eyes and ears to help protect our nation!). • (www.infragard.net - membership application form is online – membership is free in most areas of our nation) 35
SAFEGUARDING CRITICAL ASSETS 36
Safeguarding Critical Assets • The “Absolutely Necessary” actions that a small business should take to protect its information, systems, and networks. • People • Processes • Technology 37
Safeguarding Critical Assets • People • People are the weakest link of the three components of Information Security! 38
Safeguarding Critical Assets • People 1. Control physical access to your computers and network hardware • Do not allow unauthorized persons to have physical access to any of your business PCs. • Lock up laptops when they are not in use. • Control who has access to your systems and networks, this includes cleaning crews. No one should be able to walk into your office space without being challenged by an employee. • Vendors and service persons should provide appropriate identification. 2. Limit employee access to data and information, and limit authority to install software. • Employees should not install unauthorized software . • Do not provide access to all data to any employee, • Only give employee enough access privileges necessary to perform job. • Do not allow a single individual to both initiate and approve a transaction (financial or otherwise). 39
Safeguarding Critical Assets • Processes • The operational aspects of small business; needs checks and balances aka controls. 40
Safeguarding Critical Assets • Processes 1. Backup important business data and information. • Recommended to be done automatically. • Backup can be done inexpensively if copied to another hard drive that can hold 52 weeks of backups; 500GB should be sufficient for most businesses. • Backups should be performed at a minimum weekly, but better if done daily. • A full backup should be performed once a month and taken off site incase of a fire, flood, theft or other disaster. • Portable USB Drive is recommended ; 1000GB. • Regularly test your backup data. 2. Train your employees on basic security principles • Employees using any programs containing sensitive information should be trained on how to properly protect it. • Employees should review computer usage policies on the 1st day of work. • Train them about expectations concerning limited use of telephones, printers and other business resources. • After training they should sign a a statement that they understand these policies and the penalties for violation of business policies. 41
Safeguarding Critical Assets • Processes 3. Requires individual user accounts for each employee on business computers and for business applications. • Create an account for all individual users and require strong passwords consisting of 8-10 characters in length, made up of random letters, numbers and special characters. • To protect information and systems, employees should not operate computers with administrative privileges. • Malicious code will gain the same privileges and install itself on a system if the user is using an account with administrative privileges. • Password should never be shared and changed every 3 months. 4. Train your employees on basic security principles • Employees using any programs containing sensitive information should be trained on how to properly protect it. • Employees should review computer usage policies on the 1st day of work.. • Train them about expectations concerning limited use of telephones, printers and other business resources. • After training they should sign a a statement that they understand these policies and the penalties for violation of business policies. 42
Safeguarding Critical Assets • Technology 1. Protect information, systems, networks from damage by viruses, spyware, and other malicious code • Install anti-virus software & anti-spyware software on all computer systems. • It is recommended to have the anti-virus software, spyware and malicious code software to update automatically; frequently. • Obtain copies for employees home computers. 2. Provide security for your internet connection(s) • Install operational firewall between your internal network and the Internet. • Ensure that your employees home PCs have a firewall installed between your/ their systems(s) and the Internet. • Change the administrative password upon installation and regularly thereafter. 2. Good idea to change the administrator name too. 43
Safeguarding Critical Assets • Technology 3. Secure your wireless access points and networks. • Change default administrator password. • Set wireless device to not broadcast its Service Set Identifier (SSID). • Recommended encryption is WiFi Protected Access 2 (WPA-2) using Advanced Encryption Standard (AES). • NOTE: WEP (Wired-Equivalent Privacy) is not a good wireless security protocol. • It is recommended to configure Desktop / Server Operating systems to update automatically. 44
Safeguarding Critical Assets • Technology 4. Install and activate software firewalls on all of your business systems. • If you use Microsoft Windows XP or higher it will have a firewall included. • Make sure that the firewall is turned on. • Ensure that your employees home PCs have a firewall and turned on as well. 5. Patch your operating systems and applications. • Microsoft releases new patches on the second Tuesday of each month; sooner for serious threats. • It is recommended to configure systems to update automatically. • Ensure employees home PCs are configured to update automatically as well. • If you have many systems consider purchasing a product that can manage the process for your business. • Update Microsoft Office regularly. 45
HIGHLY RECOMMENDED IT SECURITY PRACTICES 46
Highly Recommended IT Security Practices! Business Policies Should Be In Place Every business needs written policies to identify acceptable practices and expectations for business operations. •Some policies will be related to human resources. •Some will relate to expected employee practices for using business resources, such as telephones, computers, printers, fax machines, and Internet access. •Legal and regulatory requirements may also require certain policies to be put in place and enforced. •Policies for information, computer, network, and Internet security, should communicate clearly to employees the expectations that the business management has for appropriate use. 47
Highly Recommended IT Security Practices! Business Policies Should Be In Place •These policies should identify those information and other resources which are important to management and should clearly describe how management expects those resources to be used and protected by all employees. •Policies should be communicated clearly to each employee and all employees should sign a statement agreeing that they have read the policies, that they will follow the policies, and that they understand the possible penalties for violating those policies. •This will help management to hold employees accountable for violation of the businesses policies. •There should be penalties for disregarding business policies. And, those penalties should be enforced fairly and consistently for everyone in the business that violates the policies of the business. 48
Highly Recommended IT Security Practices! Business Policies Should Be In Place • Security emails requesting sensitive information. Security concerns about email attachments and emails requesting sensitive information. • Do not open email attachments unless you are expecting the email with the attachment and you trust the sender. If you are not sure why someone sent you and email with attachments or links. Call them or email them back asking questions. • Be cautious of emails asking for sensitive personal or financial information – regardless of who the email appears to be from. No responsible business will ask for sensitive information in an email. Security concerns about web links in email, instant messages, social media, or other means. • Do not click on links in email messages. Recently, scams are in the form of embedded links in emails. Once a recipient clicks on the link, malicious software (for example, key stroke logging software) is installed on the user’s computer. Don’t do it unless you know what the web link connects to and you trust the person who sent the email to you. 49
Highly Recommended IT Security Practices! Business Policies Should Be In Place Security concerns about popup windows and other hacker tricks. • When connected to and using the Internet, do not respond to popup windows requesting that you to click “ok” for anything. • If a window pops up on your screen informing you that you have a virus or spyware and suggesting that you download an antivirus or antispyware program to take care of it, close the popup window by selecting the X in the upper right corner of the popup window. • Hackers are known to scatter infected USB drives with provocative labels in public places where their target business’s employees hang out, knowing that curious individuals will pick them up and take them back to their office system to “see what’s on them.” What is on them is generally malicious code which installs a spy program or remote control program on the computer. Teach your employees to not bring USB drives into the office and plug them into your business computers (or take them home and plug into their home systems). It is a good idea to disable the “AutoRun” feature for the USB ports on your business computers to help prevent such malicious programs from running. 50
Highly Recommended IT Security Practices! Business Policies Should Be In Place Security considerations for web surfing. • No one should surf the web using a user account which has administrative privileges. • It is best to set up a special account with “guest” (limited) privileges to avoid this vulnerability. Issues in downloading software from the Internet. • Do not download software from any unknown web page. • Only those web pages belonging to businesses with which you have a trusted business relationship should be considered reasonably safe for downloading software. Such trusted sites would include the Microsoft Update web page where you would get patches and updates for various versions of the Windows operating system and Microsoft Office or other similar software. Most other web pages should be viewed with suspicion. • Be very careful if you decide to use freeware or shareware from a source on the web. Most of these do not come with technical support and some are deliberately crippled so that you do not have the full functionality you might be led to believe will be provided. 51
Highly Recommended IT Security Practices! Business Policies Should Be In Place Doing online business or banking more securely. • Online business/commerce/banking should only be done using a secure browser connection. This will normally be indicated by a small lock visible in the lower right corner of your web browser window. • After any online commerce or banking session, erase your web browser cache, temporary internet files, cookies, and history so that if your system is compromised, that information will not be on your system to be stolen by the individual hacker or malware program. Recommended personnel practices in hiring employees. • When hiring new employees, conduct a comprehensive background check before making a job offer. • Ensure that you do criminal background checks on all prospective new employees. • If possible, it is a good idea to do a credit check on prospective employees. This is especially true if they will be handling your business funds. Do your homework – call their references and former employers. • Note: It is also an excellent idea for you the business owner to do a background check of yourself. Many people become aware that they are victims of identity theft only after they do a background check on themselves and find arrest records and unusual previous addresses where they never lived. 52
Highly Recommended IT Security Practices! Business Policies Should Be In Place • How to protect against Social Engineering. • Social engineering is a personal or electronic attempt to obtain unauthorized information or access to systems/facilities or sensitive areas by manipulating people. • The social engineer researches the organization to learn names, titles, responsibilities, and publically available personal identification information. Then the social engineer usually calls the organization’s receptionist or help desk with a believable, but made-up story designed to convince the person that the social engineer is someone in, or associated with, the organization and needs information or system access which the organization’s employee can provide and will feel obligated to provide. • Train employees to protect against social engineering techniques, employees must be taught to be helpful, but vigilant when someone calls in for help and asks for information or special system access. The employee must first authenticate the caller by asking for identification information that only the person who is in or associated with the organization would know. • If the individual is not able to provide such information, then the employee should politely, but firmly refuse to provide what has been requested by the social engineer. • The employee should then notify management of the attempt to obtain information or system access. 53
Highly Recommended IT Security Practices! NIST IT Security Fundamentals For Small Business How to dispose of old computers and media. • When disposing of old business computers, remove the hard disks and destroy them. The destruction can be done by taking apart the disk and beating the hard disk platters with a hammer. • It is very common for small businesses to discard old computers and media without destroying the computers’ hard disks or the media. Sensitive business and personal information is regularly found on computers purchased on Ebay, thrift shops, Goodwill, etc, much to the embarrassment of the small businesses involved (and much to the annoyance of customers or employees whose sensitive data is compromised). • Consider Using Full Disk Encryption if you handle sensitive data and information. 54
Information Security Resources for Small Business Small Business Information Security : The Fundamentals (Security Guide for Small Business) http://csrc.nist.gov/publications/drafts/ir-7621/draft-nistir-7621.pdf Small Business Center Documents http://csrc.nist.gov/groups/SMA/sbc/library.html InfraGard – FBI Sponsored Cyber Security Program http://www.infragard.net Protecting Personal information www.ftc.gov/infosecurity Computer Security Training, Network Research & Resources www.SANS.org On Guard Online - Protect Your Personal Information http://www.onguardonline.gov/ 55
Closing Remarks • Remember the IT Security Triad! • The Information Security Triad is the foundation for Information Security and is based on concepts and principles known as CIA. • Confidentiality • Integrity • Availability 56
References Surviving Security—How to Integrate People, Process and Technology, 2nd Edition http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=27320&TEMPLATE=/ContentMan agement/ContentDisplay.cfm Introduction to the Business Model for Information Security , 2009 ISACA http://www.isaca.org Small Business Information Security : The Fundamentals (Security Guide for Small Business) http://www.nist.gov/cgi-bin//get_pdf.cgi?pub_id=903080 Small Business Center Documents http://csrc.nist.gov/groups/SMA/sbc/library.html InterHack,- Information Security: Friend or Foe, 2002 http://web.interhack.com/publications/whatis-security.pdf 57
Contact Information Julius Clark Email: Julius.Clark.Sr@gmail.com Tel: 704-953-379 Blog: www.clarkthoughtleadership.blogspot.com 58

Empfohlen

Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small BusinessJulius Clark, CISSP, CISA
 
Julius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark, CISSP, CISA
 
Information security
Information securityInformation security
Information securityVijayananda Mohire
 
Security Awareness
Security AwarenessSecurity Awareness
Security AwarenessDinesh O Bareja
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 

Empfohlen

Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small BusinessJulius Clark, CISSP, CISA
 
Julius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark, CISSP, CISA
 
Information security
Information securityInformation security
Information securityVijayananda Mohire
 
Security Awareness
Security AwarenessSecurity Awareness
Security AwarenessDinesh O Bareja
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptxGovt. P.G. College Sendhwa, Barwani (M.P.)
 
Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Information Security Management Education Program - Concept Document
Information Security Management Education Program - Concept Document Dinesh O Bareja
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceOracle
 
Cyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesCyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesPaige Rasid
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Securityscoopnewsgroup
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
Security in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everSecurity in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everEC-Council
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security RiskMurray Security Services
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance AwarenessDinesh O Bareja
 
Security and Wearables: Success starts with security
Security and Wearables: Success starts with securitySecurity and Wearables: Success starts with security
Security and Wearables: Success starts with securityStephen Cobb
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
 
Cyber Risks
Cyber RisksCyber Risks
Cyber RisksRickWaldman
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-statusRama Reddy
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 
Forensics
ForensicsForensics
ForensicsLaura Aviles
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemIJERA Editor
 
Information security for small business
Information security for small businessInformation security for small business
Information security for small businessBDPA Charlotte - Information Technology Thought Leaders
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec
 

Weitere ähnliche Inhalte

Was ist angesagt?

Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsDinesh O Bareja
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceOracle
 
Cyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesCyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesPaige Rasid
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Securityscoopnewsgroup
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
Security in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everSecurity in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everEC-Council
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Security and Wearables: Success starts with security
Security and Wearables: Success starts with securitySecurity and Wearables: Success starts with security
Security and Wearables: Success starts with securityStephen Cobb
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...CODE BLUE
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-statusRama Reddy
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemIJERA Editor
 

Was ist angesagt? (20)

Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And Compliance
 
Cyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesCyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass Houses
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
NCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and ResourcesNCSAM = Cyber Security Awareness Month: Trends and Resources
NCSAM = Cyber Security Awareness Month: Trends and Resources
 
Peter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive SecurityPeter Allor - The New Era of Cognitive Security
Peter Allor - The New Era of Cognitive Security
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Security
 
Security in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than everSecurity in the Cognitive Era: Why it matters more than ever
Security in the Cognitive Era: Why it matters more than ever
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance Awareness
 
Security and Wearables: Success starts with security
Security and Wearables: Success starts with securitySecurity and Wearables: Success starts with security
Security and Wearables: Success starts with security
 
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
[CB21] Keynote1:Shaking the Cybersecurity Kaleidoscope – An Immersive Look in...
 
Cyber Risks
Cyber RisksCyber Risks
Cyber Risks
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
 
Forensics
ForensicsForensics
Forensics
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
 

Ähnlich wie Information Security for Small Business

Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec
 
The 5 ws of Cyber Security
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber SecurityMisha Hanin
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsAbbie Hosta
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCharles Cline
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Symantec APJ
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Symantec APJ
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptxrabeetkashif
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...EC-Council
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingSPI Conference
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sectorCore Security
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information SecurityAhmed Sayed-
 

Ähnlich wie Information Security for Small Business (20)

Information security for small business
Information security for small businessInformation security for small business
Information security for small business
 
Symantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global FindingsSymantec 2011 State of Security Survey Global Findings
Symantec 2011 State of Security Survey Global Findings
 
The 5 ws of Cyber Security
The 5 ws of Cyber SecurityThe 5 ws of Cyber Security
The 5 ws of Cyber Security
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal Threats
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control Systems
 
Security For Free
Security For FreeSecurity For Free
Security For Free
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small Businesses
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
 
Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16Internet Security Threat Report (ISTR) Vol. 16
Internet Security Threat Report (ISTR) Vol. 16
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptx
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
 
A New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm ApproachingA New Remedy for the Cyber Storm Approaching
A New Remedy for the Cyber Storm Approaching
 
Trending it security threats in the public sector
Trending it security threats in the public sectorTrending it security threats in the public sector
Trending it security threats in the public sector
 
Starting your Career in Information Security
Starting your Career in Information SecurityStarting your Career in Information Security
Starting your Career in Information Security
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
 

Kürzlich hochgeladen

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Kürzlich hochgeladen (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Information Security for Small Business

  • 1. by Julius Clark Sr., MBA, CISSP, CISA INFORMATION SECURITY FOR SMALL BUSINESS
  • 2. About Me • BDPA History • Julius Clark Sr. • 2010-2012 Charlotte President • 2010-2012 National BDPA CISO • Location: Charlotte, NC • 2007-2009 Charlotte President-Elect • Current home, been residing in • 2006-2004 VP of SITES (Education) Charlotte, NC for over 10 years • 2001-2003 Charlotte HSCC Coordinator • Hometown • Education • Boston, Ma • MBA in Information Security • Profession Salem International University, Salem, WV • MSIS in Information Security • Information Security Professional. University of Fairfax, Fairfax, VA • BS in Electronic Engineering Wentworth Institute of Technology, Boston, MA • Certifications • Certified Information Systems Security Professional (CISSP) • Certified Information Systems Auditor (CISA) • Microsoft Certified System Engineer (MSCE). 2
  • 3. Agenda Information Security for Small Business IT Security & Business Wholeness What Is Information Security? Components of Information Security Architecture Cyber Crime in the News 3
  • 4. Agenda (Continued) Information Security for Small Business Business Continuity & Disaster Recovery Planning Indentifying Business Critical Assets Safeguarding Critical Assets Highly Recommended IT Security Practices 4
  • 6. Maslow’s Hierarchy of Needs • Being aware of one’s Wholeness keeps bad things from happening. A solid foundation must be built to advance. Understanding your environment, your health and activities helps one to continually perform a risk assessments and move to the next level. • Self – Actualization – Being All You Can Be • Esteem - Recognition for Good Work • Love - Acceptance • Safety & Security – Stability • Needs – Air , Food, Water, Shelter 6
  • 7. Maslow’s Business Comparison • Maslow’s Hierarchy of Needs can be applied to building a successful business. IT Security is a foundation that businesses must build upon to lower IT Security risks, which can help your business gain a competitive edge. • Self – Actualization – Meeting the Mission Statement • Esteem - Recognition in Market Place • Love - Acceptance by Clients or Customers • Safety & Security – IT Security & Insurance • Needs – Capital & People 7
  • 8. Importance of Small Businesses • Statistic: • There are over 26 million small businesses in the U.S. Source: NIST 8
  • 9. What Is At Stake? • Your Business! • Your business is at risk of being damaged due to: • Financial loss • Lawsuits • Reputation loss • loss of market share • Theft of its technology , resources and products • Denial of service attacks • Blackmail 9
  • 11. What Is Information Security? • Protecting your information, technology, property, products and people, thus protecting your business. • The Information Security Triad is the foundation for Information Security and is based on concepts and principles known as CIA. • Confidentiality • Integrity • Availability 11
  • 12. What Is Information Security? • Confidentiality • Concept of protecting information from improper disclosure and protecting the secrecy and privacy of sensitive data so that the intellectual property and reputation of an organization is not damaged and that data related to individuals is not released in violation of regulations or the privacy policy of the organization. - From the CISSP® CBK® 12
  • 13. What Is Information Security? • Integrity • Addresses two objects, which are protecting data and processes from improper modification, and ensuring the operations of the information is reliable and performing as expected. - From the CISSP® CBK® 13
  • 14. What Is Information Security? • Availability • The concept of ensuring that the systems and data can be accessed when required. Availability is impacted by human error, cabling problems, software bug, hardware failures, loss of skilled staff, malicious code, and the many other threats that can render a system un- usable or unreliable. - From the CISSP® CBK®: 14
  • 16. Components of Information Security Architecture • The process of instituting a complete information security People solution to the architecture of a business, ensuring the security of business information at every point in the architecture. Processes Technology • People • Processes • Technology 16
  • 17. Components of Information Security Architecture • People • People are the weakest link of a business’ process. • You all know why! 17
  • 18. Components of Information Security Architecture • Processes • The operational aspects of small business. Safeguards can be automated or manual. 18
  • 19. Components of Information Security Architecture • Technology • All of the tools, applications, software, and infrastructure that allows a business process to work and perform efficiently. Thus as a business owner you must ensure that you have adequate logical controls in place to help you stay on track with your business’ mission or purpose. 19
  • 21. Who Are The Actors? • Their Roles: • Experimenters • Hacktivists • Cyber criminals • Information Warriors • Employees • Dumpster divers • Natural disasters • Terrorist activities 21
  • 22. Who Are The Actors? • Malicious Code! • Key loggers – Stealing your keystrokes • Viruses • Denial of service • Turning your computer into a zombie aka “Bot” 22
  • 23. Cyber Crime In the News 23
  • 24. Cyber Crime Statistics! •Insider threats are responsible for over 80% of small business issues. •There are over 70,000 active viruses ; and exponentially growing •Information Security threats can damage or destroy small business •33% businesses with 100 employees or less had a computer incident Source: NIST 24
  • 25. Cyber Crime Statistics! Small Business Cyber Crime Report •42 % of businesses has a Laptop theft •44% of businesses suffered from Insider Abuse •21% of businesses reported Denial of Service •50% of businesses detected a viruses •20% of business systems became a “Bot” Source: Computer Security Institute Survey 25
  • 26. Cyber Crime Statistics! Reported Data Breaches •2007 - there were 445 data breaches reported •2008 – there were 656 data breaches reported •2009 – approx. 392 data breaches reported. Source: October 9, 2009 USAToday 26
  • 27. Chronology of Data Breaches www.privacyrights.org 27
  • 28. Chronology of Data Breaches www.privacyrights.org The 354,537,108 indicates the total number of records compromised 28
  • 29. BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING 29
  • 30. Business Continuity & Disaster Recovery Planning NIST IT Security Fundamentals For Small Business Contingency and Disaster Recover planning considerations • What happens if there is a disaster (flood, fire, tornado, etc) or a contingency (power outage, sewer backup, accidental sprinkler activation, etc)? Do you have a plan for restoring business operations during or after a disaster or a contingency? Since we all experience power outages or brownouts from time to time, do you have Uninterruptible Power Supplies (UPS) on each of your computers and critical network components? They allow you to work through short power outages and to save your data when the electricity goes off. • Conduct an inventory of all information used in running your business. • Do you know where each type of information is located (on which computer or server)? • Have you prioritized your business information so that you know which type of information is most critical to the operation of your business – and, therefore, which type of information must be restored first in order to run your most critical operations? • If you have never (or not recently) done a full inventory of your important business information, now is the time. For a very small business, this shouldn’t take longer than a few hours. For a larger small business, this might take from a day to a week or so. • While you are doing this inventory, ensure that the information is prioritized relative to importance for the entire business, not necessarily for a single part of the business. When you have your prioritized information inventory (on an electronic spreadsheet), add three columns to address the kind of protection that each type of information needs. Some information will need protection for confidentiality, some for integrity, and some for availability. 30
  • 35. Actions for The Business Owner To Take • Identify what threats are a danger to your business? Many threats are found in a specific geographic area – what is a common threat in your area? • As you read/research your trade/professional publications, take note of the data security issues covered in these publications. Ask yourself “Is my business vulnerable to something like this? If so, what have others done that I could copy to protect my business?” • As you network with your peers, talk cyber security issues. Give and get advice, hints, tips, etc. • Make every effort to stay in touch with and on top of every threat or incident that does or could affect your business. • Join InfraGard to get critical information about current threats in your local area (and to act as eyes and ears to help protect our nation!). • (www.infragard.net - membership application form is online – membership is free in most areas of our nation) 35
  • 37. Safeguarding Critical Assets • The “Absolutely Necessary” actions that a small business should take to protect its information, systems, and networks. • People • Processes • Technology 37
  • 38. Safeguarding Critical Assets • People • People are the weakest link of the three components of Information Security! 38
  • 39. Safeguarding Critical Assets • People 1. Control physical access to your computers and network hardware • Do not allow unauthorized persons to have physical access to any of your business PCs. • Lock up laptops when they are not in use. • Control who has access to your systems and networks, this includes cleaning crews. No one should be able to walk into your office space without being challenged by an employee. • Vendors and service persons should provide appropriate identification. 2. Limit employee access to data and information, and limit authority to install software. • Employees should not install unauthorized software . • Do not provide access to all data to any employee, • Only give employee enough access privileges necessary to perform job. • Do not allow a single individual to both initiate and approve a transaction (financial or otherwise). 39
  • 40. Safeguarding Critical Assets • Processes • The operational aspects of small business; needs checks and balances aka controls. 40
  • 41. Safeguarding Critical Assets • Processes 1. Backup important business data and information. • Recommended to be done automatically. • Backup can be done inexpensively if copied to another hard drive that can hold 52 weeks of backups; 500GB should be sufficient for most businesses. • Backups should be performed at a minimum weekly, but better if done daily. • A full backup should be performed once a month and taken off site incase of a fire, flood, theft or other disaster. • Portable USB Drive is recommended ; 1000GB. • Regularly test your backup data. 2. Train your employees on basic security principles • Employees using any programs containing sensitive information should be trained on how to properly protect it. • Employees should review computer usage policies on the 1st day of work. • Train them about expectations concerning limited use of telephones, printers and other business resources. • After training they should sign a a statement that they understand these policies and the penalties for violation of business policies. 41
  • 42. Safeguarding Critical Assets • Processes 3. Requires individual user accounts for each employee on business computers and for business applications. • Create an account for all individual users and require strong passwords consisting of 8-10 characters in length, made up of random letters, numbers and special characters. • To protect information and systems, employees should not operate computers with administrative privileges. • Malicious code will gain the same privileges and install itself on a system if the user is using an account with administrative privileges. • Password should never be shared and changed every 3 months. 4. Train your employees on basic security principles • Employees using any programs containing sensitive information should be trained on how to properly protect it. • Employees should review computer usage policies on the 1st day of work.. • Train them about expectations concerning limited use of telephones, printers and other business resources. • After training they should sign a a statement that they understand these policies and the penalties for violation of business policies. 42
  • 43. Safeguarding Critical Assets • Technology 1. Protect information, systems, networks from damage by viruses, spyware, and other malicious code • Install anti-virus software & anti-spyware software on all computer systems. • It is recommended to have the anti-virus software, spyware and malicious code software to update automatically; frequently. • Obtain copies for employees home computers. 2. Provide security for your internet connection(s) • Install operational firewall between your internal network and the Internet. • Ensure that your employees home PCs have a firewall installed between your/ their systems(s) and the Internet. • Change the administrative password upon installation and regularly thereafter. 2. Good idea to change the administrator name too. 43
  • 44. Safeguarding Critical Assets • Technology 3. Secure your wireless access points and networks. • Change default administrator password. • Set wireless device to not broadcast its Service Set Identifier (SSID). • Recommended encryption is WiFi Protected Access 2 (WPA-2) using Advanced Encryption Standard (AES). • NOTE: WEP (Wired-Equivalent Privacy) is not a good wireless security protocol. • It is recommended to configure Desktop / Server Operating systems to update automatically. 44
  • 45. Safeguarding Critical Assets • Technology 4. Install and activate software firewalls on all of your business systems. • If you use Microsoft Windows XP or higher it will have a firewall included. • Make sure that the firewall is turned on. • Ensure that your employees home PCs have a firewall and turned on as well. 5. Patch your operating systems and applications. • Microsoft releases new patches on the second Tuesday of each month; sooner for serious threats. • It is recommended to configure systems to update automatically. • Ensure employees home PCs are configured to update automatically as well. • If you have many systems consider purchasing a product that can manage the process for your business. • Update Microsoft Office regularly. 45
  • 47. Highly Recommended IT Security Practices! Business Policies Should Be In Place Every business needs written policies to identify acceptable practices and expectations for business operations. •Some policies will be related to human resources. •Some will relate to expected employee practices for using business resources, such as telephones, computers, printers, fax machines, and Internet access. •Legal and regulatory requirements may also require certain policies to be put in place and enforced. •Policies for information, computer, network, and Internet security, should communicate clearly to employees the expectations that the business management has for appropriate use. 47
  • 48. Highly Recommended IT Security Practices! Business Policies Should Be In Place •These policies should identify those information and other resources which are important to management and should clearly describe how management expects those resources to be used and protected by all employees. •Policies should be communicated clearly to each employee and all employees should sign a statement agreeing that they have read the policies, that they will follow the policies, and that they understand the possible penalties for violating those policies. •This will help management to hold employees accountable for violation of the businesses policies. •There should be penalties for disregarding business policies. And, those penalties should be enforced fairly and consistently for everyone in the business that violates the policies of the business. 48
  • 49. Highly Recommended IT Security Practices! Business Policies Should Be In Place • Security emails requesting sensitive information. Security concerns about email attachments and emails requesting sensitive information. • Do not open email attachments unless you are expecting the email with the attachment and you trust the sender. If you are not sure why someone sent you and email with attachments or links. Call them or email them back asking questions. • Be cautious of emails asking for sensitive personal or financial information – regardless of who the email appears to be from. No responsible business will ask for sensitive information in an email. Security concerns about web links in email, instant messages, social media, or other means. • Do not click on links in email messages. Recently, scams are in the form of embedded links in emails. Once a recipient clicks on the link, malicious software (for example, key stroke logging software) is installed on the user’s computer. Don’t do it unless you know what the web link connects to and you trust the person who sent the email to you. 49
  • 50. Highly Recommended IT Security Practices! Business Policies Should Be In Place Security concerns about popup windows and other hacker tricks. • When connected to and using the Internet, do not respond to popup windows requesting that you to click “ok” for anything. • If a window pops up on your screen informing you that you have a virus or spyware and suggesting that you download an antivirus or antispyware program to take care of it, close the popup window by selecting the X in the upper right corner of the popup window. • Hackers are known to scatter infected USB drives with provocative labels in public places where their target business’s employees hang out, knowing that curious individuals will pick them up and take them back to their office system to “see what’s on them.” What is on them is generally malicious code which installs a spy program or remote control program on the computer. Teach your employees to not bring USB drives into the office and plug them into your business computers (or take them home and plug into their home systems). It is a good idea to disable the “AutoRun” feature for the USB ports on your business computers to help prevent such malicious programs from running. 50
  • 51. Highly Recommended IT Security Practices! Business Policies Should Be In Place Security considerations for web surfing. • No one should surf the web using a user account which has administrative privileges. • It is best to set up a special account with “guest” (limited) privileges to avoid this vulnerability. Issues in downloading software from the Internet. • Do not download software from any unknown web page. • Only those web pages belonging to businesses with which you have a trusted business relationship should be considered reasonably safe for downloading software. Such trusted sites would include the Microsoft Update web page where you would get patches and updates for various versions of the Windows operating system and Microsoft Office or other similar software. Most other web pages should be viewed with suspicion. • Be very careful if you decide to use freeware or shareware from a source on the web. Most of these do not come with technical support and some are deliberately crippled so that you do not have the full functionality you might be led to believe will be provided. 51
  • 52. Highly Recommended IT Security Practices! Business Policies Should Be In Place Doing online business or banking more securely. • Online business/commerce/banking should only be done using a secure browser connection. This will normally be indicated by a small lock visible in the lower right corner of your web browser window. • After any online commerce or banking session, erase your web browser cache, temporary internet files, cookies, and history so that if your system is compromised, that information will not be on your system to be stolen by the individual hacker or malware program. Recommended personnel practices in hiring employees. • When hiring new employees, conduct a comprehensive background check before making a job offer. • Ensure that you do criminal background checks on all prospective new employees. • If possible, it is a good idea to do a credit check on prospective employees. This is especially true if they will be handling your business funds. Do your homework – call their references and former employers. • Note: It is also an excellent idea for you the business owner to do a background check of yourself. Many people become aware that they are victims of identity theft only after they do a background check on themselves and find arrest records and unusual previous addresses where they never lived. 52
  • 53. Highly Recommended IT Security Practices! Business Policies Should Be In Place • How to protect against Social Engineering. • Social engineering is a personal or electronic attempt to obtain unauthorized information or access to systems/facilities or sensitive areas by manipulating people. • The social engineer researches the organization to learn names, titles, responsibilities, and publically available personal identification information. Then the social engineer usually calls the organization’s receptionist or help desk with a believable, but made-up story designed to convince the person that the social engineer is someone in, or associated with, the organization and needs information or system access which the organization’s employee can provide and will feel obligated to provide. • Train employees to protect against social engineering techniques, employees must be taught to be helpful, but vigilant when someone calls in for help and asks for information or special system access. The employee must first authenticate the caller by asking for identification information that only the person who is in or associated with the organization would know. • If the individual is not able to provide such information, then the employee should politely, but firmly refuse to provide what has been requested by the social engineer. • The employee should then notify management of the attempt to obtain information or system access. 53
  • 54. Highly Recommended IT Security Practices! NIST IT Security Fundamentals For Small Business How to dispose of old computers and media. • When disposing of old business computers, remove the hard disks and destroy them. The destruction can be done by taking apart the disk and beating the hard disk platters with a hammer. • It is very common for small businesses to discard old computers and media without destroying the computers’ hard disks or the media. Sensitive business and personal information is regularly found on computers purchased on Ebay, thrift shops, Goodwill, etc, much to the embarrassment of the small businesses involved (and much to the annoyance of customers or employees whose sensitive data is compromised). • Consider Using Full Disk Encryption if you handle sensitive data and information. 54
  • 55. Information Security Resources for Small Business Small Business Information Security : The Fundamentals (Security Guide for Small Business) http://csrc.nist.gov/publications/drafts/ir-7621/draft-nistir-7621.pdf Small Business Center Documents http://csrc.nist.gov/groups/SMA/sbc/library.html InfraGard – FBI Sponsored Cyber Security Program http://www.infragard.net Protecting Personal information www.ftc.gov/infosecurity Computer Security Training, Network Research & Resources www.SANS.org On Guard Online - Protect Your Personal Information http://www.onguardonline.gov/ 55
  • 56. Closing Remarks • Remember the IT Security Triad! • The Information Security Triad is the foundation for Information Security and is based on concepts and principles known as CIA. • Confidentiality • Integrity • Availability 56
  • 57. References Surviving Security—How to Integrate People, Process and Technology, 2nd Edition http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=27320&TEMPLATE=/ContentMan agement/ContentDisplay.cfm Introduction to the Business Model for Information Security , 2009 ISACA http://www.isaca.org Small Business Information Security : The Fundamentals (Security Guide for Small Business) http://www.nist.gov/cgi-bin//get_pdf.cgi?pub_id=903080 Small Business Center Documents http://csrc.nist.gov/groups/SMA/sbc/library.html InterHack,- Information Security: Friend or Foe, 2002 http://web.interhack.com/publications/whatis-security.pdf 57
  • 58. Contact Information Julius Clark Email: Julius.Clark.Sr@gmail.com Tel: 704-953-379 Blog: www.clarkthoughtleadership.blogspot.com 58