Cyber Security For Growing Organizations...Cyber Security For Growing Organizations Action Plan For...
Transcript of Cyber Security For Growing Organizations...Cyber Security For Growing Organizations Action Plan For...
Cyber Security For Growing OrganizationsAction Plan For Executives
Presented by Steve Meek, CISSP
Copyright © 2019 The Fulcrum Group Inc.
Agenda
Cybersecurity news
Risk Management
What to do
Giveaway
Copyright © 2019 The Fulcrum Group Inc.
About Me?
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group Inc.
Cybersecurity News
Center for Internet Security- May 2019.
Copyright © 2019 The Fulcrum Group Inc.
Cybersecurity News
Copyright © 2019 The Fulcrum Group Inc.
Cybersecurity News
Common threats
Business Email Compromise
Digital Extortion
Ransomware
Crypto-mining
False sense of security
Verizon 2019 DBIR
Copyright © 2019 The Fulcrum Group Inc.
Risk Management
Security Events
Security Incidents
Data Breaches
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group Inc.
Risk Management
Risk Matrix
Likelihood- probability
that a risk can occur
Impact- potential effect on
the organizationExtremely
Harmful
Harmful Slightly
Harmful
Highly
Likely
Likely
Unlikely
40%
30%
Impact
Lik
eli
ho
od
Copyright © 2019 The Fulcrum Group Inc.
Risk Management
Different types of security
Doors
Windows
Locks
Fence
Alarm
Motion Sensor
Crime Watch
Monitoring
Dog
Gun(s)
Police
Insurance
Protect Detect Respond
Copyright © 2019 The Fulcrum Group Inc.
Risk Management
The National Institute of Standards and Technology
(NIST) Guidance
Copyright © 2019 The Fulcrum Group Inc.
Risk Management
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group Inc.
What to do?
Left of Boom Right of Boom
Risk assessments
Vulnerability scanning
Penetration testing
Compliance review
Firewalls
Anti-virus
Email filtering
IDS/IPS
Security Operations
Incident Response
Remediation
Forensics
Secure Workforce and Cyber Security Insurance
Copyright © 2019 The Fulcrum Group Inc.
What to do?
Center for
Internet
Security
Copyright © 2019 The Fulcrum Group Inc.
What to do- Exercise
SMB Security Maturity Model
Identify Protect Detect Respond Recover
Exec involvement
Hardware/software
Basic policies
Advanced policies
Threat intelligence
Risk assessment
Standards/
procedures
Key data
repositories
Third-party eval.
1
3
5
Physical security
Secure configs
Patch OS, A/V, f/w,
email filter
Security
awareness
Admin control
NGFW, URL, MFA
Secure network
Simulated phishing
Encryption at
rest/in transit
High availability
Logging configured
Owner
Network monitoring
Security
information and
event management
Log review
Continuous
security monitoring
Lessons learned
Copyright © 2019 The Fulcrum Group, Inc..
Copyright © 2019 The Fulcrum Group Inc.
What to do- Full
SMB Security Maturity Model
Identify Protect Detect Respond Recover
Who’s
responsible
Communication
Data
classification
Basic incident
response
Tracking
Analysis/mitigation
Detailed IRP/ SIRT
Work lessons
learned
Server backups
Cloud protections
PC/device
recover
Business impact
assessment
Basic recovery
plan
Lessons learned
Detailed recovery
Tested recovery
Manage retention,
recovery times
Copyright © 2019 The Fulcrum Group Inc.
Summary
Use threat intelligence to know
risks
Be the leader your organization
needs
Beware a false sense of
security
Identify key assets and data
repositories
Work both left and right of boom
Make detection a key security
effort
Copyright © 2019 The Fulcrum Group Inc.
Giveaway
The Fulcrum Group, Inc.
5751 Kroger Drive, Suite 279,
Fort Worth, TX 76244
Phone: 817-337-0300
Support Desk: 817-898-1277
Web: www.fulcrum.pro
Copyright © 2019 The Fulcrum Group Inc.
SMB LinksNational Cyber Awareness System
Alerts https://www.us-
cert.gov/ncas/alerts
2019 Data Breach Investigations Report
https://enterprise.verizon.com/resources
/reports/dbir/
National Institute of Standards and
Technology
https://www.nist.gov/cyberframework/sm
all-and-medium-business-resources
CIS® (Center for Internet Security, Inc.)
https://www.cisecurity.org/controls/
Global Cyber Alliance (GCA) toolkit
https://gcatoolkit.org/smallbusiness/
Ghost In The Wires: My Adventures as
the World's Most Wanted Hacker by
Kevin Mitnick