Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
ERIC VANDERBURG - Security Thinking Cap · Threat Mitigation through Network & System Hardening...
Transcript of ERIC VANDERBURG - Security Thinking Cap · Threat Mitigation through Network & System Hardening...
Thought Leader • Author • Professional Speaker
ERIC VANDERBURG
2 ERIC VANDERBURG
Expert Rankings
Cybersecurity • Hacking • Ransomware
Malware • Privacy • DevOps • Big Data
Fraud • Servers • Cloud Computing
Linux • Information Security
Computer Networking
@evanderburg
www.inkedin.com/in/evanderburg
youtube.com/user/evanderburg
facebook.com/VanderburgE
Securitythinkingcap.com
Eric Vanderburg is an information security
executive, thought leader and author known
for his insight on cybersecurity, privacy, data
protection and storage. He is also a licensed
private investigator. Some have called him the
“Sheriff of the Internet” since he and his
cybersecurity team at JURINNOV protect
companies from cyber threats, investigate data
breaches, and provide guidance on safe
computing.
Eric serves as the vice chairman of the board
of directors for Technology Ministry Network
and is a member of the Health IT Security
Journal editorial board.
Eric is passionate about sharing knowledge of
cybersecurity and technology news, insights
and best practices. He regularly presents on
security topics and maintains a security blog.
You can find him throughout the day posting
valuable content on his social media channels.
2 ERIC VANDERBURG
Books 3 Expert Testimony 4 Speaking Engagements 5 Published Articles 9 Interviews 13 eBooks 16
CONTENTS
COMPTIA STORAGE+ QUICK REVIEW GUIDE
2015, McGraw Hill, ISBN 978-0-07-180880-4
Organizations are in dire need of technologists who have a firm
grasp on how to implement reliable storage systems that can
meet current organizational needs and grow with changing
technologies and objectives. This authorized guide can help you
refine those skills in preparation for the CompTIA Storage+ cer-
tification which validates your skills as a storage professional.
The book covers all objectives from the exam and includes a full
practice exam.
3 ERIC VANDERBURG
BOOKS
SPEAKING ENGAGEMENTS
ERIC VANDERBURG PAGE 4
4 ERIC VANDERBURG
EXPERT TESTIMONY
Gorilla Store LTD, ET AL v. Michael Thompson
In the Court of Common Pleas, Cuyahoga County, Ohio Case No. CV-14-825792, November 11, 2014
C4Polymers, Inc., v. Huntington National Bank, ET AL
In the Court of Common Pleas, Cuyahoga County, Ohio Case No. CV-12-790341, March 14, 2014
Invista North America S.À R.L., and Auriga Polymers, Inc., v. M&G Corporation and M&G Polymers USA, LLC
In the U.S. District Court for the District of Delaware Case No. 1:11-CV-01007-SLR-CJB, February 19, 2013
Frank Gates Managed Care Services v. Ohio Bureau of Workers’ Compensation
In the Court of Common Pleas, Franklin County, Ohio Case No. 12-CV-005616, August 17, 2012
Slapikas v. First American Title Insurance Company In the U. S. District Court for the Western District of Pennsylvania Case No. 2:06-CV-00084, June 25, 2008
5 ERIC VANDERBURG
SPEAKING ENGAGEMENTS
The Prescription for Prevention—Avoid Treatment Errors to the Malware Problem Advanced Persistent Threats Summit, June, 2016
Cloud Storage and Security: Solving Compliance Challenges Webinar co-presented with Fredrik Forslund and Giulio Coraggio, May, 2016
It’s a Dangerous World. Are you Secure? The Union Club, February, 2016
Panel Moderator for Threat and Vulnerability Management: A Key Enabler of Your IT GRC Program IT GRC Forum, February, 2016
Panel Member on Cyber Security National Association of Graphic and Product Identification Manufacturers, October, 2015
Panel Moderator on Cloud Security Infrastructure Premier CIO Forum, June, 2015
Effective Data Breach Handling Techniques Cleveland eDiscovery Roundtable, May, 2015
Cyber Security for Executives Richland Chamber of Commerce, May 2015
Cloud Security Best Practices Lorain County Community College, May, 2015
Cybersecurity Investigation, Prosecution and Prevention Cleveland Metropolitan Bar Association, Business & Corporate Counsel, December, 2014
Essential Computer Security Untangled Conference, November, 2014
Preventing Fraud from Top to Bottom 12th Annual Information Security Summit, October, 2014
Integrating Compliance Security into a Unified Security Strategy Kent State University, June 2014
6 ERIC VANDERBURG
Incident Response and the Role of the first responder Spring Information Security Summit, June, 2014
Keynote Speaker: Professional Development for IT Professionals Helpdesk Institute (HDI) Seminar at Cuyahoga Community College, January, 2014
Maximizing Technology Adoption ROI CodeMash, January, 2014
Data Breach Lessons From 2013 CodeMash, January, 2014
Critical Actions in Data Breach Investigations 11th Annual Information Security Summit, October, 2013
Commencement Speaker Remington College, July, 2013
How to Protect Your Law Firm and Your Clients: The Role of the Virtual CSO eSecurity and Compliance webinar, June, 2013
Technology and You: Safe Computing in a Digital World The Union Club, May, 2013
Cyber Forensics: Collecting Evidence for Today’s Data Breaches ISACA, Cleveland chapter, March, 2013
Principles of Effective Breach Response American Society for Industrial Security (ASIS), January, 2013
Eradicate the Bots in the Belfry 10th Annual Information Security Summit, October, 2012
Wire / Computer Fraud China Resource Network Conference: China – Growing the Mature Market, October, 2012
Data Breaches and First Responder Responsibilities Remington College, June, 2012
The Bot Stops Here: Removing the Botnet Threat 1st Annual Public and Higher Education Sector IT and Security Summit, April 2012
Creating a Culture of Information Security 9th Annual Information Security Summit, October, 2011
SPEAKING ENGAGEMENTS
7 ERIC VANDERBURG
Information Security Career Development HISP training for the unemployed and underemployed, October, 2011
Information Security for Business Leaders The Union Club, May, 2011
Enterprise IT Risk Management Remington College, April, 2011
Commencement Speaker Vatterott College, May, 2010
Getting to Know and Love Windows 7 Windows 7 Launch Party, October, 2009
Virtualization for Competitive Advantage Cleveland State University, March, 2009
Technology on the Go: Tablet PCs, Smart Phones & PDAs Vatterott College, March, 2008
Information Security and Data Resiliency Northeast Ohio Software Association (NEOSA), June, 2007
Threat Mitigation through Network &
System Hardening
Kent State University, April, 2006
Improving Software Quality Assurance & Security Pittsburgh Code Camp, April, 2006
Computer Crime Methods & Avenues of Attack Remington College, Computer Crime & Surreptitious Attack Seminar, February, 2006
Penetration Testing: A Proactive Approach to Network Security Kent State University, October, 2005
Preparation for Study Abroad & the International Experience Hiroshima Bunkyo Women’s University, July 2005
Quantitative Risk Assessment: Information Security ROI Kent State University: Graduate Management Association, April 2004
Information Security Threats & Countermeasures Kent State University, February 2004
Metrics to Improve Availability of Key Information Systems Management Information Systems Association (MISA), April, 2003
SPEAKING ENGAGEMENTS
8 ERIC VANDERBURG
Breaking Boundaries with Wireless Networking Association for Computing Machinery (ACM), March, 2002
Five Steps to Developing Secure Code
Association for Computing Machinery (ACM),
September, 1999
SPEAKING ENGAGEMENTS
9 ERIC VANDERBURG
Pokemon Go ransomware virus is out to catch’em all FightRansomware.com, August, 2016
Cybercriminals turn to DIY kits and Ransomware as a Service (RaaS) FightRansomware.com, August, 2016
Will Hacktivists Turn to Ransomware? FightRansomware.com, August, 2016
Newest Ransomware has Polished, Professional Look FightRansomware.com, July, 2016
Geolocation technology helps ransomware deliver targeted message FightRansomware.com, July, 2016
Strengthening Information Security: A Long-term Process Networks Asia, July, 2016
Bad Seed—The Truth about Data Integrity Attacks HITSF Journal, April, 2016
10 ways to flash forward: Future-ready
storage insights from the experts One of several contributors to this publication, Dell, March, 2016
5 Trends Transforming the Digitalization of Business in 2016 Covered Trend 4: Privacy as Mandatory, Blancco, January, 2016
The human brain vs. computers in the identity challenge Powermore, March, 2016
Big Data ROI – How to use what you already have Powermore, January, 2016
Top security initiatives for 2016 Powermore, December, 2015
4 ways to avoid holiday phishing on Black Friday Powermore, November, 2015
No compromise with the hybrid cloud Powermore, November, 2015
PUBLISHED ARTICLES
10 ERIC VANDERBURG
Cloudsizing: Finding the right fit for your cloud Powermore, November, 2015
The missing leg – integrity in the CIA triad Powermore, October, 2015
Regaining your anonymity online Powermore, April, 2016
Securing Your Network and Application
Infrastructure
One of several contributors to this
publication, Fortinet, November, 2015
20 Hybrid Cloud Insights from Top Industry
Experts
One of several contributors to this
publication, Dell, October, 2015
Protecting consumer data in the Internet of Things Powermore, August, 2015
What you need to know about Windows 10 Security and Privacy Powermore, August, 2015
What does it mean to be future ready?
One of several contributors to this
publication, Dell, July, 2015
A breach is found. Now whom do I tell? Powermore, July, 2015
Breach response and information sharing Powermore, June, 2015
Essential Elements of an Incident Response
Plan
HITSF Journal, June, 2015
Investigating the negative SEO threat Powermore, June, 2015
Security’s common cold Powermore, May, 2015
Future ready cloud security Powermore, May, 2015
How to Build an Effective Security Team
HITSF Journal, April, 2015
Is your culture interfering with data security? Powermore, April, 2015
Successful companies use security metrics Powermore, March, 2015
Don’t be a victim. Be a protector Powermore, February, 2015
PUBLISHED ARTICLES
11 ERIC VANDERBURG
The case for consistency in security Powermore, February, 2015
The 5 W’s of data identification and inventory Powermore, January, 2015
Logs that Matter Following a Data Breach HITSF Journal, February, 2015
Cloud security empowerment Powermore, December, 2014
Cybersecurity and the boy who cried wolf Powermore, December, 2014
Measuring security program maturity Powermore, December, 2014
What to expect in 2015 in security and technology Powermore, November, 2014
Is staying safe online possible? Powermore, October, 2014
Effective Storage Security Strategies for Enterprise Data HITSF Journal, December, 2014
Criteria for Selecting a Risk Assessment Methodology HITSF Journal, July, 2014
Physical Security for Data in Transit HITSF Journal, July, 2014
Understanding Malware Forensics eForensics Magazine, Vol. 3, No. 6, p. 8-12
What to Expect when You’re Encrypting: Cryptographic Choices for Mac and Windows eForensics Magazine, Vol. 3, No. 5, p. 36-40
Relieving Subnet Misery eForensics Magazine, Vol. 3, No. 3, p. 118-122
Reducing Risk with Data Minimization HITSF Journal, January, 2014
Email eDiscovery in a Microsoft World eForensics Magazine, Vol. 2, No. 14, p. 34-39
USB and LNK File Analysis eForensics Magazine, Vol. 2, No. 14, p. 90-94
Avoiding Corporate Espionage Data Breaches HITSF Journal, October, 2013
What’s Your Security Worth? Exploring the Vulnerabilities Market eForensics Magazine, Vol. 2 No. 12, p. 52-55
Risk Homeostasis: An Instinctive Response to Risk HITSF Journal, July, 2013
PUBLISHED ARTICLES
12 ERIC VANDERBURG
Does Securing Healthcare’s Big Data Require Big solutions or just Big Thinking? HITSF Journal, April, 2013
Not Without a Trace: Uncovering Computer Forensic Evidence American Bar Association: Information Security & Privacy News, March, 2013
Fail Secure – The Right Way to Fail PC Security World, February, 2013
Implementing mHealth and Protecting Patient Privacy HITSF Journal, February, 2013
Effectively Gathering Facts Following a Data Breach Outlook Series Newsletter, January, 2013
When to Call for Help After a Data Breach Network World Magazine, January, 2013
Social Media – After the Breach American Bar Association: Information Security & Privacy News, December, 2012
Developing a Security Oriented Corporate Culture White Paper, JurInnov, Ltd., May, 2012
Four Keys to Successful BYOD Network World Magazine, February, 2012
Inside the Hacker’s Head White Paper, JurInnov, Ltd., September, 2008
Up-to-Date: Earning the Certs the Market Demands Certification Magazine, August, 2007
Implementation to Instruction – Is Teaching Next on Your Horizon? Certification Magazine, June 2007
IT Training: Cardinal Virtues & Deadly Sins Certification Magazine, August, 2006
The Cutting Edge: New Technologies to Watch Certification Magazine, May 2006
PUBLISHED ARTICLES
13 ERIC VANDERBURG
4 Steps to a Strong Incident Response Plan CSO, interviewed by Carin Hughes, August 4, 2016
Three of the Biggest Concerns about External Cyber-Threats Art of the Hack, interviewed by Rob O’Regan, July 6, 2016
3 Ways to Turn Cybersecurity Practices into Competitive Advantage Art of the Hack, interviewed by Rob O’Regan, March 28, 2016
Running Red Lights: Breaking cyber-policies out in the open Interviewed by Jim Yenzer, March 23, 2016
The War Against the Bot Machine and Fake Profiles Interviewed by Jim Yenzer, March 10, 2016
Life as the “Sheriff of the Internet”
CIO Redzone Podcast, episode 38, January 20, 2016
As Health Care Hacking Evolves, Take these 4 Steps to Protect Your Practice
Rick Kuwahara writing for PaulBox, October 27, 2016
What’s all the Buzz About the Hybrid Cloud?
Dell World Live, October 22, 2015
INTERVIEWS, QUOTES, AND MENTIONS
14 ERIC VANDERBURG INTERVIEWS, QUOTES, AND MENTIONS
Data Breaches Come in all Shapes and Sizes
The Identity Theft Warriors Podcast, episode 18, August 10, 2015
Local Federal Agents Caught up in Cyber Hack
Channel 3 WKYC, July 9, 2015
High Value of Your Data Creates Ethical Concerns
PowerMore, July 7, 2015
Security Breaches and the “Crown Jewels” of Creativity and Research
Cyber Attacks Squad, July 1, 2015
Q&A with Eric Vanderburg on CompTIA Storage+ Quick Review Guide Tech Page One, June 17, 2015
Cyber Security with Eric Vanderburg Interviewed by Stephen Esketzis, November 4, 2014
Eric Vanderburg: Cybersecurity – Protect Your Lifestyle Business
Podcast CLP 024 Confessions of a lifestyle-preneur, Curt Worrell, October 8, 2014
Defense Mechanism
Inside Business Magazine, September/October 2014
101 Smart Ways to use Social Media Automation for Sales and Marketing
Matthew Guay, Zapier, September 26, 2014
15 ERIC VANDERBURG
Cyber Security and Computer Forensics
Internet Marketing Show, March 20, 2014
Cyber Security and your Information
90.3 WCRN NPR, The Sound of Ideas, November 5, 2013
Banks Can’t Prevent Cyber Attacks Like Those Hitting PNC, Key, U.S. Bank The Plain Dealer, September 27, 2012
Elements of a Successful BYOD Program IT Toolbox, June 28, 2012
Corporate Espionage on the Rise in Northeast Ohio
Channel 5 WEWS, February 28, 2011
CCNA v2.0 Review: Critical Concepts of the 640-802 CCNA Exam
Interviewed by Rick Chapin, Global Knowledge, October 17, 2008
Hitachi Turns its Attention to File Services, Discovery
TechTarget Storage Media Group, March 4, 2008
INTERVIEWS, QUOTES, AND MENTIONS
16 ERIC VANDERBURG
Implementing a Best Practice Risk Assessment Methodology
ISBN 978-3-656-82045-1, Grin Publishing, October, 2014
HH0-120 Hitachi Data Systems Certified Professional Study Guide
ISBN 978-1-300-36077-3, Lulu Press, October, 2012
MCTS 70-403 System Center Virtual Machine Manager Study Guide
ISBN 978-1-300-36001-8, Lulu Press, October, 2012
MCTS 70-652 Configuring Server Virtualization Study Guide
ISBN 978-1-300-36035-3, Lulu Press, October, 2012
Practical Considerations for Software Development
ISBN 978-3-656-34879-5, Grin Publishing, November, 2011
Critical Factors Contributing to a Student’s Decision to Pirate Software
ISBN 978-3-656-31083-9, Grin Publishing, June, 2009
Copyright Protection and Infringement Technologies
ISBN 978-3-656-29862-5, Grin Publishing, December, 2003
EBOOKS