Security Top 10 - Bucks County Community College...Background - Certifications International...
Transcript of Security Top 10 - Bucks County Community College...Background - Certifications International...
Background – Work Experience
IT
Cellular Industry
Police Officer
Internet Crimes Against Children Task Force Detective
FBI Task Force Officer
Private Sector
Director of Digital Forensics
Senior Security Consultant
College Professor
Testified in court as an expert in computer crime and digital forensics
Background - Education
B.S. in Information Systems
M.A. in Criminal Justice/Digital Forensics
Finishing a M.S. in Information Systems/Cyber Security (January 2019)
Currently pursuing a doctoral degree in Information Systems
Over 1,500 hours of training
Specialized training in JTAG and chip-off
Background - Certifications
International Information Systems Security Certification Consortium – (ISC)2
Certified Information Systems Security Professional (CISSP)
Certified Cyber Forensics Professional (CCFP)
CompTIA
A+, Linux+, Network+, Security+, Cybersecurity Analyst (CSA+),
CompTIA Advanced Security Practitioner (CASP)
EC-Council
Certified Ethical Hacker (CEH)
Computer Hacking Forensic Investigator (CHFI)
Guidance Software
EnCase Certified Examiner (EnCE)
Certified Forensic Security Responder (CFSR)
International Society of Forensic Computer Examiners (ISFCE)
Certified Computer Examiner (CCE)
Security – Who Cares?
Security incidents continue to occur more frequently
A security incident can be devastating to a company
Financial implications
Reputation
Top 10
We will discuss ten areas that you can focus on to improve your organization’s
security posture
These are not necessarily in order of importance
User Awareness Training
Users need training so they can understand the threats they might face and
how to deal with those threats
Training should be conducted regularly
Users have access to your systems
Social engineering “in the context of information security, refers to
psychological manipulation of people into performing actions or divulging
confidential information” (Wikipedia)
Social engineering is very effective
Phishing
Phishing is a social engineering attack
Attackers try to trick users into clicking on a malicious link or providing
sensitive information
Social engineering involves psychological manipulation to trick people into
performing actions that they should not perform or divulging sensitive
information
Vishing
Vishing is another type of social engineering attack
Instead of using email, the attacker uses the telephone
Patch Management & Vulnerability
Assessment
WannaCry (5/12/2017) could have been prevented if a Windows update was
installed (3/14/2017)
It is critical to install security updates
Outdated Software
Avoid utilizing software that is no longer supported
Windows XP support ended on April 8, 2014
Windows Vista support ended on April 11, 2017
Office 2007 support ended on April 11, 2017
Account Management
Only individuals who are authorized should have user accounts
There should be a process to check for individuals who should not have
accounts
System administrators should utilize two different accounts – one for
administrative duties and one for everyday tasks
Individuals should only be given access to resources that they need to
accomplish their job
All account activity should be logged
Passwords
Passwords help to prevent unauthorized individuals from accessing resources
Stop re-using passwords
Use strong passphrases
Never use default passwords
Enable two-factor authentication on every account that permits it
Application Whitelisting
Application whitelisting allows system administrators to restrict applications
that can run on a system
NIST Special Publication 800-167
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-167.pdf
Microsoft AppLocker
https://docs.microsoft.com/en-us/windows/device-security/applocker/applocker-
overview
Encryption
Encryption prevents unauthorized users from gaining access to data while it is
being transmitted or while it is stored
Are you storing sensitive data on your desktop or laptop computers?
What types of data are you storing in the cloud? Who has access to the data?
Disaster Recovery
Every organization should have a plan for dealing with disasters
All essential data should be backed up regularly, and backups should be kept
off-site
There are several options for getting the data to an off-site location
An employee can take the backup media home
You can hire a service to pick up the backup media
Cloud-based backup solutions
Backups should be tested regularly
Incident Response
Do you have a plan for dealing with incidents?
It is important to have an Incident Response Plan (IRP) that is updated
regularly and tested
Logging
Logs are necessary in order to properly investigate an incident
Logs can help to provide evidence which may lead to the identity of an
offender, provide insight into their activities, or give you an idea of how long
a malicious actor had access to your system
You should maintain logs as required for regulatory compliance
Logs should be reviewed regularly
Wireless
Data transmitted on a wireless network can be intercepted much more easily
than data on a wired network
Maintain separate networks for employees and guests
Ensure that only authorized wireless access points (WAPs) are present
inSSIDer
NetStumbler
Public wireless networks should be used only when absolutely necessary
If you are going to utilize a wireless network that you do not control, consider
utilizing virtual private network (VPN) technology
Physical Security
Physical security is very important
If you cannot ensure physical security, your technical controls could be easily
bypassed
Properly Destroying Data
What kind of data are you throwing away?
How can a malicious individual utilize that data to harm you or your
organization?
Consider adopting a shred all documents policy
Improving Your Security Posture
Consider conducting a security assessment
Choose a security methodology
NIST Cybersecurity Framework
CIS Critical Security Controls
ISO 27001
Consider conducting penetration testing
Consider purchasing cyber insurance
Master of Arts in Criminal Justice
Master of Science in Information Systems
Offers a concentration in Cyber Security
Both programs offer a Digital Forensics concentration
We also offer Graduate Certificates
Cyber Security
Digital Forensics
Classes are offered online
Flexible class schedules