The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s...

20
The Top 10 things you must do to protect security systems from cyber a7acks Dave Tyson CPP, CISSP, MBA

Transcript of The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s...

Page 1: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

The Top 10 things you must do to protect security systems from cyber a7acks DaveTysonCPP,CISSP,MBA

Page 2: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

Dave’sBio

•  16YearsinPhysicalSecurityIndustry•  ExecuAve

ProtecAon•  InvesAgaAons•  SecurityOfficers•  Security

Systems•  ChiefSecurity

Officer

•  20YearsinCyberSecurityIndustry•  Chief

InformaAonSecurityOfficer

•  CyberSecurityConsultant

•  VulnerabilityTesAngCompanyOwner

•  IndustryExperience&CredenAals•  CerAfiedProtecAonProfessional•  CerAfiedInformaAonSystemsSecurity

Professional•  MBA,DigitalTechnologyMgt.•  2015PresidentASISInternaAonal

Page 3: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

Agenda •  LevelSeRng•  HowCyberaTacksarecarriedout•  Top10MustdoacAviAes

Page 4: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

Why?

Ø  1in101emailsinmalicious

Ø  32%ofemailisactuallycleanenoughfordelivery

Page 5: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

How?

•  Itwasinsecuretostartwith•  Itwasinstalledpoorly•  Itwasn’tmaintainedofmonitoredcorrectly

Page 6: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

What

•  Interconnec6vity•  Complexity

•  It’saweakestlinkdiscipline

Page 7: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons
Page 8: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

1.  Doyouhaverequirementsforsecuringthetoolorsystem?

2.  Diditstartsecure?3.  Wasitinstalledwithasecuredesign?4.  HavetheintegraAonpointsbeingconsidered?5.  Isittestedforsecuritybeforegoinglive?6.  Areallthebasicscovered?7.  Howwillyouknowifthesystemisviolated?8.  Whoisgoingtomonitorthesystemortoolfor

variance?9.  Howwillitbemaintained?10.  Usesecurityintelligencetounderstandyour

adversary’sapproach

Top10List

Page 9: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#1 - Do you have requirements for securing the tool or system?

•  SecurityrequirementsmustbedevelopedifyouwanttoletthetechnicalteamknowyourexpectaAons!

Page 10: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#2 - Did it start secure?

•  BeyondtheVendorstatements!

•  Whatassuranceleveldoyourequire?

Page 11: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#3 - Was it installed with a secure design? •  Wastheadocumenteddesigncreatedbyanexpert?

•  Didthesecurityrequirementsmakeitintothedesign?

•  Wasitinstalledaccordingtothedesign?

Page 12: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#4 - Have the integraHon points being considered?

•  Forsystemsthatwillbeintegratedortalkedto,havethesecurityissuesbeenconsidered?

Page 13: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#5 - Is it tested for security before going live?

•  Measure6Ames,cutonce!

•  NoscoperestricAons!

•  TesAngcriteriashouldbeaddedintorequirementsdocument!

Page 14: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#6 - Are all the basics covered?

•  Doyouknowallwhowillhaveaccess?Eveninanemergency!

•  Arethelockoutscomplete?•  IstheredocumentaAon?

•  Istrainingincluded?

Page 15: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#7 - How will you know if the system is violated?

• WhatdoesanaTacklooklikeforthissystem?

• Whatisthebaseline,whatdoesnormallooklike?

Page 16: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#8 - Who is going to monitor the system or tool for variance?

• Whowillmonitor?• WhatareescalaAonpaths?• WhataboutreporAng?

Page 17: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#9 - How will it be maintained?

•  Whowillpatchandupdateit?

•  Whataboutendoflifeandreplacement?

•  Securitydisposal?

Page 18: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#10 - Use security intelligence to understand your adversary’s

approach

•  Knowthyenemy!

Page 19: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

Summary •  Plantosucceed•  Workthetop10listataminimum

•  Decidehowmuchriskisacceptable

•  Doorwaytothedatanetwork

Page 20: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

[email protected]@cisoinsightshTps://www.facebook.com/cisoinsights/www.cybereasylearning.com


Geoduck aquaculture invesgaons in Puget Sound: Digging ......VanBlaricom presentation - Sound Science Lecture, February 26, 2009. Project objecves and foci: Measurement of effects

Geoduck aquaculture invesgaons in Puget Sound: Digging ......VanBlaricom presentation - Sound Science Lecture, February 26, 2009. Project objecves and foci: Measurement of effects

ENVI-F-409 Economie de lʼenvironnement et des ressources ...tbauler.pbworks.com/f/EconEnv-2010-11_séance1.pdf · travel cost, hedonic prices, protecon cost. Valuaons monétaires

ENVI-F-409 Economie de lʼenvironnement et des ressources ...tbauler.pbworks.com/f/EconEnv-2010-11_séance1.pdf · travel cost, hedonic prices, protecon cost. Valuaons monétaires

Demystifying negative screens - Schroders...Contents Demystifying negative screens: the full implications of ESG exclusions 3 Execuve ti usmmary 3 Screening remains very popular in

Demystifying negative screens - Schroders...Contents Demystifying negative screens: the full implications of ESG exclusions 3 Execuve ti usmmary 3 Screening remains very popular in

KDDL Limited ANNUAL REPORT - Bombay Stock …. Yashovardhan Saboo - Vice Chairman & Chief Execuve Officer Mr. Sanjeev Kumar Masown - Whole Time Director-cum-Chief Financial Officer

KDDL Limited ANNUAL REPORT - Bombay Stock …. Yashovardhan Saboo - Vice Chairman & Chief Execuve Officer Mr. Sanjeev Kumar Masown - Whole Time Director-cum-Chief Financial Officer

PROTECTION FOREST ZONING - LoggingOff · implementaon of Protecon Forest zoning has not included the parcipaon of local stakeholders. Specifically, local forest‐planters were neither

PROTECTION FOREST ZONING - LoggingOff · implementaon of Protecon Forest zoning has not included the parcipaon of local stakeholders. Specifically, local forest‐planters were neither

General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission

General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission

Company Profile 1 - Cobranetcobranet.org/files/services/downloads/Company Profile.pdf · COMPANY PROFILE · Execuve Summary 2 ... Gathered informaon is analyzed in order for our Presales

Company Profile 1 - Cobranetcobranet.org/files/services/downloads/Company Profile.pdf · COMPANY PROFILE · Execuve Summary 2 ... Gathered informaon is analyzed in order for our Presales

Final 70 pages - RMCLMr. Mitesh K. Patel Non Execuve & Independent COMPANY SECRETARY & COMPLIANCE OFFICER CS MANGESH SHETYE STATUTORY AUDITORS H P SHAH ASSOCIATES Chartered Accountants

Final 70 pages - RMCLMr. Mitesh K. Patel Non Execuve & Independent COMPANY SECRETARY & COMPLIANCE OFFICER CS MANGESH SHETYE STATUTORY AUDITORS H P SHAH ASSOCIATES Chartered Accountants

Advanced Threat Protecon (ATP) – Was ist das und …...ADVANCED THREAT PROTECTION ENDPUNKT NETZWERK E-MAIL DRITT-HERSTELLER Ablauf von Advanced Threat Detecon Beispiel: Erkennung

Advanced Threat Protecon (ATP) – Was ist das und …...ADVANCED THREAT PROTECTION ENDPUNKT NETZWERK E-MAIL DRITT-HERSTELLER Ablauf von Advanced Threat Detecon Beispiel: Erkennung

ETUDE SUR LA PAUVRETE ET LES DISPARITES CHEZ LES … · que sont la santé, l’éducaon, la nutrion, la protecon des droits et la protecon sociale afin de mesurer leurs impacts,

ETUDE SUR LA PAUVRETE ET LES DISPARITES CHEZ LES … · que sont la santé, l’éducaon, la nutrion, la protecon des droits et la protecon sociale afin de mesurer leurs impacts,

Anita!J.!La!Salle! …depts.washington.edu/nsfsch/slides/LaSalle.pdfWebinar,)check) outour)website) Form)your)ICorps) Team) Sendusyour) Execuve) Summary) Engage)in) Telephone) Interviews)

Anita!J.!La!Salle! …depts.washington.edu/nsfsch/slides/LaSalle.pdfWebinar,)check) outour)website) Form)your)ICorps) Team) Sendusyour) Execuve) Summary) Engage)in) Telephone) Interviews)

For personal use only - ASX · Considerable experience in Chinese investment & markets Non-Execuve Chairman - Mr James Zhang Managing Director – Dr John Parker ... - polymer/plastic

For personal use only - ASX · Considerable experience in Chinese investment & markets Non-Execuve Chairman - Mr James Zhang Managing Director – Dr John Parker ... - polymer/plastic

Andrew Petro - NASA · Program Execuve: Andrew Petro (NASA Headquarters) Andrew.J.Petro@nasa.gov Program Office at NASA Ames Research Center Program Manager: Bruce Yost Bruce.D.Yost@nasa.gov

Andrew Petro - NASA · Program Execuve: Andrew Petro (NASA Headquarters) [email protected] Program Office at NASA Ames Research Center Program Manager: Bruce Yost [email protected]

Government)policy)for))protecon of “dark)skies” Gabriel Rodriguez... · Government)policy)for))protecon of “dark)skies” XXIXIAU)General)Assembly) Amb.%Gabriel%Rodríguez%G3H%

Government)policy)for))protecon of “dark)skies” Gabriel Rodriguez... · Government)policy)for))protecon of “dark)skies” XXIXIAU)General)Assembly) Amb.%Gabriel%Rodríguez%G3H%

Brand Protecon Professional Magazine, Michigan …royal-furniture.co.jp/wp-content/uploads/PDF-Press...Brand Protecon Professional Magazine, Michigan State University's Center for

Brand Protecon Professional Magazine, Michigan …royal-furniture.co.jp/wp-content/uploads/PDF-Press...Brand Protecon Professional Magazine, Michigan State University's Center for

JJournalournal IRDAI 28.02.2020.… · Dr. Karanam Nagaraja Rao and Dr. Aswathi Nair in their arcle ‘Policyholder Protecon ‐ A Perspecve from Life Insurance Sector in India’.

JJournalournal IRDAI 28.02.2020.… · Dr. Karanam Nagaraja Rao and Dr. Aswathi Nair in their arcle ‘Policyholder Protecon ‐ A Perspecve from Life Insurance Sector in India’.

Wastewater(Pipeline(Asset Management&(Protecon( · Wastewater(Pipeline(Asset Management&(Protecon(!! John!Vetere ! StephenCullen Margery!Johnson! Patrick!Smith!!! October4,2013. Today’s!!Agenda

Wastewater(Pipeline(Asset Management&(Protecon( · Wastewater(Pipeline(Asset Management&(Protecon(!! John!Vetere ! StephenCullen Margery!Johnson! Patrick!Smith!!! October4,2013. Today’s!!Agenda

BOARD OF DIRECTORS - Dhelakhatdhelakhat.com/wp-content/uploads/2019/07/ANNUAL-REPORT... · 2019-07-04 · BOARD OF DIRECTORS Mr. Rakesh Macwan, Non-Execuve Independent Director Mr.

BOARD OF DIRECTORS - Dhelakhatdhelakhat.com/wp-content/uploads/2019/07/ANNUAL-REPORT... · 2019-07-04 · BOARD OF DIRECTORS Mr. Rakesh Macwan, Non-Execuve Independent Director Mr.

UAV (aka drone) Forensics - ursasecure.com · The proper term for drones is sUAS – small unmanned aerial system. Take a system approach to security and invesgaons, do not treat

UAV (aka drone) Forensics - ursasecure.com · The proper term for drones is sUAS – small unmanned aerial system. Take a system approach to security and invesgaons, do not treat

Execuve Summary & Analysis · 2018. 10. 24. · 2 28TH Annual Pennsylvania Economic Survey pachamber.org Execuve Summary & Analysis 28th Annual Pennsylvania Economic Survey Conducted

Execuve Summary & Analysis · 2018. 10. 24. · 2 28TH Annual Pennsylvania Economic Survey pachamber.org Execuve Summary & Analysis 28th Annual Pennsylvania Economic Survey Conducted