Download - The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

Transcript
Page 1: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

The Top 10 things you must do to protect security systems from cyber a7acks DaveTysonCPP,CISSP,MBA

Page 2: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

Dave’sBio

•  16YearsinPhysicalSecurityIndustry•  ExecuAve

ProtecAon•  InvesAgaAons•  SecurityOfficers•  Security

Systems•  ChiefSecurity

Officer

•  20YearsinCyberSecurityIndustry•  Chief

InformaAonSecurityOfficer

•  CyberSecurityConsultant

•  VulnerabilityTesAngCompanyOwner

•  IndustryExperience&CredenAals•  CerAfiedProtecAonProfessional•  CerAfiedInformaAonSystemsSecurity

Professional•  MBA,DigitalTechnologyMgt.•  2015PresidentASISInternaAonal

Page 3: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

Agenda •  LevelSeRng•  HowCyberaTacksarecarriedout•  Top10MustdoacAviAes

Page 4: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

Why?

Ø  1in101emailsinmalicious

Ø  32%ofemailisactuallycleanenoughfordelivery

Page 5: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

How?

•  Itwasinsecuretostartwith•  Itwasinstalledpoorly•  Itwasn’tmaintainedofmonitoredcorrectly

Page 6: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

What

•  Interconnec6vity•  Complexity

•  It’saweakestlinkdiscipline

Page 7: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons
Page 8: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

1.  Doyouhaverequirementsforsecuringthetoolorsystem?

2.  Diditstartsecure?3.  Wasitinstalledwithasecuredesign?4.  HavetheintegraAonpointsbeingconsidered?5.  Isittestedforsecuritybeforegoinglive?6.  Areallthebasicscovered?7.  Howwillyouknowifthesystemisviolated?8.  Whoisgoingtomonitorthesystemortoolfor

variance?9.  Howwillitbemaintained?10.  Usesecurityintelligencetounderstandyour

adversary’sapproach

Top10List

Page 9: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#1 - Do you have requirements for securing the tool or system?

•  SecurityrequirementsmustbedevelopedifyouwanttoletthetechnicalteamknowyourexpectaAons!

Page 10: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#2 - Did it start secure?

•  BeyondtheVendorstatements!

•  Whatassuranceleveldoyourequire?

Page 11: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#3 - Was it installed with a secure design? •  Wastheadocumenteddesigncreatedbyanexpert?

•  Didthesecurityrequirementsmakeitintothedesign?

•  Wasitinstalledaccordingtothedesign?

Page 12: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#4 - Have the integraHon points being considered?

•  Forsystemsthatwillbeintegratedortalkedto,havethesecurityissuesbeenconsidered?

Page 13: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#5 - Is it tested for security before going live?

•  Measure6Ames,cutonce!

•  NoscoperestricAons!

•  TesAngcriteriashouldbeaddedintorequirementsdocument!

Page 14: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#6 - Are all the basics covered?

•  Doyouknowallwhowillhaveaccess?Eveninanemergency!

•  Arethelockoutscomplete?•  IstheredocumentaAon?

•  Istrainingincluded?

Page 15: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#7 - How will you know if the system is violated?

• WhatdoesanaTacklooklikeforthissystem?

• Whatisthebaseline,whatdoesnormallooklike?

Page 16: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#8 - Who is going to monitor the system or tool for variance?

• Whowillmonitor?• WhatareescalaAonpaths?• WhataboutreporAng?

Page 17: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#9 - How will it be maintained?

•  Whowillpatchandupdateit?

•  Whataboutendoflifeandreplacement?

•  Securitydisposal?

Page 18: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

#10 - Use security intelligence to understand your adversary’s

approach

•  Knowthyenemy!

Page 19: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

Summary •  Plantosucceed•  Workthetop10listataminimum

•  Decidehowmuchriskisacceptable

•  Doorwaytothedatanetwork

Page 20: The Top 10 things you must do to protect security systems ......Dave Tyson CPP, CISSP, MBA Dave’s Bio • 16 Years in Physical Security Industry • Execuve Protecon • Invesgaons

[email protected]@cisoinsightshTps://www.facebook.com/cisoinsights/www.cybereasylearning.com


Top Related

2017 Affirmave Acon Plan Execuve Summary...2017 Affirmative Action Plan Overview and Highlights The Office of Institutional Equity has completed U onn Health’s annual Affirmative

2017 Affirmave Acon Plan Execuve Summary...2017 Affirmative Action Plan Overview and Highlights The Office of Institutional Equity has completed U onn Health’s annual Affirmative

PROTECTION FOREST ZONING - LoggingOff · implementaon of Protecon Forest zoning has not included the parcipaon of local stakeholders. Specifically, local forest‐planters were neither

PROTECTION FOREST ZONING - LoggingOff · implementaon of Protecon Forest zoning has not included the parcipaon of local stakeholders. Specifically, local forest‐planters were neither

General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission

General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission

Demystifying negative screens - Schroders...Contents Demystifying negative screens: the full implications of ESG exclusions 3 Execuve ti usmmary 3 Screening remains very popular in

Demystifying negative screens - Schroders...Contents Demystifying negative screens: the full implications of ESG exclusions 3 Execuve ti usmmary 3 Screening remains very popular in

Brand Protecon Professional Magazine, Michigan …royal-furniture.co.jp/wp-content/uploads/PDF-Press...Brand Protecon Professional Magazine, Michigan State University's Center for

Brand Protecon Professional Magazine, Michigan …royal-furniture.co.jp/wp-content/uploads/PDF-Press...Brand Protecon Professional Magazine, Michigan State University's Center for

Triggering Change - Maharashtra CHAN… · concerned about the children's rights to survival, development, protecon and parcipaon. Child Friendly Panchayat is a concept which effecvely

Triggering Change - Maharashtra CHAN… · concerned about the children's rights to survival, development, protecon and parcipaon. Child Friendly Panchayat is a concept which effecvely

Opmizaon and Fabricaon Studies in the Development of ... · and Fabricaon Studies in the Development of Structurally Integrated Thermal Protecon System ... Butcher, K., and Easler,

Opmizaon and Fabricaon Studies in the Development of ... · and Fabricaon Studies in the Development of Structurally Integrated Thermal Protecon System ... Butcher, K., and Easler,

UAV (aka drone) Forensics - ursasecure.com · The proper term for drones is sUAS – small unmanned aerial system. Take a system approach to security and invesgaons, do not treat

UAV (aka drone) Forensics - ursasecure.com · The proper term for drones is sUAS – small unmanned aerial system. Take a system approach to security and invesgaons, do not treat

Languages
Pages
Legal

Copyright © 2022 FDOCUMENTS