this is your presentation titlethreats coremax •over 11 percent of total pc users are working on a...

Bob LinehanCoreMax Consulting

June 1, 2016

Cyber Hygiene

AgendaCoreMax

Cybersecurity

Threats

What’s is the Risk?

Access Controls

Risk types

Resources

Controls

Cyber Hygiene

Getting Started

CyberSecurity CoreMax

Cybersecurity = Information Technology Security

Sophisticated cyber actors and nation-states exploit vulnerabilities

Serious Homeland Threat

ThreatsCoreMax

• Over 11 percent of total PC users are working on a very vulnerable Windows XP system.

• Over 500,000 new samples of distinct malware are seen per day just by Virustotal, so relying on traditional anti-malware defenses is becoming a losing battle.

• The 2015 IBM Cost of Data Breach report found a consolidated average cost for an organization experiencing a breach of 3.8M or $154 per record

• 85% of known vulnerabilities can be stopped by deploying the Top 5 CIS Controls.

What is the Risk?CoreMax

Source Gartner Consulting

Access ControlsCoreMax

Access control is a security technique that can be used to regulate who or what can view or use resources in a computing environment.

There are 2 main types of access control: Physical Logical.

Access Control Systems Perform:• Authorization identification • Authentication • Access approval • Accountability of entities through login credentials

Risk TypesCoreMax

• Malware

• Ransomware

• Phishing

• Password Attacks

• Rogue Software

• Denial-of-Service (DoS) Attacks

• Man in the Middle (MITM)

• Drive-By Downloads

• Malvertising

Resources CoreMax

Client

Privacy

CIS

FISMA

FERPA

ITIL

NSA MNP

ISO

HIPAA/

HITECH

NIST

CoreMax

Confidential & Proprietary

Security Controls

CoreMax

National Institute of Standards and Technology (CSF)

IdentifyProtectDetectRespond Recover

Cyber Hygiene

CoreMax

COUNT: Know what's connected to your network

CONFIGURE: Protect your systems by implementing key security settings.

CONTROL: Protect your systems by properly managing accounts and limiting user and administrator privileges to only what they need to do their job.

PATCH: Protect your systems by keeping current!

REPEAT: This is a 'cycle of events' that must repeat itself frequently enough when appropriate.

Cyber Hygiene

Get Started……

CoreMax

What am I trying to protect?

Where are my gaps?

What are my priorities?

Where can I automate?

How can my vendor partners help?

CoreMax

Inventory of Authorized and Unauthorized DevicesInventory of Authorized and Unauthorized SoftwareSecure Configurations for Hardware and SoftwareContinuous Vulnerability Assessment and RemediationControlled Use of Administrative PrivilegesMaintenance, Monitoring, and Analysis of Audit LogsEmail and Web Browser ProtectionsMalware DefensesLimitation and Control of Network PortsData Recovery CapabilitySecure Configurations for Network DevicesBoundary DefenseData ProtectionControlled Access Based on the Need to KnowWireless Access ControlAccount Monitoring and ControlSecurity Skills Assessment and Training to Fill GapsApplication Software SecurityIncident Response and ManagementPenetration Tests and Red Team Exercises

……….Work Through the Controls List

Robert LinehanPrincipalCoreMax ConsultingRobert.Linehan@CoreMax.com

Thank You

CoreMax