cybersecurity, compliance, mobility, and protecting ...€¦ · cybersecurity tips! don’t bank on...
TRANSCRIPT
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 1
Cybersecurity ComplianceMobility and Protecting
Information
David Willson Attorney at Law
CISSP Security +
Agenda Why Train Because everyone loves training
What you should remember
The threat and how technology has made loss and theft of info quick and easy
How to lower risk liability protect info and build customer confidence
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 2
What is your pain
Do you know someone or a company that
Has lost data or had data stolen
Had a mobile device with important info lost or stolen
Been fined or sued lost customers reputation time or revenue
Been HACKED
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 3
The Training Challenge
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 4
reat
What to Remember
The Th is REAL
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 5
The Threat
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 6
1
Conn of
OVERWHELMING
Verizon data breach report shows weak passwords at root of 201
data breaches
ficials investigating possible data breach
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 7
The Value of Information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 8
Whatrsquos Their Motivation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 9
So who is the target
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 10
How Trusting Are You
Trust but Verify
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 11
The Issue
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 12
Do you drop your security guard when yougo home
Training is about changing attitudes about security and
keeping people alert
ldquoThink before you
clickrdquo
ldquoKnow when to hold em know when to fold emrdquo
ldquoKnow when to say NOrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 13
Okay letrsquos take a breath
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 14
Games
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 15
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
Agenda Why Train Because everyone loves training
What you should remember
The threat and how technology has made loss and theft of info quick and easy
How to lower risk liability protect info and build customer confidence
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 2
What is your pain
Do you know someone or a company that
Has lost data or had data stolen
Had a mobile device with important info lost or stolen
Been fined or sued lost customers reputation time or revenue
Been HACKED
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 3
The Training Challenge
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 4
reat
What to Remember
The Th is REAL
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 5
The Threat
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 6
1
Conn of
OVERWHELMING
Verizon data breach report shows weak passwords at root of 201
data breaches
ficials investigating possible data breach
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 7
The Value of Information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 8
Whatrsquos Their Motivation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 9
So who is the target
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 10
How Trusting Are You
Trust but Verify
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 11
The Issue
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 12
Do you drop your security guard when yougo home
Training is about changing attitudes about security and
keeping people alert
ldquoThink before you
clickrdquo
ldquoKnow when to hold em know when to fold emrdquo
ldquoKnow when to say NOrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 13
Okay letrsquos take a breath
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 14
Games
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 15
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
What is your pain
Do you know someone or a company that
Has lost data or had data stolen
Had a mobile device with important info lost or stolen
Been fined or sued lost customers reputation time or revenue
Been HACKED
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 3
The Training Challenge
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 4
reat
What to Remember
The Th is REAL
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 5
The Threat
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 6
1
Conn of
OVERWHELMING
Verizon data breach report shows weak passwords at root of 201
data breaches
ficials investigating possible data breach
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 7
The Value of Information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 8
Whatrsquos Their Motivation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 9
So who is the target
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 10
How Trusting Are You
Trust but Verify
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 11
The Issue
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 12
Do you drop your security guard when yougo home
Training is about changing attitudes about security and
keeping people alert
ldquoThink before you
clickrdquo
ldquoKnow when to hold em know when to fold emrdquo
ldquoKnow when to say NOrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 13
Okay letrsquos take a breath
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 14
Games
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 15
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
The Training Challenge
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 4
reat
What to Remember
The Th is REAL
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 5
The Threat
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 6
1
Conn of
OVERWHELMING
Verizon data breach report shows weak passwords at root of 201
data breaches
ficials investigating possible data breach
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 7
The Value of Information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 8
Whatrsquos Their Motivation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 9
So who is the target
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 10
How Trusting Are You
Trust but Verify
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 11
The Issue
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 12
Do you drop your security guard when yougo home
Training is about changing attitudes about security and
keeping people alert
ldquoThink before you
clickrdquo
ldquoKnow when to hold em know when to fold emrdquo
ldquoKnow when to say NOrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 13
Okay letrsquos take a breath
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 14
Games
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 15
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
reat
What to Remember
The Th is REAL
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 5
The Threat
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 6
1
Conn of
OVERWHELMING
Verizon data breach report shows weak passwords at root of 201
data breaches
ficials investigating possible data breach
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 7
The Value of Information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 8
Whatrsquos Their Motivation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 9
So who is the target
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 10
How Trusting Are You
Trust but Verify
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 11
The Issue
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 12
Do you drop your security guard when yougo home
Training is about changing attitudes about security and
keeping people alert
ldquoThink before you
clickrdquo
ldquoKnow when to hold em know when to fold emrdquo
ldquoKnow when to say NOrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 13
Okay letrsquos take a breath
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 14
Games
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 15
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
The Threat
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 6
1
Conn of
OVERWHELMING
Verizon data breach report shows weak passwords at root of 201
data breaches
ficials investigating possible data breach
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 7
The Value of Information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 8
Whatrsquos Their Motivation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 9
So who is the target
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 10
How Trusting Are You
Trust but Verify
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 11
The Issue
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 12
Do you drop your security guard when yougo home
Training is about changing attitudes about security and
keeping people alert
ldquoThink before you
clickrdquo
ldquoKnow when to hold em know when to fold emrdquo
ldquoKnow when to say NOrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 13
Okay letrsquos take a breath
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 14
Games
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 15
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
1
Conn of
OVERWHELMING
Verizon data breach report shows weak passwords at root of 201
data breaches
ficials investigating possible data breach
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 7
The Value of Information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 8
Whatrsquos Their Motivation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 9
So who is the target
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 10
How Trusting Are You
Trust but Verify
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 11
The Issue
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 12
Do you drop your security guard when yougo home
Training is about changing attitudes about security and
keeping people alert
ldquoThink before you
clickrdquo
ldquoKnow when to hold em know when to fold emrdquo
ldquoKnow when to say NOrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 13
Okay letrsquos take a breath
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 14
Games
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 15
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
The Value of Information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 8
Whatrsquos Their Motivation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 9
So who is the target
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 10
How Trusting Are You
Trust but Verify
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 11
The Issue
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 12
Do you drop your security guard when yougo home
Training is about changing attitudes about security and
keeping people alert
ldquoThink before you
clickrdquo
ldquoKnow when to hold em know when to fold emrdquo
ldquoKnow when to say NOrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 13
Okay letrsquos take a breath
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 14
Games
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 15
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
Whatrsquos Their Motivation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 9
So who is the target
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 10
How Trusting Are You
Trust but Verify
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 11
The Issue
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 12
Do you drop your security guard when yougo home
Training is about changing attitudes about security and
keeping people alert
ldquoThink before you
clickrdquo
ldquoKnow when to hold em know when to fold emrdquo
ldquoKnow when to say NOrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 13
Okay letrsquos take a breath
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 14
Games
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 15
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
So who is the target
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 10
How Trusting Are You
Trust but Verify
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 11
The Issue
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 12
Do you drop your security guard when yougo home
Training is about changing attitudes about security and
keeping people alert
ldquoThink before you
clickrdquo
ldquoKnow when to hold em know when to fold emrdquo
ldquoKnow when to say NOrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 13
Okay letrsquos take a breath
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 14
Games
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 15
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
How Trusting Are You
Trust but Verify
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 11
The Issue
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 12
Do you drop your security guard when yougo home
Training is about changing attitudes about security and
keeping people alert
ldquoThink before you
clickrdquo
ldquoKnow when to hold em know when to fold emrdquo
ldquoKnow when to say NOrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 13
Okay letrsquos take a breath
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 14
Games
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 15
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
The Issue
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 12
Do you drop your security guard when yougo home
Training is about changing attitudes about security and
keeping people alert
ldquoThink before you
clickrdquo
ldquoKnow when to hold em know when to fold emrdquo
ldquoKnow when to say NOrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 13
Okay letrsquos take a breath
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 14
Games
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 15
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
Do you drop your security guard when yougo home
Training is about changing attitudes about security and
keeping people alert
ldquoThink before you
clickrdquo
ldquoKnow when to hold em know when to fold emrdquo
ldquoKnow when to say NOrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 13
Okay letrsquos take a breath
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 14
Games
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 15
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
Okay letrsquos take a breath
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 14
Games
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 15
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
Games
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 15
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
Convenience vs Security
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 16
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
Interesting Comments I have Heard
ldquoIrsquom not worried about itrdquo
ldquoMy computer company said I am securerdquo
ldquoI donrsquot have anything the hackers wantrdquo
ldquoI have a really good password Itrsquos really longrdquo
ldquoThat is not my area IT is responsible for securing infordquo
ldquoIts not my information and its not my jobrdquo
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 17
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
The Risk
Whatrsquos the Risk of bad security practices National security issue Embarrassment Loss of Revenue Bankruptcy Loss of customer confidence Loss of proprietary datatrade secrets
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 18
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
The Liability
Whorsquos liable when information is lost or stolen YOU
One of consumersrsquo biggest fears is identity theft
Loss leads to fines lawsuits and negative reputation
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 19
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
Must Have Security
Compliance depending on your industry requires security
Commonsense and your fiduciary responsibility requires good security
As an employee you have a responsibility to protect company information
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 20
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
How To Reduce Risk ndash Eliminate Liability
1 Determine what information you are collecting processing and storing
2 Who has access to that information 3 Categorize the info based on sensitivity 4 Write the policies showing how info is secured
protected and to educate employees on their responsibilities
5 Train train train
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 21
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
Policy Must Haves
Policies outline how the company is implementing security ndash so a security policy is a MUST
Policies provide employees notice of dorsquos and donrsquots as well as their responsibility
Some other policies social media BYOD wireless work from home password Internet usage or AUP etc Also for certain industries compliance policies
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 22
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
What did we learn
Hackersthieves want everything not just credit card rsquos
Mobile devices have increased the threat Stealing datainfo is relatively easy It can lead to catastrophic consequences Training is the key Keep training interesting fun and interactive Take a personal interest in protecting all info
not just your own
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 23
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
Cybersecurity Tips
Donrsquot bank on your smartphone If banking online make sure the bank window is
the only one open and the URL says Https When using public WiFi like a coffee shop
airport hotel use a proxy like Hotspot Donrsquot click on links in email go to the site like
Facebook LinkedIn etc When you can encrypt all data Donrsquot click on the ldquounsubscriberdquo link on
unwanted emails It validates your email and may add you to spam
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 24
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
BLUF End User is the Target
Train the Workforce to A Recognize the threat B Recognize the scams C Understand the Value of Information
Training should be A Interesting B Engaging C Continuous
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 25
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
Donrsquot Be This Guy
copy 2011 Global Knowledge Training LLC All rights reserved 1282015 Page 26
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
commended Global Knowledge Courses
Certified Ethical Hacker v7 Cybersecurity Foundations Foundstone Ultimate Hacking Defending Windows Networks Cybersecurity Mobility amp Compliance Course (CSMCC)
wwwglobalknowledgecom 1-877-333-8326
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom
Questions
David Willson JD LLM CISSP Security +
(719) 648-4176 davidtitaninfosecuritygroupcom wwwtitaninfosecuritygroupcom