Date post: | 20-Jan-2017 |
Category: |
Technology |
Upload: | shannon-glass |
View: | 494 times |
Download: | 1 times |
2016 Security: Are You
Prepared?
2
Shannon GlassPractice Director, Information Security and Compliance
Brian BoyceSenior Leadership, Business Development
Dustin Werden Practice Director, Project Management Services
3
AfidenceIT Overview
State Of Security
Culture Of Awareness
Why Should You Care?
Shannon’s Top 10
Agenda
4
AfidenceIT ServicesSTRATEGY
PROJECT MANAGEMENT
IT SUPPORT
SHAREPOINT
SECURITY/COMPLIANCE NEW!
CO-SOURCING
5
AfidenceIT Differentiators
Knowledge Transfer
People No Contracts Truly Objective
“To be recognized as the most trusted leader in business and technology.”
6
Shannon GlassPractice Director, Information Security And Compliance
• Certifications: PCIP, CPISM, MCPM• BS In Organizational
Communication & Management • MBA 2016• 15 Years Of IT, Information
Security And Compliance• Security, Compliance,
Outsourcing/Right Sourcing, Acquisition Integration, Program Management
• Clients: Healthcare, Financial & Retail
7
Dustin WerdenPractice Director, Project Management Services
• Certifications: MCITP, CISSP, PMP, Security+
• BA In IS & Management • MBA 2016• 14 Years Of Enterprise & Large Scale
IT Project Management Experience And Technology Deployment And Integration
• Clients: Aerospace, Public Utilities, DoD, Manufacturing, Family Foundations.
State Of The Union? No, Just Security.
9
State of the Security Industry
1.Protecting Assets
2.Emerging Technologies
3.Risk Framework
http://idgknowledgehub.com/2015/10/23/2016-global-state-of-information-security-survey-research-results/
Playing Catch Up
Leveraging Technology1.Cloud
2.Big Data
3.Internet Of Things
The Human Factor
1.Executive Oversight
2.Security Awareness
3.Increased Budget
10
Changing Security Mindset Produces Results
You Get Results
1.49% Identify Risks
2.47% Detect And Mitigate Quicker
3.37% Know Gaps
Threat Intelligence
Cultural Changes
1.Collaboration
2.Actionable
3.Size Matters
1.Executive Sponsorship
2.Culture Awareness
3.Aligning Security, Risk And Business
11
Effects Of Board Participation
Security Budget0%5%
10%15%20%25%30%35%40%45%50%
40% 42%
36%
30%25%
46% 45%41%
37%32%
2014 2015
Security Policy Security Technology
Review RisksOverall
Strategy
12
Dark Web Rising
• Nation States• The Dark Web• Hacktivists
Creating A Culture Of Awareness
14
Know the Marketplace
1. Security Spending ~ $80 Billion in 2015*
2. 47% Will Hire 1-10 Security Employees in 2016**
3. Security Awareness Training: - Must Be Measurable- Understand Your Audience - Train Based On Risk Tolerance
*Gartner 2015 Report**www.cio.com December 17, 2015: The hottest security certifications, most in-demand skills.
15
5 Questions Every
CEO Should
Ask
1. Business Impact Of Security? 2. Plan To Address Risks? 3. Using Industry Best
Practices? 4. Velocity And Vectors For
Security Incidents & Threats?5. Do We Have An Incident
Response Plan?
16
Good vs. Bad Passwords
Based on AD Accounts
Length > Complexity
Good PasswordsBad
PasswordsWhineyRunawayGiant201 password123
42Blue-eyedPrimVictorians qwerty910MaternalMatchboxElectrician8 qazxsw8! MyKidsDontLetMeSleep! lKjuIo8#
Bad because the keys are consecutive on a keyboard!
17
Hacking By The NumbersPassword
Length
U/L Case,Special,Alpha
Numeric
U/L Case, Alpha
Numeric U/L Case Only
Lowercase
6 1.67
Seconds 7 98 Seconds 8 52 Hours 93 Minutes 26 Minutes 6 Seconds10 286 days 14 61 Years
1645 Billion
Years
41 Thousand
Years
Length Of Time It Takes To Crack A Password:
Red = BadGreen = Good
18
Trending Threat Vectors
• Retail• Medical• Ransomware• Browser Plug Ins• Bootkits
Why You Should CareEverything Is Vulnerable
Anything Can Be Hacked
Because Security Is Everyone’s Responsibility
Hackers Are Not Going To Stop, So Neither Can We
20
Get Hacked in 10 Easy Steps!
1. Don't Patch Anything2. Run Unhardened Applications3. Log On Everywhere As “Domain Admin"4. Open Lots Of Holes In The Firewall5. Allow Unrestricted Internal Traffic6. Allow All Outbound Traffic7. Don't Harden Servers At All8. Use Lame Passwords9. Use Service Accounts In Multiple Places10. Assume Everything Is OK
Source: Jesper Johansson, 2004
21
Shannon’s Top 101. Security Awareness Training2. Malware Detection3. Policy And Procedures4. Patching And Vulnerabilities5. Securing Cloud Infrastructure6. Segment Your Network7. Protect The Perimeter8. Log, Monitor And Understand9. Protect Your End Points: IoT10. Continuous Compliance
22
Best Practice Approach1. Conduct A Security Assessment2. Understand The Threat
Landscape3. Test And Scan Network4. Use A Risk Based Approach5. Follow A Control Framework6. Build A Security Program7. Continuous Compliance
Building On A Budget
24
Join The Conversation #LeadWithTrust
Twitter: @Afidence Facebook: /Afidence LinkedIn: /company/Afidence
26
INFORMATION SECURITY& COMPLIANCE NEW FOR 2016!
& COMPLIANCE
27
Resources• 1. Global IT Security Risks Survey. (2015). Retrieved December 17, 2015, from
http://media.kaspersky.com/en/business-security/it-security-risks-survey-2015.pdf• 2. Moore, S. (2014, August 22). Gartner Says Worldwide Information Security Spending Will Grow Almost
8 Percent in 2014 as Organizations Become More Threat-Aware. Retrieved December 17, 2015, from http://www.gartner.com/newsroom/id/2828722
• http://www.natlawreview.com/article/2016-data-breach-predictions-hackers-more-active-ever#sthash.jfXPPLZ8.dpuf
• http://www.foxnews.com/tech/2016/01/09/3-biggest-security-threats-2016.html• http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/• http://
searchenterprisedesktop.techtarget.com/news/1002600/Get-your-network-hacked-in-10-easy-steps• http://www.healthslide.com/simple-security-through-better-password-practices-2/