Essentials for a Cybersecurity Framework
18
SECURITY Essentials for a Cybersecurity Framework Michelle Syc Senior Analyst, Advisory & Assurance Services ADNET Technologies, LLC
-
date post
21-Oct-2014 -
Category
Technology
-
view
297 -
download
5
description
The White House recently released an Executive Order, Improving Critical Infrastructure Cybersecurity, to Federal Departments and Agencies. The Executive Order specifically directs the National Institute of Standards and Technology (NIST) to “lead the development of a framework to reduce cyber risks to critical infrastructure.” If cybersecurity, even at the national level, requires more focus, what can be said for the state of security within the rest of our Nation’s businesses? We commonly think of our data being most vulnerable to outside hackers, but blocking the traffic outside with hardware and software is not sufficient protection. In fact, a staggering number of companies fail to take adequate preventative measures to protect data and intangible information. Companies that operate within compliance regulations should be especially concerned with how easily their own people can be made to share protected information without their knowledge - a practice commonly referred to as “social engineering.” In this interactive discussion, Michelle Syc, Certified Ethical Hacker, will share the essential components of a Cybersecurity Framework to reduce the risk to critical infrastructure. Attendees will learn how to begin to align policy, methodologies and technology to identify their risk exposure and protect their most important information. Presented By: Michelle Syc, Cybersecurity Defense Advisor with CohnReznick LLP Michelle D. Syc, CISSP, CEH, has over 10 years of experience in risk management. Her focus in the cyber security and compliance industry allows her to assist clients with identifying and assessing information system related risks and implementing strategies to manage those risks. Michelle has extensive experience managing security audits, which include ethical hacking, penetration studies, and social engineering projects. She assists organizations in properly aligning information security spending to cost-effectively reduce the risk of data loss. Michelle designs test plans to evaluate control objectives and to identify weaknesses in the information technology control structure. She assists organizations in complying with information security regulations such as HIPAA, PCI DSS, MA201CMR and other Federal and state regulations. She is a member of the Connecticut InfraGard chapter, which partners with the FBI to share information and intelligence to prevent hostile acts against the United States.
Transcript of Essentials for a Cybersecurity Framework
SE
CU
RIT
Y
Essentials for a Cybersecurity Framework
Michelle Syc
Senior Analyst, Advisory & Assurance Services
ADNET Technologies, LLC
SE
CU
RIT
Y
Roadmap
Cyberspace debunkedCyber security executive orderCyber Security Quick wins
Image Source: GoWest, Quickly spread the Bitcoin virtual worlds 2012 http://bitcoin.hu/?p=2324
SE
CU
RIT
Y
Cyber Space
• extension of the human mind and human society
• U.S. Constitution does not necessarily apply
• Belongs to everyone• No one in charge • No centralized protection• No U.S. national policy on cyber attacks
SE
CU
RIT
YImage Source: O’Hara Sean, EV Studio at: http://evstudio.com/floor-plan-for-small-1200-sf-house-with-3-bedrooms-and-2-bathrooms/
SE
CU
RIT
YImage Source: O’Hara Sean, EV Studio at: http://evstudio.com/floor-plan-for-small-1200-sf-house-with-3-bedrooms-and-2-bathrooms/
Scenario 1:• 3 young children• Front and Back door wide open• Front door open to busy street 5 feet away• All internal doors wide open• Storage closet = uneven flight of stairs, no banisters, unfinished basement• Man-to-man defense
SE
CU
RIT
YImage Source: O’Hara Sean, EV Studio at: http://evstudio.com/floor-plan-for-small-1200-sf-house-with-3-bedrooms-and-2-bathrooms/
Scenario 2:• 3 young children• Front and Back door wide open• Front door opens to busy street 5 feet away• All internal doors wide open• Storage closet = uneven flight of stairs, no banisters, unfinished basement• Zone Defense
SE
CU
RIT
YImage Source: O’Hara Sean, EV Studio at: http://evstudio.com/floor-plan-for-small-1200-sf-house-with-3-bedrooms-and-2-bathrooms/
Scenario 2:• 3 young children• Front and Back door wide open• Front door opens to busy street 5 feet away• All internal doors wide open• Storage closet = uneven flight of stairs, no banisters, unfinished basement• Zone Defense
SE
CU
RIT
YImage Source: O’Hara Sean, EV Studio at: http://evstudio.com/floor-plan-for-small-1200-sf-house-with-3-bedrooms-and-2-bathrooms/
Scenario 2:• 3 young children• Front and Back door wide open• Front door opens to busy street 5 feet away• All internal doors wide open• Storage closet = uneven flight of stairs, no banisters, unfinished basement• Zone Defense
SE
CU
RIT
YImage Source: O’Hara Sean, EV Studio at: http://evstudio.com/floor-plan-for-small-1200-sf-house-with-3-bedrooms-and-2-bathrooms/
Scenario 2:• 3 young children• Front and Back door wide open• Front door opens to busy street 5 feet away• All internal doors wide open• Storage closet = uneven flight of stairs, no banisters, unfinished basement• Zone Defense
SE
CU
RIT
YImage Source: O’Hara Sean, EV Studio at: http://evstudio.com/floor-plan-for-small-1200-sf-house-with-3-bedrooms-and-2-bathrooms/
Scenario 1:• 3 young children• Front and Back door wide open• Front door open to busy street 5 feet away• All internal doors wide open• Storage closet = uneven flight of stairs, no banisters, unfinished basement• Man-to-man defense
Scenario 2:• 3 young children• Front and Back door wide open• Front door opens to busy street 5 feet away• All internal doors wide open• Storage closet = uneven flight of stairs, no banisters, unfinished basement• Zone Defense
Scenario 3:• One 5-year-old, two 2-year-old twins• Front and Back door wide open• Front door open to busy street 5 feet away• All internal doors wide open• Storage closet = uneven flight of stairs, no banisters, unfinished basement• Zone Defense
Scenario 4:• One 5-year-old, two 2-year-old twins• Front and Back door wide open• Front door open to busy street 5 feet away• All internal doors wide open• Storage closet = patched and repaired stairs (carpeted / banisters)• Zone Defense
Scenario 5:• One 5-year-old, two 2-year-old twins• Front and Back closed and locked• All internal doors wide open• Storage closet = patched and repaired stairs (carpeted / banisters)• Zone Defense
Scenario 6:• One 5-year-old, two 2-year-old twins• Front and Back closed and locked• All internal doors closed• Storage closet = patched and repaired stairs (carpeted / banisters)• Restricted / Safe Zones
SE
CU
RIT
YImage Source: O’Hara Sean, EV Studio at: http://evstudio.com/floor-plan-for-small-1200-sf-house-with-3-bedrooms-and-2-bathrooms/
Scenario 3:• One 5-year-old, two 2-year-old twins• Front and Back door wide open• Front door open to busy street 5 feet away• All internal doors wide open• Storage closet = uneven flight of stairs, no banisters, unfinished basement• Zone Defense
SE
CU
RIT
YImage Source: O’Hara Sean, EV Studio at: http://evstudio.com/floor-plan-for-small-1200-sf-house-with-3-bedrooms-and-2-bathrooms/
Scenario 4:• One 5-year-old, two 2-year-old twins• Front and Back door wide open• Front door open to busy street 5 feet away• All internal doors wide open• Storage closet = patched and repaired stairs (carpeted / banisters)• Zone Defense
SE
CU
RIT
YImage Source: O’Hara Sean, EV Studio at: http://evstudio.com/floor-plan-for-small-1200-sf-house-with-3-bedrooms-and-2-bathrooms/
Scenario 5:• One 5-year-old, two 2-year-old twins• Front and Back closed and locked• All internal doors wide open• Storage closet = patched and repaired stairs (carpeted / banisters)• Zone Defense
SE
CU
RIT
YImage Source: O’Hara Sean, EV Studio at: http://evstudio.com/floor-plan-for-small-1200-sf-house-with-3-bedrooms-and-2-bathrooms/
Scenario 6:• One 5-year-old, two 2-year-old twins• Front and Back closed and locked• All internal doors closed• Storage closet = patched and repaired stairs (carpeted / banisters)• Restricted / Safe Zones
SE
CU
RIT
YAp
plica
tion
Whi
te Li
sting
Patch SystemsUpdate
ApplicationsUse Common,
Secure Configuration
Reduce
Administrative
PrivilegesFive Quick Wins for effective
Cyber Security
SE
CU
RIT
Y
Roadmap
Cyberspace debunkedCyber security executive orderCyber Security Quick wins
SE
CU
RIT
Y
Additional Resources
• http://www.whitehouse.gov/cybersecurity• http://www.sans.org/critical-security-controls• http://www.cyberaction.org• http://csrc.nist.gov/
@ADNETTech #WorkSmart
@ADNETTechnologiesLLC
