MCG Cybersecurity Webinar Series - Risk Management
-
Upload
william-mcborrough -
Category
Business
-
view
20 -
download
0
Transcript of MCG Cybersecurity Webinar Series - Risk Management
![Page 1: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/1.jpg)
Cybersecurity Webinar Series5 Steps to Managing your Risks
“Size Doesn’t Matter”
![Page 2: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/2.jpg)
Presenter• William J McBorrough, MSIA, CISSP, CISA, CRISC, CEH, CCSFP• Managing Principal, MCGlobalTech• 17 years Information Security Professional• 9 years Adjunct College Professor• Security and Risk Management “Expert”• Small Business Owner
![Page 3: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/3.jpg)
The PROBLEM is Real• FACT: Cyber attacks on small business
are on the rise
• FACT: The impact to a small business is much greater than larger counterparts.
• FACT: Most small businesses aren’t prepared to face this reality.
![Page 4: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/4.jpg)
The PROBLEM is Real
• Small Businesses are in denial when it comes to cyber risks. Common excuses are:
• “We’re too small.” • “We can’t afford it.”• “It’s too complicated.”• “Our IT guy is taking care of it.”
• But that’s not all, is it?• More pressing priorities• Competing demands on
time, resources and energy
![Page 5: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/5.jpg)
Sources of Cyber Information
Security Vendors want to see their products.“If I’m selling hammers, I’m only interested inyour nails. I’m not concerned with the fact thatyour screws are all falling out” - WJM
News media reports are focused on sensational stories. Large brand names. Millions of affected users. A small business getting hacked is not sexy.
![Page 6: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/6.jpg)
Risk Driven vs. Controls Focused
Security “Technology”
Risk Management “Business”
![Page 7: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/7.jpg)
Case Study - Size Doesn’t Matter
Meet SamSolopreneur = Sam, Inc!
“Always on the Go!” “No office space.” “No Infrastrure” ”No Employees” ”No Security Program”
![Page 8: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/8.jpg)
Risk Management Step 1
1. Identify Critical Asset
• Communication• (Calls, Email, Text, Social Media,etc)
• Data • (Contacts, emails, files, Photos, Videos,
etc)• Apps
• (Productivity, Financial, etc)
![Page 9: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/9.jpg)
Risk Management Step 2
1. Identify Critical Assets2. Identify Threats
I. Gravity, Clumsy Fingers
II. Thieves, Faulty Memory
III. Shoulder surfers, Nosy people
IV. Software bugs
![Page 10: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/10.jpg)
Risk Management Step 3
1. Identify Critical Assets2. Identify Threats3. Identify Vulnerabilities
I. Glass screen - Scratches, Cracks, Breaks
II. Small, portable - Easy to conceal, lose track of
III. Screen visible from above, sides
IV. Poor Software Development, Testing - Vendor
![Page 11: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/11.jpg)
Risk Management Step 4
1. Identify Critical Assets2. Identify Threats3. Identify Vulnerabilities4. Assess Risks
I. HighII. HighIII. MediumIV. Low
Likelihood = Probability of threat exploiting VulnerabilityConsequences = Impact to businessRisk = Likelihood of Consequence
![Page 12: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/12.jpg)
Risk Management Step 5
1. Identify Critical Assets2. Identify Threats3. Identify Vulnerabilities4. Assess Risks5. Manage Risk( Avoid, Mitigate, Transfer,
Accept)I. Mitigate - Purchase Case, Screen
CoverII. Mitigate, Transfer - Password,
Backup, Location Service/App, Insurance,
III. Mitigate - Privacy screen, BehaviorIV. Accept - Delay upgrades? Oh wellV. Avoid - Toss phone out the window
![Page 13: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/13.jpg)
Now that you know…..
1. Have you identified your business critical assets?
2. Have to thought about the threats that may affect them and adversely impact your business?
3. Have you looked for where your assets might be susceptible to those threats?
4. Have you assessed the risk by considering the potential likelihood and impact to your business?
5. Have you made an informed, conscious decision in line with your business mission and needs about your risk?
![Page 14: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/14.jpg)
Key Takeaways
Size doesn’t matter.
Your “IT Guy” can’t do this for you.
It doesn’t have to be expensive and complicated.
We can help.
![Page 15: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/15.jpg)
QUESTIONS
![Page 16: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/16.jpg)
About Us
MCGlobalTech– Mission Critical Global Technology Group (MCGlobalTech) is
a minority owned, small business founded by industry leaders to provide strategic advisory and security consulting services to public and private sector business managers to better align technology and security programs with organizational mission and business goals.
– The Principals at MCGlobalTech have been providing Information Security services to the Federal Government and the private sector for over 25 years
![Page 17: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/17.jpg)
Our Values
At MCGlobalTech, we believe that strong values create long term relationships with our customers, employees, partners and the communities we serve. At the heart of everything we do, our corporate values are:– Providing customer satisfaction– Delivering innovative solutions – Empowering staff for success– Promoting Entrepreneurial spirit – Maintaining technical excellence MCGlobalTech
Staff
SkillsSuccess
![Page 18: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/18.jpg)
What we offer
MCGlobalTech is able to provide our customers with innovative, mission-critical solutions in a broad variety of technologies. We consider the following our core competencies:– Information Assurance (Security Authorization)– Vulnerability Management– Security Risk Management– Security Engineering– Penetration Testing– Network Security
![Page 19: MCG Cybersecurity Webinar Series - Risk Management](https://reader036.fdocuments.us/reader036/viewer/2022062306/58a3a97f1a28ab9e6a8b5741/html5/thumbnails/19.jpg)
Contact Us
Mission Critical Global Technology Group1325 G Street, NW
Suite 500Washington, District of Columbia 20005
Phone: 202.355.9448Email: [email protected]
William J. McBorrough
Sales DivisionCo-Founder/Managing Principal Corporate [email protected]
[email protected] (202) 355-9448 x101
(202) 355-9448 x200(571) 249-4677 (cell)