Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all...
-
Upload
diana-garrett -
Category
Documents
-
view
218 -
download
0
Transcript of Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all...
![Page 1: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/1.jpg)
Presented by Brad Hoover04/22/23
![Page 2: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/2.jpg)
I talk fast so stop me and get clarification
Please hold all of the following questions to the end• Why are you guys doing ____?• What does the ____ policy/SAP mean?
I am not a lawyer Don’t try this at home or work!!
![Page 3: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/3.jpg)
Knowing:• What needs to be protected• Why it needs to be protected• How to protect it for as long as it exists
100% Security = 0% Productivity
![Page 4: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/4.jpg)
Risk Impact • Public/Sponsor Trust• Proprietary Information• Homeland Security
Asset
Exploit
VulnerabilityThreat
![Page 5: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/5.jpg)
![Page 6: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/6.jpg)
Owner: The manager responsible for the business function which is supported by the information resource.• Program Manager
Custodian: Guardian or caretaker; the holder of data, the agent charged with implementing the controls specified by the owner.• NIS
![Page 7: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/7.jpg)
Sensitive: Information that requires special precautions to assure the integrity of the information, by protecting it from unauthorized modification or deletion.
Confidential: The most sensitive business information that is intended strictly for use within the organization.
Public: All other information
![Page 8: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/8.jpg)
How much is my data worth? If I lost my data what would I do? How much protection do I need for my
data? Business Continuity Plan (BCP)
• Committee is being formed soon• Should include everything from:
Where am I going to get pencils from When must this service be available
Disaster Recovery Plan• IT portion of the BCP
![Page 9: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/9.jpg)
“Measures shall be taken to protect these assets against unauthorized access, disclosure, modification or destruction, whether accidental or deliberate, as well as to assure the availability, integrity, utility, authenticity, and confidentiality of information.”
“The integrity of data, its source, its destination, and processes applied to it must be assured.”
- Texas Administrative Code Title 1 Part 10 Chapter 202 Subchapter C Rule §202.70 Security Standards Policy
![Page 10: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/10.jpg)
Issues to remember• TAC 202.70 compliance• E-discovery• Open records requests
External services hinder the compliance with the above issues
![Page 11: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/11.jpg)
![Page 12: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/12.jpg)
Identity Finder Social Security Numbers
• Travel vouchers • Purchasing vouchers• Inventory forms
Credit Card Numbers• Receipts/Notes• Reports
Student Grades Employee Reviews Health Data (HIPPA)
![Page 13: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/13.jpg)
![Page 14: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/14.jpg)
Remove the data (Fiscal Memo 08-03) • From the network• From your hard drives• Any other media
Hard copies of vouchers with SSN• Once submitted the SSN should be removed
Scans of network drives• Already done for TTI-BCS
Next up is local hard drives
![Page 15: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/15.jpg)
![Page 16: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/16.jpg)
Seizure of laptop/PDA data Eavesdropping (voice and data) Phone call limitation Sensitive data restrictions
![Page 17: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/17.jpg)
Seizure of laptop/PDA data• Whole disk encryption• Individual file encryption• FedEx your laptop• Wipe the machine before/after
![Page 18: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/18.jpg)
Eavesdropping (voice and data)• Voice
Use temporary phones while there Use Skype or Cisco Communicator over VPN
• Data USE VPN !! Make sure the built-in firewall (at least) is turned
on for your connection Phone call limitation
• Skype/Cisco Communicator over VPN• You may not be available via phone
![Page 19: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/19.jpg)
Sensitive data restrictions• Do not take sensitive data with you
internationally• EU requires you to prove you can have
sensitive data prior to getting it back• If you absolutely must take sensitive data
contact me: [email protected]
![Page 20: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/20.jpg)
![Page 21: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/21.jpg)
Physical Security High Speed Internet Access Dumpster Diving/Identity Theft Insider Attacks Viruses/Malware Cyber Warfare Vulnerable Code Password Guessing
![Page 22: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/22.jpg)
Physical Security• Lock your office doors• Screensaver lockout• Watch out for visitors
![Page 23: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/23.jpg)
High Speed Internet Access (8 Mbps-$33)• High availability• Firewalls• Intrusion detection
Dumpster Diving/Identity Theft• Shred everything you can• Be careful what you put out there
Facebook, Resumes, MySpace … etc
![Page 24: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/24.jpg)
Insider Attacks• Do background checks• International students may not have
background information• Non-disclosure agreements (contractors,
vendors, students and employees)• Example: State of California, Virginia Health
Records Viruses/Malware
• Virus protection• Run as a non-privileged user• Be careful where you go (P2P, E-mails)
![Page 25: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/25.jpg)
Cyber Warfare• Not much you can do• Call the authorities, block what you can and
have your backups ready• Examples:
World Bank Federal Government Georgia (the country)
![Page 26: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/26.jpg)
Vulnerable Code• 20-25 possible security vulnerabilities per
KLOC• Check and double check code that you write• Security is often the last thing to be thought
aboutOperating System Lines of Code
Windows NT 4.0 11-12 Million
Windows XP 40 Million
Windows Vista/Server 2003
50 Million
Linux Kernel 2.6.29 11 Million
![Page 27: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/27.jpg)
Password Guessing• Passwords are things like
T$T%IR0cK$ Brad!SC00l
• Passphrases are things like I was married on October 20th @ 5:00 p.m. When I stub my toe I say #$@!
![Page 28: Presented by Brad Hoover 10/3/2015. I talk fast so stop me and get clarification Please hold all of the following questions to the end Why are you.](https://reader035.fdocuments.us/reader035/viewer/2022062315/56649e7c5503460f94b7e753/html5/thumbnails/28.jpg)