cyber security for growing organizations...cyber security for growing organizations action plan for...

Cyber Security For Growing OrganizationsAction Plan For Executives

Presented by Steve Meek, CISSP

Agenda

Cybersecurity news

Risk Management

What to do

Giveaway

About Me?

Cybersecurity News

Center for Internet Security- May 2019.

Cybersecurity News

Common threats

Business Email Compromise

Digital Extortion

Ransomware

Crypto-mining

False sense of security

Verizon 2019 DBIR

Risk Management

Security Events

Security Incidents

Data Breaches

Risk Management

Risk Matrix

Likelihood- probability

that a risk can occur

Impact- potential effect on

the organizationExtremely

Harmful

Harmful Slightly

Harmful

Highly

Likely

Unlikely

Impact

Risk Management

Different types of security

Windows

Motion Sensor

Crime Watch

Monitoring

Gun(s)

Police

Insurance

Protect Detect Respond

Risk Management

The National Institute of Standards and Technology

(NIST) Guidance

Risk Management

What to do?

Left of Boom Right of Boom

Risk assessments

Vulnerability scanning

Penetration testing

Compliance review

Firewalls

Anti-virus

Email filtering

IDS/IPS

Security Operations

Incident Response

Remediation

Forensics

Secure Workforce and Cyber Security Insurance

What to do?

Center for

Internet

Security

What to do- Exercise

SMB Security Maturity Model

Identify Protect Detect Respond Recover

Exec involvement

Hardware/software

Basic policies

Advanced policies

Threat intelligence

Risk assessment

Standards/

procedures

Key data

repositories

Third-party eval.

Physical security

Secure configs

Patch OS, A/V, f/w,

email filter

Security

awareness

Admin control

NGFW, URL, MFA

Secure network

Simulated phishing

Encryption at

rest/in transit

High availability

Logging configured

Network monitoring

Security

information and

event management

Log review

Continuous

security monitoring

Lessons learned

What to do- Full

SMB Security Maturity Model

Identify Protect Detect Respond Recover

Who’s

responsible

Communication

classification

Basic incident

response

Tracking

Analysis/mitigation

Detailed IRP/ SIRT

Work lessons

learned

Server backups

Cloud protections

PC/device

recover

Business impact

assessment

Basic recovery

Lessons learned

Detailed recovery

Tested recovery

Manage retention,

recovery times

Summary

Use threat intelligence to know

Be the leader your organization

Beware a false sense of

security

Identify key assets and data

repositories

Work both left and right of boom

Make detection a key security

effort

Giveaway

The Fulcrum Group, Inc.

5751 Kroger Drive, Suite 279,

Fort Worth, TX 76244

Phone: 817-337-0300

Support Desk: 817-898-1277

Web: www.fulcrum.pro

steve@fulcrumgroup.net

SMB LinksNational Cyber Awareness System

Alerts https://www.us-

cert.gov/ncas/alerts

2019 Data Breach Investigations Report

https://enterprise.verizon.com/resources

/reports/dbir/

National Institute of Standards and

Technology

https://www.nist.gov/cyberframework/sm

all-and-medium-business-resources

CIS® (Center for Internet Security, Inc.)

https://www.cisecurity.org/controls/

Global Cyber Alliance (GCA) toolkit

https://gcatoolkit.org/smallbusiness/

Ghost In The Wires: My Adventures as

the World's Most Wanted Hacker by

Kevin Mitnick

cyber security for growing organizations...cyber security for growing organizations action plan for...

Documents

special report cyber resiliency in the fourth industrial...

empowering canadian organizations to tackle evolving cyber...

mental models and organizations amid growing complexity

2017 cost of cyber crime study | accenture · organizations...

9 ways the most innovative media organizations are growing

cyber strategies of terrorist organizations and the russian...

cyber concerns for transportation organizations – an...

kpmg's cyber practice - kpmg institutes · kpmg's cyber...

cyber risks: the growing threat

protecting organizations from cyber attack organizations...

news cyber security · australian cyber security centre...

plan sponsors growing fiduciary responsibilities for cyber...

lifecycle of growing organizations - adizes

empowering canadian organizations to tackle evolving cyber...

the growing global threat of economic and cyber … · the...

the impact of global privacy laws on cyber risk...

cyber espionage: a growing threat to the american economy

the cyber security readiness of canadian organizations

growing forward 2: organizations and collaborations

cyber crime: a growing problem