layered security solutions - simplified 303-232-9070 © 2008 monte robertson - ceo layered security...
TRANSCRIPT
Layered Security Solutions - Simplified
www.SoftwareSecuritySolutions.com
303-232-9070
© 2008
Monte Robertson - CEO
Layered Security Solutions – Simplified!
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
The Layered Security Solution for Small Businesses
Goals and Outcomes:
• Begin to understand layered security.
• Put information to immediate use, at home and at work.
• Use this to help others with awareness.
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
The Small Business Situation
• SMB does not have the knowledge or skills to address this complex issue.
Small Business Information Security Act of 2008 (Senator Olympia J. Snowe, R-Maine)
As Mentors - You can help!
Identification of Risk
• What data could cause them harm if lost, changed or compromised?
• What do they need to protect?
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
1. Financial Data2. Customer Data3. Vendor Data4. Employee Data5. Health Care, Investments6. Corporate Intellectual Property7. Investors
Identification of Risk• What is the value of each category?
• Where is this information kept?
• What regulations apply to the business’ data?
– PCI, SOX, GLB, HIPAA– E-Discovery requirements for pertinent data
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Data Back-up
• All categories of Data1. Critical\Non Critical
2. Email – Archiving, new legal requirements
3. Data Shares
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Data Back-up
• Local – on site, DAS, NAS, Appliances
• Tape vs. new technology
• Off site, Online
• Redundancy & DR
• Standards & Regulations
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Data Back-up Research
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
• Are all areas identified & backed up? Both on & off site?
• What type do they use & is it efficient?
• Time & resources required to maintain?
• Time & resources required to restore?
• Have backups been tested?
• Comfort & Consequences!
Disaster Recovery Plan
• Identify and assign resources
• Business Continuity
• Insurance
• Tools to help
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Disaster Recovery Research
• Disaster Recovery Journalhttp://www.drj.com/
• Gartner http://www.gartner.com/5_about/news/disaster_recovery.html
• SBA http://www.sba.gov/services/disasterassistance/index.html
• Plans are a work in progress as business changes.• Less than 10% survive without a plan
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Anti Malware
• Client machines – laptop, desktop, mobile• Servers• Gateways
1. Internet, Email
• Changes in technology• New Threats
– Mashups & Web 2.0
• $100 additional cost per user
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Anti Malware Research
• Virus Bulletinhttp://www.virusbtn.com
• Anti Virus Comparativeshttp://www.av-comparatives.org
• AV Testhttp://www.av-test.org
– Times have changed & so have solutions• www.SoftwareSecuritySolutions.com/anti-virus-cost-
calculator.php
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Firewalls
• Gateway• Inspection types• Additional layers
1. Anti Malware
2. Anti Spam
3. Content Filtering
4. Intrusion prevention
• Personal Firewalls
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Firewall Research
• ICSA
http://www.icsa.net/icsa/icsahome.php
• West Coast Labs
http://www.westcoastlabs.com
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Email Security & Filtering
• All user devices• Email Technology
• Spam1. Volume, Cost
• Malware• Phishing• Social Engineering• Archiving, Legal
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Email Security Research
• How critical is Email to their business?
• Associated cost?
• POP3 vs. SMTP
• Conduct CBA on Service vs. Appliances & Software
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Wireless Security
• Mobile Devices1. Anti malware
2. Backup & theft recovery
• Wireless Networks
• Authentication
• Encryption
• WEP\WPA
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Web Security & Filtering
• All user devices\Servers
• Shift in threat
• Web applications– PCI compliance
• Searching\Surfing
• Liabilities
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
User Education & Application updates
• Weakest link
• Threat Surface
• Future attacks
• Updates1. OS
2. Office
3. Common apps
4. Checked regularly?
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
User Education Resources
Employee Awareness:http://www.gocsi.com/awareness/awareness_peer_group.jhtml
Security Video:http://i.cmpnet.com/gocsi/wsc/video.html
World Security Challenge:http://www.gocsi.com/WSC/
Customizable Awareness Newsletter:http://www.gocsi.com/awareness/front.jhtml
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Security Policy
• Definitions– All Layers– Acceptable Use– Consequences
• Resources– What to use– Who supports
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Security Policy Resources
• Policies, Standards and Guidelines: https://www2.sans.org/resources/policies/
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
What they can (and should) do right now
• Network Configuration (P2P vs. Domain)
• Updates – 3rd party
• Office machines – (all in one)
• Laptop encryption, theft tracking
• User rights
• File Access
• Physical Access
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Implementing a Layered Security Solution
• Create a Security Policy
• Formulate an adoption plan
• Budget
• Start with most critical areas
• Set & forget not an option
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Questions and Answers
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
Layered Security Solutions - Simplified
www.SoftwareSecuritySolutions.com
303-232-9070
© 2008
Monte Robertson – CEO
Layered Security Solutions – Simplified!