layered security solutions - simplified 303-232-9070 © 2008 monte robertson - ceo layered security...

Layered Security Solutions - Simplified

www.SoftwareSecuritySolutions.com

303-232-9070

© 2008

Monte Robertson - CEO

Layered Security Solutions – Simplified!

http://www.softwaresecuritysolutions.com/

If your data isn’t secure, it isn’t your data.®


The Layered Security Solution for Small Businesses

Goals and Outcomes:

• Begin to understand layered security.

• Put information to immediate use, at home and at work.

• Use this to help others with awareness.



The Small Business Situation

• SMB does not have the knowledge or skills to address this complex issue.

Small Business Information Security Act of 2008 (Senator Olympia J. Snowe, R-Maine)

As Mentors - You can help!

Identification of Risk

• What data could cause them harm if lost, changed or compromised?

• What do they need to protect?



1. Financial Data2. Customer Data3. Vendor Data4. Employee Data5. Health Care, Investments6. Corporate Intellectual Property7. Investors

Identification of Risk• What is the value of each category?

• Where is this information kept?

• What regulations apply to the business’ data?

– PCI, SOX, GLB, HIPAA– E-Discovery requirements for pertinent data



Data Back-up

• All categories of Data1. Critical\Non Critical

2. Email – Archiving, new legal requirements

3. Data Shares



Data Back-up

• Local – on site, DAS, NAS, Appliances

• Tape vs. new technology

• Off site, Online

• Redundancy & DR

• Standards & Regulations



Data Back-up Research



• Are all areas identified & backed up? Both on & off site?

• What type do they use & is it efficient?

• Time & resources required to maintain?

• Time & resources required to restore?

• Have backups been tested?

• Comfort & Consequences!

Disaster Recovery Plan

• Identify and assign resources

• Business Continuity

• Insurance

• Tools to help



Disaster Recovery Research

• Disaster Recovery Journalhttp://www.drj.com/

• Gartner http://www.gartner.com/5_about/news/disaster_recovery.html

• SBA http://www.sba.gov/services/disasterassistance/index.html

• Plans are a work in progress as business changes.• Less than 10% survive without a plan



http://www.drj.com/

http://www.drj.com/

http://www.drj.com/

http://www.gartner.com/5_about/news/disaster_recovery.html

http://www.sba.gov/services/disasterassistance/index.html

http://www.sba.gov/services/disasterassistance/index.html

Anti Malware

• Client machines – laptop, desktop, mobile• Servers• Gateways

1. Internet, Email

• Changes in technology• New Threats

– Mashups & Web 2.0

• $100 additional cost per user



Anti Malware Research

• Virus Bulletinhttp://www.virusbtn.com

• Anti Virus Comparativeshttp://www.av-comparatives.org

• AV Testhttp://www.av-test.org

– Times have changed & so have solutions• www.SoftwareSecuritySolutions.com/anti-virus-cost-

calculator.php



http://www.virusbtn.com/

http://www.virusbtn.com/

http://www.av-comparatives.org/

http://www.av-test.org/

Firewalls

• Gateway• Inspection types• Additional layers

1. Anti Malware

2. Anti Spam

3. Content Filtering

4. Intrusion prevention

• Personal Firewalls



Firewall Research

• ICSA

http://www.icsa.net/icsa/icsahome.php

• West Coast Labs

http://www.westcoastlabs.com



Email Security & Filtering

• All user devices• Email Technology

• Spam1. Volume, Cost

• Malware• Phishing• Social Engineering• Archiving, Legal



Email Security Research

• How critical is Email to their business?

• Associated cost?

• POP3 vs. SMTP

• Conduct CBA on Service vs. Appliances & Software



Wireless Security

• Mobile Devices1. Anti malware

2. Backup & theft recovery

• Wireless Networks

• Authentication

• Encryption

• WEP\WPA



Web Security & Filtering

• All user devices\Servers

• Shift in threat

• Web applications– PCI compliance

• Searching\Surfing

• Liabilities



User Education & Application updates

• Weakest link

• Threat Surface

• Future attacks

• Updates1. OS

2. Office

3. Common apps

4. Checked regularly?



User Education Resources

Employee Awareness:http://www.gocsi.com/awareness/awareness_peer_group.jhtml

Security Video:http://i.cmpnet.com/gocsi/wsc/video.html

World Security Challenge:http://www.gocsi.com/WSC/

Customizable Awareness Newsletter:http://www.gocsi.com/awareness/front.jhtml



Security Policy

• Definitions– All Layers– Acceptable Use– Consequences

• Resources– What to use– Who supports



Security Policy Resources

• Policies, Standards and Guidelines: https://www2.sans.org/resources/policies/



What they can (and should) do right now

• Network Configuration (P2P vs. Domain)

• Updates – 3rd party

• Office machines – (all in one)

• Laptop encryption, theft tracking

• User rights

• File Access

• Physical Access



Implementing a Layered Security Solution

• Create a Security Policy

• Formulate an adoption plan

• Budget

• Start with most critical areas

• Set & forget not an option



Questions and Answers



Layered Security Solutions - Simplified


303-232-9070

© 2008

Monte Robertson – CEO

Layered Security Solutions – Simplified!

http://www.softwaresecuritysolutions.com/

layered security solutions - simplified 303-232-9070 © 2008 monte robertson - ceo layered security...

Documents