Cyber Readiness Program Presented by: Henry Vido, Program - - PowerPoint PPT Presentation

cyber readiness program
SMART_READER_LITE
LIVE PREVIEW

Cyber Readiness Program Presented by: Henry Vido, Program - - PowerPoint PPT Presentation

Jun 09, 2023 103 likes •263 views

Cyber Readiness Program Presented by: Henry Vido, Program Director, CRI Mohamed Mahdy, Information Technology & Administration Director, IBAG The Cyber Readiness Institute empowers small and medium- sized organizations with practical

slide-1
SLIDE 1

Cyber Readiness Program

Presented by: Henry Vido, Program Director, CRI Mohamed Mahdy, Information Technology & Administration Director, IBAG

slide-2
SLIDE 2

The Cyber Readiness Institute empowers small and medium- sized organizations with practical tools and resources to improve their cybersecurity. Our first offering is the free, validated Cyber Readiness Program. Our Co-Chairs and Members are cyber experts and business leaders – from across sectors and regions – who have come together to secure global value chains.

slide-3
SLIDE 3

The Cyber Readiness Program

  • A free, self-driven Cyber Readiness Program
  • Enabling small and medium-sized companies to be more

cyber resilient

  • Addressing top issues – phishing, patching,

authentication, and USBs – and providing guidance for incident response and going to the cloud

  • Web-based guided program featuring content, resources,

tools and metrics

slide-4
SLIDE 4

The CRI Program focuses on four key issues.

Authentication

A weak password is an easy access point to your most sensitive information and systems.

Patching

Patches are updates to your software and systems that contain important security remedies.

Phishing

Phishing is an email-borne attack that attempts to use your email account to do something malicious.

USBs

USBs and removable media devices are easy gateways for malware to infect your computer.

The Program also provides guidance on moving to the Cloud.

slide-5
SLIDE 5

The CRI Approach

  • Preventive measures.
  • Organizational culture
  • f cyber readiness.
  • Practical tools that can

be customized for each

  • rganization.
  • Self-guided, led by an

internal Cyber Leader.

Cyber Readiness Program: 5 Stages

  • Get Started: prepare organization and select

Cyber Readiness Leader. Tips on being an effective Cyber Readiness Leader. Commitment letter between CEO and the Leader.

  • Assess & Prioritize: learn about the four key

issues: Authentication, Patching, Phishing, and USB use. Prioritize what to protect and what to move to the cloud and when. Establish baseline metrics.

  • Agree & Commit: Access and modify policy

templates so they are practical for

  • rganization. Develop incident response plan

from template.

  • Roll Out: Introduce the Cyber Readiness Program

to workforce. Access training and communication

  • kit. Workforce commitment letter.
  • Measure Success: Re-do baseline metrics to

measure impact. Obtain a certificate from the Cyber Readiness Institute.

slide-6
SLIDE 6

Key Elements of the Program

Prioritization Worksheet

  • This document

allows the SMB to create a checklist of the information most critical to the

  • rganization.

Baseline Metrics

  • These metrics

allow the SMB to gauge their level of cyber readiness by examining their current policies and procedures. Incident Response Plan

  • This document

allows the SMB to create a roadmap for what to do when responding to a security incident.

slide-7
SLIDE 7

IBAG Prioritization Worksheet

What do we have? Network infrastructure Workstations list Servers list Types of information What is the most important? Network infrastructure Workstations list Servers list Types of information

slide-8
SLIDE 8

IBAG Baseline Metrics

Spot check

  • Meetings with

department managers

  • Short interviews

with some HQ employees

Results

  • Some departments are

Cyber ready

  • Received some resistance

against security measurements from some employees Decision We should run security awareness program (During and after the program)

slide-9
SLIDE 9

IBAG IRP

  • Prepare
  • Backup
  • IT training
  • Respond
  • Identify the type of incident (CRI Policy )
  • Immediately get the device off the network
  • Call IT team
  • Recover
  • Notification
  • Clean infected systems
  • Restore data
slide-10
SLIDE 10

How to Manage the Risk of USBs

Develop a Policy

  • Control the use of

USBs in your

  • rganization by

developing a strong company policy either prohibiting USB use or at a minimum monitoring their use. Educate Employees

  • Most people

won’t know about the true dangers

  • f unknown USBs.

Train your workforce to make proper use a priority. Provide Alternatives

  • Define

appropriate alternatives to storing, transporting, and sharing information in your

  • rganization.
slide-11
SLIDE 11

IBAG USB Policy

  • IBAG prohibits the use of USBs, except in defined circumstances as outlined below
  • IT team is responsible for scanning USBs on a computer not connected to the network, to verify that there is no

malware or malicious code present. This applies even to new USBs

  • IT team is responsible for distributing USBs to employees who will routinely find themselves in situations where

information needs to be shared with a trusted party and there is no access to a secure network

  • After an employee uses a USB to share information with a trusted party, or receives a USB from a trusted party, the

USB must be re-scanned on a computer not connected to the network by the Cyber Leader or designated IT person, to check for malware or malicious code

  • Employees of IBAG must never accept or use a USB received from anyone other than a trusted party (i.e., received

at a trade show, given to them by a vendor, picked up in a parking lot) or the Cyber Leader or designated IT person

Disable USB port using Domain GPO ( HQ & CSC) Disable USB port remotely using Registry editor ( Branches)

slide-12
SLIDE 12

How to Change a Culture of Weak Passwords

Change the Narrative

  • Educate your

workforce to the dangers of weak passwords, both professionally and personally. Reinforce the Message

  • Use visual

resources, like posters, to remind your workforce of the importance of strong passwords. Use Two-Factor Authentication

  • If an

application or piece of software has two-factor authentication, make sure your employees are using it.

slide-13
SLIDE 13

IBAG Authentication Policy

  • Use passwords or PINs on all devices, including your personal phone and tablet.
  • Never use the same Password for business or personal purposes.
  • Passwords must be changed if there has been a cyber incident.
  • Never use or reuse the same Password on two (or more) systems at the same time.
  • Never share accounts among multiple people.
  • Always enable two-factor authentication if it is supported and offered on any application used on company devices or personal

devices used for business.

  • Password should have a minimum of 12 characters
  • Password should contain Uppercase letters, Lowercase letters and numbers
  • Access to our data and systems is limited to the people that need it to do their job.
  • Long enough to be hard to guess
  • Hard to guess by intuition—even by someone who knows the user well
  • Easy to remember

Passphrases must be at least 64 characters in

  • length. They do not need to include numerals,

special characters, or a combination of lower and upper case

slide-14
SLIDE 14

IBAG Status

  • Authentication, USB, Patching and fishing policies were applied
  • Security training for IT staff has been done
  • Security awareness program for employees still under development
  • Security awareness posters are used in HQ, CSC and some branches
  • Incident response plan (Response processes will be updated after the

awareness program)

  • NOW WE ARE CYBER READY
slide-15
SLIDE 15

Thank you! Henry Vido hvido@cyberreadinessinstitute.org Sign up today at www.cyberreadinessinstitute.org