cyber security for
play

CYBER SECURITY FOR NON-TECHNICAL EXECUTIVE Cor Corpor porate O - PowerPoint PPT Presentation

Dec 09, 2022 •213 likes •873 views

CYBER SECURITY FOR NON-TECHNICAL EXECUTIVE Cor Corpor porate O te Over erview view AT-NET Services offers comprehensive engineering services for the life cycle of your system; design, build, secure and manage CYBER SECURITY FOR

  1. CYBER SECURITY FOR NON-TECHNICAL EXECUTIVE

  2. Cor Corpor porate O te Over erview view AT-NET Services offers comprehensive engineering services for the life cycle of your system; design, build, secure and manage

  3. CYBER SECURITY FOR NON-TECHNICAL EXECUTIVE ROGER.SWANSON@EXPERTIP.NET / 843-576-3773 @ROGER_SWANSON HTTPS://WWW.LINKEDIN.COM/IN/ROGERSWANSON

  4. CYBER SECURITY FOR NON-TECHNICAL EXECUTIVE AGENDA: - 45 MIN PRESENTATION, 10-MINUTE BREAK, - 30-MINUTE SECOND SESSION, - QUESTION & ANSWER PERIOD

  5. LEARNING OBJECTIVES 1. INTRODUCTION TO CYBER SECURITY 2. CYBER SECURITY PRINCIPLES 3. INFORMATION SECURITY LIFECYCLE MANAGEMENT 4. RISKS & VULNERABILITIES 5. PLANNING YOUR CYBER SECURITY PROGRAM 6. INCIDENT RESPONSE ACTIONS

  6. 1. INTRODUCTION TO CYBER SECURITY • Technology expansion helped Internet to develop, Real World Internet • Internet is integrated in almost all forms of human activity, • It can’t be observed apart from the real world, • Damage in cyber space significantly affect physical world.

  8. 1.1. Cyber Security terms and definitions Type of Action Type of Perpetrator Type of Target • Interception of data • Hackers • Individuals • Interference with data • Cyber criminals • Companies reception • Cyber warriors • Public institutions • Illegal access • Cyber terrorist • State bodies • Data destruction • Critical infrastructure • spying • Sabotage • Service denial • Identity theft

  9. 1.2. Cyber Security roles Risk analytics and Policy makers and Threat management management Strategists forensics Engineering, Architecture Education, training and Operations and security and Design awareness management Lawyer (internet crime and Chief technology officers Research data protection)

  10. 1.3. Cyber Security big picture

  11. 1.4. Differences between Information Security & Cyber Security Things that are vulnerable Information through ICT Digital Information Information Other things than information Analog Information Information Security Cyber Security

  12. 2. Cyber Security Principles CYBERSECURITY CONFIDENTIALITY NON-REPUDATION AUTHENTICATION • Fundamental properties that must be maintained. AVAILABILITY INTEGRITY • These are what we protect

  13. 2.2. Authentication (2FA/TFA) & securing data at rest and in transit Authentication Non-repudiation • The ability to verify the identity of • The ability to correlate, with high an individual or entity. certainty, a recorded action with its Authentication is entity oriented. originating individual or entity. Non- repudiation is entity oriented

  14. 2.3. Best practices for office and remote users 1. Balance Protection With Utility 2. Split Up the Users and Resources 3. Assign Minimum Privileges 4. Use Independent Defenses 5. Plan for Failure 6. Record, Record, Record 7. Run Frequent Tests

  15. 3. Information Security (IS) within Lifecycle Management of business systems 3.1. Lifecycle management landscape Seed And Growth And Maturity And Startup Expansion Development Establishment Possible Exit

  16. Phase 1: Conducting Security 3.2. Security architecture processes Assessments Phase 2: Formulation of Target Phase 3: Security Architecture Construction of Policies and Designs Procedures Phase 4: Phase 5: Implementation of Target Integration of Security Security Architecture Practices to Maintain Design Secure Status

  17. 3.2. Security Architecture Lifecycle Architectural Risk Analysis Policy, Standards, Security Operations & Process, Architecture & Monitoring Design Metrics, Assurance Implementation

  18. 3.3. Security architecture tools Process Metrics Defence in Depth Risk Metrics SDL Data Policy & Standards Enterprise Identity Assurance Application Goals Reporting Management Risk Management Domain Vulnerability Host Metrics Management Security Architecture Threat Network Management

  19. Why you should get true professional guidance? Conducting Performing technical cyber security investigations analysis Providing resourcing and response expertise

  20. 3.4. Lifecycle management concepts ECONOMY Profit Eco-efficiency Equity SUSTAINABILITY SOCIATY ENVIRNOMENT Livability Planet People

  21. 2.1. Confidentiality, Integrity, & Availability Confidentiality represents a set of rules that limits access to information, Integrity is the assurance that the information is accurate, and Availability is a guarantee of reliable access to the information by authorized people.

  22. NIST FRAMEWORK This voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity- related risk. The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.

  23. 4. RISKS & VULNERABILITIES 4.1. Basics of risk management Risks Vulnerabilities • Business disruption • Software bugs • Financial losses • Broken processes • Loss of privacy • Ineffective controls • Damage to reputation • Hardware flaws • Loss of confidence • Business change • Legal penalties • Legacy systems • Impaired growth • inadequate BCP • Loss of life • Human error

  24. The critical components of your business 1. Technical infrastructure that supports your critical assets 2. Cyber security landscape relevant to your organization 3. Different types of cyber security threats that you are concerned about 4. Sources of these threats, such as organized crime syndicates, state-sponsored organizations, extremist groups, hacktivists, insiders – or a combination of these 5. Possible threat vectors for attacks to exploit 6. Vulnerabilities to each particular threat

  25. 4.2. What can you do to minimize risk? 1 Start with a cyber security baseline Balance cyber risks against other types 6 of risk All organizations face risks, no matter 2 the size Learn from security solutions used by 7 other organizations 3 Understand what you care about, and why 8 Keep an eye out for cyber security myths Think about situations in which you could 4 be compromised Be aware of the strengths and weaknesses 9 of risk management techniques 5 Accept some risk

  26. What are the biggest threats? • Theft or unauthorized access of hardware, computers and mobile devices • Infect computers with viruses and malware • Attack your technology or website • Attack third party systems • Spam you with emails containing viruses • Gain access to information through your employees

  27. What does the organization value most? • Customer records • Marketing plans • Personal information • Intellectual properties • Financial records • Product design • Business plans • Patent applications • New business ideas • Employee records

  28. What kind of attack would be the most damaging to the organization? Fi Fina nancial ncial loss ss • from theft of money, information, disruption to business Bu Business iness loss ss • damage to reputation, damage to other companies you rely on to do business Costs sts • getting your affected systems up and running In Inve vestment stment loss ss • time notifying the relevant authorities and institutions of the incident

  29. 4.3. Operational threat environments Angry employees Dishonest employees Criminals Governments Terrorist The press Competitors Hackers

  30. Conduct a criticality assessment Defining their critical information assets 1 Determining which cyber security threats are most likely to affect these critical information assets 2 Applying the relevant management or technical controls to reduce the likelihood and impact of cyber 3 security incidents affecting their critical information assets Raising awareness about the need for an effective cyber security response capability 4 Determining the likely (or actual) level of business impact associated with a possible cyber security 5 incident

  31. Classes of attacks Phishing Spyware/Malware 1 6 Trojans, Botnets, Wiper Attacks Theft of Money 2 7 Man in the Middle (MITM) 3 8 Data Manipulation and Destruction Intellectual Property Theft Ransomware 4 9 5 Distributed Denial of Service (DDoS) 10 Rogue or Unpatched Software

  32. Who could be a threat to your business? cli lien ents ts yo you do do cri rimina inals ls bu busin iness ess wit ith curr rrent ent or or bu busin iness ess fo form rmer er com ompeti etitors tors em emplo loyee yees

  33. 5. PLANNING YOUR CYBER SECURITY PROGRAM Correlation and assessment of Data Collection Threat Analysis Risk Acceptability Analysis of Identifying Vulnerability Policies and the Scope Analysis Procedures

  34. 5.1. Templates for Immediate use WWW.LINKEDIN.COM/IN/ROGERSWANSON (SLIDESHARE) DR Checklist – action items listed for planning https://www.slideshare.net/roger_swanson/12-point-disaster-checklist Project Management - Cyber Planning NIST CSPW 04162018 https://www.slideshare.net/roger_swanson/framework-for- improving-critical-infrastructure-cybersecurity- nistcswp04162018 This presentation – Cyber Security for Non-Tech Exec,

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, MidAtlantic Region National Cyber Security Division (NCSD) Office of Cybersecurity and Communications

443 views • 20 slides
Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs ! 3 properties ... Confidentiality (including personal data) Integrity Availability 2 -Sminaire LIRIMA: Cyber security: current

876 views • 64 slides
2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor, Region VII Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD) FOUO / UNCLASS Cyber Security

333 views • 12 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview

CYBER SECURITY Nick Kervin Partner, IT Advisory August 2017 Page 1 CYBER SECURITY Overview 1. What is at risk? 2. Global industry trends 3. BDO/AusCERT survey 4. Recent cyber case studies 5. Cyber risk mitigation strategies Page

481 views • 35 slides
Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to

1 Healthy Approach to Cyber Security : For data-intensive healthcare, cyber security is integral to innovation Sallie Sweeney KPMG The healthcare industrys evolution toward a true value based system, assuming responsibility for complex

797 views • 10 slides
Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence

Centre for Cyber Security Thomas Kristmar Centre for Cyber Security Danish Defence Intelligence Service 05-10-2015 05-10-2015 Who are we? Centre for Cyber Security In respect of the Rule of Law and Privacy Cyber is a priority (Gov.

455 views • 18 slides
Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 Agenda for today Part I Latest security news Security vulnerabilities in Java

2.02k views • 185 slides
Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line DeepSec 2014, Vienna, 21 November 2014 NATO UNCLASSIFIED Cyber Security In NATO NATO in a nutshell: Collective defence Interoperable

666 views • 42 slides
Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector

Cyber security Tiered approach to cyber security preparedness in water National Sector What I am Company utilities in the UK going to Water UK good practice cover NIS Directive Dr Jim Marshall, Senior Policy Advisor,

231 views • 4 slides
CSO CSONS S Pr Prima mary U y User er Activity T y Training - Corporate Cr Crea eating

CSO CSONS S Pr Prima mary U y User er Activity T y Training - Corporate Cr Crea eating

Communic icatio ions S Servic ice Office ( (CSO) NASA In Integra rated Communication S Servi rvices ( (NIC ICS) CSO CSONS S Pr Prima mary U y User er Activity T y Training - Corporate Cr Crea eating CSO CSONS S Activities

1.38k views • 68 slides
Post Sockets: Towards an Evolvable Network Transport Interface Brian Trammell 1 , Colin Perkins 2

Post Sockets: Towards an Evolvable Network Transport Interface Brian Trammell 1 , Colin Perkins 2

Post Sockets: Towards an Evolvable Network Transport Interface Brian Trammell 1 , Colin Perkins 2 , and Mirja Khlewind 1 ETH Zrich 1 and University of Glasgow 2 measurement architecture experimentation This project has received funding

210 views • 17 slides
South Dakota v. Wayfair Wayfair in Context: Nature of Sales Tax: Generally, a tax on the

South Dakota v. Wayfair Wayfair in Context: Nature of Sales Tax: Generally, a tax on the

South Dakota v. Wayfair Wayfair in Context: Nature of Sales Tax: Generally, a tax on the consumer. But states can obligate the retailer to serve as a deputy/trustee/agent for collecting. Nature of Nexus : In order for states to

214 views • 10 slides
Title More sales, less costs with 9B seamless intermodality Presenter July 29, 2020 Date Post

Title More sales, less costs with 9B seamless intermodality Presenter July 29, 2020 Date Post

Title More sales, less costs with 9B seamless intermodality Presenter July 29, 2020 Date Post covid-19 business accelerator Generating more sales Getting quicker results Saving costs Accelerating recovery and achieving long

568 views • 18 slides
Managing Cybersecurity Risk in the Digital Age Workshop - 29 May 2019 1 Admin Program 1.

Managing Cybersecurity Risk in the Digital Age Workshop - 29 May 2019 1 Admin Program 1.

Managing Cybersecurity Risk in the Digital Age Workshop - 29 May 2019 1 Admin Program 1. Overview of entire day course (1 hr) 2. Discussion on specific needs of participants (course will be tailored to suit the majority of participants)

1.09k views • 76 slides
Fatiguing Data to Protect against Cyber Security Extortions: A counter- intelligence methodology

Fatiguing Data to Protect against Cyber Security Extortions: A counter- intelligence methodology

Fatiguing Data to Protect against Cyber Security Extortions: A counter- intelligence methodology Dr. Anthony Vincent . B Assistant Professor, Department of Computer Science Kristu Jayanti College (Autonomous) K. Narayanapura, Kothanur(PO),

539 views • 8 slides
Quantitative Cyber-Security Colorado State University Yashwant K Malaiya CS559 Course

Quantitative Cyber-Security Colorado State University Yashwant K Malaiya CS559 Course

Quantitative Cyber-Security Colorado State University Yashwant K Malaiya CS559 Course Introduction CSU Cybersecurity Center Computer Science Dept 1 1 Wish we were there! 2 About the course Quantitative and algorithmic view of

1.03k views • 32 slides
Cyber Security Research Needs- An Energy Sector Perspective Kyle Hussey, Grant County PUD Funded

Cyber Security Research Needs- An Energy Sector Perspective Kyle Hussey, Grant County PUD Funded

Cyber Security Research Needs- An Energy Sector Perspective Kyle Hussey, Grant County PUD Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security | cred-c.org IT and OT interoperability Observations OT and

1.04k views • 9 slides

More recommend