karen s urban cissp
play

Karen S. Urban, CISSP Federal Information Systems Security Educators - PowerPoint PPT Presentation

Aug 02, 2023 •270 likes •502 views

Karen S. Urban, CISSP Federal Information Systems Security Educators Association (FISSEA) 27th Annual Conference | March 18, 2014 Evolving Technology Personnel expect greater mobility, connectivity, and networking capabilities As a

  1. Karen S. Urban, CISSP Federal Information Systems Security Educators’ Association (FISSEA) 27th Annual Conference | March 18, 2014

  2. Evolving Technology • Personnel expect greater mobility, connectivity, and networking capabilities • As a result, networks today are a mixture of organizational issued and personally owned smart phones, tablets, laptops and desktop systems

  3. The Threat Landscape Today cyber attacks on private, public and government information systems are organized, disciplined, aggressive, sophisticated, and are becoming all too common

  4. Personnel = Vulnerability Whether intentional or not, organizational personnel continue to be a leading cause of data breaches and network intrusions Of breaches were caused by 36% inadvertent misuse of data by employees* *Forrester’s “Understand the State of Data Security and Privacy Report”

  5. P@s5w0rd$ 76% of network intrusions exploited weak or stolen credentials* *Verizon 2013 Data Breach Investigations Report Image above courtesy of SplashData

  6. Willingness to “Click”

  7. Good Intentions, Bad Results Unauthorized File Transfers

  8. Social Media Oversharing

  9. How to Defend Against Ourselves Implement, lead and sustain an active and aware cybersecurity culture!

  10. Cyber Security Awareness Program Identify and target vulnerabilities introduced by • human behavior Include real-life scenarios which people may • actually encounter at work and at home Vary your delivery to capture and retain • attention considering the range of learning styles that exist today Utilize metrics to measure effectiveness over • time

  11. Identify & Target Vulnerabilities Introduced by Human Behavior • Analyze information contained in security incident reports, audit reports and Plans of Action & Milestones (POA&M) • Examine organizational Policies and Procedures • Consult with organizational Security and Privacy Subject Matter Experts (SMEs) • Develop or Update a Security Awareness Baseline

  12. • • Incident Reports Partner with members of your Security Operations Center and Incident Response Teams Analyze incident reports to identify incidents where the root cause was human behavior

  13. • • Audit Reports and POA&Ms A closer look often reveals the root cause is human behavior Awareness training should be considered – even when a technical solution is recommended

  14. • • • Policies and Procedures Identify potential gaps between requirements and actual implementation Review your Rules of Behavior (RoB) Consistent message between the awareness training program and other training

  15. Consult with Security & Privacy SMEs Gain insight to: • Organizational strategies to mitigate risk • New or updated policies and procedures

  16. • • • Develop or Update a Security Awareness Baseline Survey your personnel:  Identify areas where awareness is lacking or perceived challenges exist  Find out what they think will help them “behave in” instead of “behave out” Perform phishing exercises Informal outreach sessions

  17. Learning Styles & Culture Telling is not learning • E-reading (PowerPoint and e-learning as fancy • PowerPoint) is not very effective except as an easy way to “check a box” Training only happens when the learner is • “training” themselves, i.e., they must focus on the training to progress; they must engage with problem solving; and they must have repeated practice using gained knowledge and skills

  18. • • • Use Real-life Scenarios Training must be relevant to the learner Use real-life scenarios The more they can relate to and experience the scenario the more effectively they will remember what is being taught

  19. • • Metrics & Continuous Monitoring Don’t try to focus on Use metrics like these to track progress and measure impact: everything; focus a few problem areas at # of personnel that successfully a time! pass phishing exercises Deliver training more # of personnel that didn’t pass phishing exercises often (not only once a # of personnel that report receipt year) so you can of a phishing exercise email address more topics # of actual phishing incidents throughout the year # of malware infected systems and based on real metrics

  20. Putting These Concepts to Work The Department of Education’s FY 2014 Cyber Security & Privacy Awareness Course

  21. Real-life Scenarios in Action

  22. Repeat to Reinforce

  23. Questions For additional information, please contact: Karen S. Urban PMP, CISSP, CISA, CRISC, GPEN Program Manager M 979.220.6810 | O 979.260.0030 Larry D. Teverbaugh, Ph.D., PE President & CEO M 979.777.1127 | O 979.260.0030 http://www.k2share.com | Veteran Owned Small Business

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Urban Urban Sustainability Urban Urban Sustainability Sustainability Sustainability I di I

Urban Urban Sustainability Urban Urban Sustainability Sustainability Sustainability I di I

Transforming Ireland Seminar Series 28 th October 2010 - Dublin City Council Civic Offices Urban Urban Sustainability Urban Urban Sustainability Sustainability Sustainability I di I di Indicators Indicators Dr. Ainhoa Dr. Ainhoa

467 views • 21 slides
Handling Is A Requirement For Security C. Matthew Curtin, CISSP Interhack Corporation Conflict

Handling Is A Requirement For Security C. Matthew Curtin, CISSP Interhack Corporation Conflict

Effective Incident Handling Is A Requirement For Security C. Matthew Curtin, CISSP Interhack Corporation Conflict of Interest C. Matthew Curtin, CISSP has no real or apparent conflicts of interest to report. What We Hope to Learn Today 1

294 views • 17 slides
Karen | 082 807 9334 karen@storysa.co.za www.storysa.co.za Company Profile Story is owned by

Karen | 082 807 9334 karen@storysa.co.za www.storysa.co.za Company Profile Story is owned by

Karen | 082 807 9334 karen@storysa.co.za www.storysa.co.za Company Profile Story is owned by Karen Morgan, a passionate lover of flowers. Our team is based in Kloof and we deliver to the Upper Highway area, as well as most areas in Durban.

745 views • 30 slides
High Rise Industrial Where did it come from? IH Urban Renewal Urban Renewal (Urban

High Rise Industrial Where did it come from? IH Urban Renewal Urban Renewal (Urban

High Rise Industrial Where did it come from? IH Urban Renewal Urban Renewal (Urban Redevelopment in the Housing Act of 1949, then Urban Renewal in the 1954 Amendment) sought to jump start the development of aging central cities and inner

382 views • 16 slides
Leveraging Your Network for Internal Threat Detection and Forensics Chris Tobkin, CISSP

Leveraging Your Network for Internal Threat Detection and Forensics Chris Tobkin, CISSP

Chris Tobkin, CISSP Leveraging Your Network for Internal Threat Detection and Forensics Chris Tobkin, CISSP Confidential Information Chris Tobkin, CISSP Speeding up Threat Detection and Forensics Chris Tobkin, CISSP Confidential Information

582 views • 45 slides
HOMELAND SECURITY: CYBER-SECURITY AT THE LOCAL LEVEL Kirk Bailey, CISSP, CISM CISO, UW Ernie

HOMELAND SECURITY: CYBER-SECURITY AT THE LOCAL LEVEL Kirk Bailey, CISSP, CISM CISO, UW Ernie

HOMELAND SECURITY: CYBER-SECURITY AT THE LOCAL LEVEL Kirk Bailey, CISSP, CISM CISO, UW Ernie Hayden, CISSP CISO, Port of Seattle HOW BIG IS THE JOB? WHAT IS INVOLVED (THE SCOPE OF IT)? WHAT ARE THE TOUGH CHALLENGES? WHAT DOES THE FUTURE

377 views • 36 slides
APT-Style Attacks on SCADA Systems Stuxnet Night Dragon Jonathan Pollet, CAP, CISSP, PCIP

APT-Style Attacks on SCADA Systems Stuxnet Night Dragon Jonathan Pollet, CAP, CISSP, PCIP

APT-Style Attacks on SCADA Systems Stuxnet Night Dragon Jonathan Pollet, CAP, CISSP, PCIP Founder, Principal Consultant Red Tiger Security - USA 1 speaker Jonathan Pollet, CISSP, CAP, PCIP Started as a Control Systems Engineer

352 views • 20 slides
Accelerating Urban Innovation Urban innovation can Increase the efficiency of urban systems

Accelerating Urban Innovation Urban innovation can Increase the efficiency of urban systems

Urban Leap Accelerating Urban Innovation Urban innovation can Increase the efficiency of urban systems Improve the efficacy of public services Assure the resiliency of the community Citizen perceptions are generally positive and yet 82%

692 views • 20 slides
Lessons Learned From the Trenches of Virtual Training 2010 John R. Sciandra, CISSP John R.

Lessons Learned From the Trenches of Virtual Training 2010 John R. Sciandra, CISSP John R.

Lessons Learned From the Trenches of Virtual Training 2010 John R. Sciandra, CISSP John R. Sciandra, CISSP johnrs@nacon.com 443-336-1826 1 UNCLASSIFIED 1R2ADFA en What IS virtual training? Results 1 - 10 of about 64,500,000 for what is

468 views • 11 slides
URBAN WASTEWATER URBAN WASTEWATER URBAN WASTEWATER URBAN WASTEWATER TREATMENT TREATMENT

URBAN WASTEWATER URBAN WASTEWATER URBAN WASTEWATER URBAN WASTEWATER TREATMENT TREATMENT

URBAN WASTEWATER URBAN WASTEWATER URBAN WASTEWATER URBAN WASTEWATER TREATMENT TREATMENT TREATMENT TREATMENT TECHNOLOGIES TECHNOLOGIES Statistical, Economic and Social Research and Training Centre for Islamic Countries Higher Council for

862 views • 37 slides
Urban Adamah (That means City + Earth) This is the Urban Adamah farm. When you come to Urban

Urban Adamah (That means City + Earth) This is the Urban Adamah farm. When you come to Urban

Urban Adamah (That means City + Earth) This is the Urban Adamah farm. When you come to Urban Adamah, you can garden gather make stuff feed your family and learn. (these are real Fellows, in the program) These are Urban Adamah kids.

485 views • 13 slides
Economic Constraints and Capabilities of Very Young Adolescent Girls in an Urban Nairobi Slum:

Economic Constraints and Capabilities of Very Young Adolescent Girls in an Urban Nairobi Slum:

Economic Constraints and Capabilities of Very Young Adolescent Girls in an Urban Nairobi Slum: Understanding their Expectations of Achieving Education and Work Aspirations Eunice Muthengi 1 & Karen Austrian 1* 1 Population Council, Kenya *

537 views • 10 slides
Negotiating Conflict Karen Maher HELLO! I am Karen Maher I am an experienced HR consultant and

Negotiating Conflict Karen Maher HELLO! I am Karen Maher I am an experienced HR consultant and

Negotiating Conflict Karen Maher HELLO! I am Karen Maher I am an experienced HR consultant and workforce development specialist originally from the North East of England. I specialise in coaching, mentoring, mediation and training delivery.

600 views • 37 slides
INFORMATION SECURITY A DAY IN THE LIFE WHO AM I? Security officer for MIE CISSP , CISA,

INFORMATION SECURITY A DAY IN THE LIFE WHO AM I? Security officer for MIE CISSP , CISA,

INFORMATION SECURITY A DAY IN THE LIFE WHO AM I? Security officer for MIE CISSP , CISA, CGEIT, CRISC, CRMA, PMP , FLMI and studying for CISM RMR and JA Interactive session share stories THREAT SOURCES Nation States

491 views • 26 slides
Getting Credentials from a locked Windows PC in 12 Seconds Joe Granneman, MBA, CISSP

Getting Credentials from a locked Windows PC in 12 Seconds Joe Granneman, MBA, CISSP

Getting Credentials from a locked Windows PC in 12 Seconds Joe Granneman, MBA, CISSP Principal Consultant About illumination.io Rockford based Cybersecurity Services Penetration Testing HIPAA, PCI, and GLBA Compliance Testing

225 views • 19 slides
Forensics for Managers x Ryan Washington MBA, CISSP, CCE, CEH, NSA/IAM 703-961-9456 Extension

Forensics for Managers x Ryan Washington MBA, CISSP, CCE, CEH, NSA/IAM 703-961-9456 Extension

Forensics for Managers x Ryan Washington MBA, CISSP, CCE, CEH, NSA/IAM 703-961-9456 Extension 128 Introduction US Marines, Special Intelligence Communicator Bachelors in Management Masters of Business Administration Solaris

698 views • 26 slides
Volume normalization after concatenation of audio clips Laboratorio di produzione prototipi e

Volume normalization after concatenation of audio clips Laboratorio di produzione prototipi e

Volume normalization after concatenation of audio clips Laboratorio di produzione prototipi e nuovi format di contenuti digitali Danilo Abbasciano danilo.abbasciano@gmail.com 2008 October 29 Volume normalization after concatenation of audio

650 views • 51 slides
Current status of collaboration between India and Japan Koji Nakao KDDI, Information Security

Current status of collaboration between India and Japan Koji Nakao KDDI, Information Security

Current status of collaboration between India and Japan Koji Nakao KDDI, Information Security Fellow 1 CONFIDENTIAL & PROPRIETARY: All materials contained in this document cannot be reproduced in whole or in part, distributed, published or

834 views • 32 slides
Croeso 2015 180m gwariant ychwanegol 180m additional spend 35m AVE 35m AVE WTM, BOBI,

Croeso 2015 180m gwariant ychwanegol 180m additional spend 35m AVE 35m AVE WTM, BOBI,

Croeso 2015 180m gwariant ychwanegol 180m additional spend 35m AVE 35m AVE WTM, BOBI, ITB: 3.8m WTM, BOBI, ITB: 3.8m visitwales.com - 3m visitwales.com - 3m cynnwys digidol digital content DT100 a digwyddiadau mawr eiconig

833 views • 60 slides
The Minnesota Diet Research Center Gold Standard Trials Claim Substantiation Quality Support

The Minnesota Diet Research Center Gold Standard Trials Claim Substantiation Quality Support

The Minnesota Diet Research Center Gold Standard Trials Claim Substantiation Quality Support The Minnesota Diet Research Center Alimentix strives to be the leading clinical research investigative site for food, OTC pharmaceutical and

491 views • 21 slides
Crops grown with the intention that they will be ploughed in to benefit the following crop

Crops grown with the intention that they will be ploughed in to benefit the following crop

Crops grown with the intention that they will be ploughed in to benefit the following crop Green manures Green cover Cover crops Catch crops Greening compliance Counts as an EFA (environmental focus area)

721 views • 28 slides
STATE OF FOOD INSECURITY IN SIDS and VISION FOR THE FUTURE Food and Nutrition Security in SIDS

STATE OF FOOD INSECURITY IN SIDS and VISION FOR THE FUTURE Food and Nutrition Security in SIDS

STATE OF FOOD INSECURITY IN SIDS and VISION FOR THE FUTURE Food and Nutrition Security in SIDS Overview of SIDS Agricul., GNI per GDP per Agricul., Number Land Area GDP GDP value capita, Atlas Population capita value REGIONS of

526 views • 26 slides
Optimization of Airspace Administration and Procedures in the Metroplex SoCal Metroplex Lake

Optimization of Airspace Administration and Procedures in the Metroplex SoCal Metroplex Lake

Federal Aviation Optimization of Airspace Administration and Procedures in the Metroplex SoCal Metroplex Lake Arrowhead Presentation January 25, 2018 T o: Lake Arrowhead Municipal Advisory Council By: Dennis Roberts, FAA Regional

158 views • 13 slides
2019 Arrowhead EMS Conference & Expo PRESENTATION APPLICATION FORM Date: ______________

2019 Arrowhead EMS Conference & Expo PRESENTATION APPLICATION FORM Date: ______________

Page 1 of 3 2019 Arrowhead EMS Conference & Expo PRESENTATION APPLICATION FORM Date: ______________ Please complete one application form for each presentation. INCOMPLETE FORMS WILL NOT BE CONSIDERED Presenter Name: (REQUIRED)

147 views • 3 slides

More recommend