Guard Era Security Overview Preso (Draft)

IT & Internet Security Overview Superior Oil January 17, 2008 Mike Panno GuardEra Access Solutions, Inc. 200 W. 22 nd Street, Suite 220 Lombard, IL 60148 847.348.0600

GuardEra Access Solutions, Inc Mike Panno, President & CEO

Discussion Agenda Why information security? What is information security? Top 10 “Must do’s” for small-mid sized businesses Q&A

Overview Hackers and thieves are increasingly targeting small businesses According to a 2005 FBI Study – 90% of businesses and organizations had at least one security incident within the past 12 months Symantec Internet Threat Report – over 80% of data breaches could be prevented

Overview Cont’d On average small businesses lost over $200,000 per incident Consumers are starting to take note of businesses cyber security record 20% of consumers would not return to a business that had a security breach 85% of consumers would shop more at a business known for good cyber security practices

Overview Cont’d Small Businesses can no longer afford not to make “cyber security a priority” There are simple practical steps a small business can take to protect themselves and their customers Good start is by following NCSA’s Top 7 Small Business Cyber Security Tips Conduct a risk assessment and develop a cyber security plan

Spectrum of Cyber Threats Unstructured Structured Sophistication Hacktivists Insiders Information warriors Intelligence agencies Terrorists Industrial espionage Organized crime Institutional hackers Recreational hackers

The Risk Equation Risk = Threat x Vulnerability x Consequences Threat: Malicious intentions or capabilities Vulnerability: Weaknesses in technology, processes, or procedures Consequences:

Information System Vulnerabilities Definition: Conditions that may lead to an implicit or explicit failure of the confidentiality, integrity, or availability of an information system Examples: Executing commands as another user Accessing data in excess of specified or expected permission Posing as another user or service within a system Causing an abnormal denial of service Inadvertently or intentionally destroying data without permission Exploiting an encryption implementation weakness that significantly reduces the time or computation required to recover the plaintext from an encrypted message Common causes: Design flaws in software and hardware Botched administrative processes Lack of awareness and education in information security Advancements in the state of the art or improvements to current practices

Potential Consequences Embarrassment Repair costs Misinformation or worse Loss of (eCommerce) business Legal trouble Federal Trade Commission/BJ’s Wholesale Club Case Page

Three Common Attacks Today Theft of data and resources Denial-of-service attacks Malicious codes and viruses Page

Theft of Data and Resources Stealing your computer files Accessing your computer accounts Stealing your laptops and computers Intercepting your e-mail Page

Information Security is a Process (2) Define Security Strategies (1) Identify Enterprise Security Risks & Priorities (3) Design, Test & Implement (4) Monitor Anticipate & Respond (5) Manage & Improve Start with an assessment of risks, then define security strategies to address highest priority items, implement solutions, monitor, improve upon.

Defense In Depth: Security Best Practices Secure your network Secure your endpoints and devices Mitigate and control threats

Secure Your Network Analogy: Gated community Challenges: Unauthorized access: Can lead to loss of company data, unplanned downtime, and related liability concerns Peer-to-peer file sharing and instant messaging: Distracts employees and reduces productivity Viruses: Can infect systems, bringing them down and resulting in outages and lost revenue Spam and phishing: Creates a nuisance and contributes to loss of employee productivity Browsing of non-work-related Websites: Leads to loss of employee productivity and possible company liability issues Infected VPN traffic: Creates a vector for threats to enter the network and disrupt the business Solutions: Secure gateway Secure access (remote via VPN; on-site via authentication) Employee awareness and training

Secure Your Endpoints and Devices Analogy: Individual houses in the community Challenges: PCs: Out-of-date software leaves vulnerabilities open Laptops: Non-corporate web access provides multiple threat vectors; unencrypted laptop theft risks loss of proprietary information Cell phones, PDAs, smart phones: Same risks as laptops, except smaller devices easier to misplace Wireless access: Public hotspots, conventions, hotels, airports wide open venues for attackers Solutions: Update software regularly or automatically Encrypt endpoints Employ secure integrated services routers and behavior-based agents Employee awareness and training

Mitigate and Control Threats Analogy: Security patrols in the community Challenges: Unconnected “seams” between network and hosts could impede “connecting the dots” of an attack IT support staff often not trained in incident response Information sharing barriers slow incident awareness Solutions: Deploy network flow technology to gain end-to-end view of the network Develop and train incident response team Join your sector’s Information Sharing and Analysis Center Take advantage of US Computer Emergency Readiness Team (US-CERT) and Homeland Security Information Network (HSIN) alert networks

GuardEra’s Services Portfolio Security Infrastructure Compliance Assessment And Remediation Managed IT Services Network Infrastructure

Top 10 SMB Security Must-do’s: Model the threats to your business, and perform a security risk assessment Develop an information security policy, and educate your users Design a secure network, implement packet filtering in the router, implement a firewall, and use a DMZ network for servers requiring Internet access. Use anti-virus software, both at the gateway, and on each desktop Use only Operating Systems that have adequate security baseline capabilities Know your network, harden systems by removing unnecessary applications, and maintain an aggressive program of patching operating systems and applications Use personal firewalls, particularly on laptops used by mobile users Use strong authentication Develop a computer incident response plan Get started!

Other Security Resources http:// www.staysafeonline.org /basics/small_ business.html National Cyber Security Alliance business site Additional Resources www.csrc.nist.gov / NIST Computer Security Division www.US-CERT.gov U.S. Computer Emergency Readiness Team www.asbdc-us.org Security Guide for Small Biz iase.disa.mil Information Assurance Support www.isalliance.org Common sense infosec guides irtsectraining.nih.gov / Free online-information security training www.ftc.gov Federal Trade Commission infosec info

Questions? Mike Panno GuardEra Access Solutions, Inc. 200 W. 22nd Street, Suite 220 Lombard, IL 60148 847.348.0600

Guard Era Security Overview Preso (Draft)

More Related Content

What's hot

Similar to Guard Era Security Overview Preso (Draft)

More from GuardEra Access Solutions, Inc.

Recently uploaded

Guard Era Security Overview Preso (Draft)