Community IT Webinar - IT Security for Nonprofits
-
Upload
community-it-innovators -
Category
Technology
-
view
391 -
download
0
Transcript of Community IT Webinar - IT Security for Nonprofits
![Page 1: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/1.jpg)
IT Security New and Emerging Best
Practices
October 23, 2014
Community IT Innovators Webinar Series
Presenters:Steve LongeneckerMatthew Eshleman
#ITSecurity
![Page 2: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/2.jpg)
Webinar Tips
• Ask questionsPost questions via chat
• InteractRespond to polls during webinar
• Focus Avoid multitasking. You may just miss the best part of the presentation
• Webinar PowerPoint & RecordingPowerPoint and recording links will be shared after the webinar
![Page 3: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/3.jpg)
About Community ITCommunity IT Innovators partners with nonprofits to help them solve their strategic & day-to-day IT challenges.
Strategic Proactive approach so you can make IT decisions that support your mission and grow with you
Collaborative Team of over 30 staff who empower you to make informed IT choices
Invested We are committed to supporting your mission, and take care of your IT network as if it were our own
Nonprofit focus Worked with over 900 nonprofits since 1993
![Page 4: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/4.jpg)
Presenters
Steve Longenecker, Project Manager
@CommunityIT
Matt Eshleman, Chief Technology
Officer [email protected]
@meshleman
![Page 5: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/5.jpg)
Agenda
• The Big Picture
• Security Culture
• Security Best Practices
• Questions
![Page 6: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/6.jpg)
The Big Picture
Source: From geograph.org.uk, Author: Tom Munro http://commons.wikimedia.org/wiki/File:View_across_the_Valley_of_the_Stones_-_geograph.org.uk_-_435889.jpg
![Page 7: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/7.jpg)
![Page 8: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/8.jpg)
It varies, and depends on the information...PDF of signed Annual Performance Review
• Confidentiality: Limit to HR and Supervisor (this may be a regulatory issue)
• Integrity: Data should not change and must have utmost confidence file is not altered.
• Availability: Needed only upon request, within 2-3 days.
Your Accounting System
• Confidentiality: Limit to Finance Department and President
• Integrity: Data constantly updated. Need ability to roll back last thirty days’ activity. Must have record of who changed what.
• Availability: Up to 8 hours of downtime is acceptable.
What are your organization’s CIA requirements?
![Page 9: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/9.jpg)
CIA Worksheet
Security Objective
LOW MODERATE HIGH
Confidentiality Disclosure of information could be expected to have a limited adverse effect
Disclosure of information could be expected to have a serious adverse effect
Disclosure of information could be expected to have a severe or catastrophic effect
Integrity Modification or Destruction of data could be expected to have a limited adverse effect
Modification or Destruction of data could be expected to have a serious adverse effect
Modification or Destruction of data could be expected to have a severe adverse effect
Availability The disruption of access to or use of information could be expected to have a limited adverse effect
The disruption of access to or use of information could be expected to have a serious adverse effect
The disruption of access to or use of information could be expected to have a severe adverse effect
![Page 10: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/10.jpg)
• NSA reads your email.
• You are the victim of hacker attack targeted at your organization specifically.
• You are the victim of general hacker attack, probably a script downloaded from the Internet.
• Data compromise due to known vulnerabilities in your IT infrastructure’s software/firmware.
• Data compromise due to action of disgruntled employee or former employee.
• Loss of data due to run-of-the-mill hardware failure.
• Data compromise due to end user carelessness.
Assessing Risk
![Page 11: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/11.jpg)
http://www.strozfriedberg.com/wp-content/uploads/2014/01/Stroz-Friedberg_On-the-Pulse_Information-Security-in-American-Business.pdf
The Stroz Friedberg report describes an online survey of 764 information workers in the United States working for companies with more than 20 people, conducted by KRC Research in the fall of 2013.
![Page 12: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/12.jpg)
Find the balance between CIA requirements and accessibility/cost.
Artist: Winslow Homer, Title: The See-Saw, Current location: Arkell Museum, Source/Photographer: The Athenaeumhttp://commons.wikimedia.org/wiki/File:Winslow_Homer_-_The_See-Saw_(1873).jpg
![Page 13: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/13.jpg)
Security Culture
Source: New York City Department of Transportation, Author: Nicholas Whitaker Photographyhttps://www.flickr.com/photos/nycstreets/9970004423/
![Page 14: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/14.jpg)
• Appropriate Use Policy and Controls
• Password Policy
• BYOD and BYOA Policies
Policies for End Users
![Page 15: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/15.jpg)
• Patching Policy.
• Data Retention Policies
• Identity and Access management.
Policies for the IT Department
![Page 16: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/16.jpg)
• Office Manager?
• HR person?
• CIO?
• CFO?
• CRO?
Who “owns” security
![Page 17: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/17.jpg)
Security Best Practices
Source: by Iphone4 , Author Dicti0nary0 http://commons.wikimedia.org/wiki/File:Authentication_devices.jpg
![Page 18: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/18.jpg)
Foundational Practices
Passwords
Backups
Patching
Antivirus
![Page 19: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/19.jpg)
Our Experience
• Most common cause of data loss –
Hardware failure
• Second most common cause of data loss –
Viruses
• Recovery from “unmanaged backup” -
measured in multiple days
![Page 20: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/20.jpg)
Evolving Org Trends
• Cloud based services
• Elimination of workplace borders
• Bring Your Own Device
• Bring Your Own App
![Page 21: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/21.jpg)
Emerging Best Practices
• Single Sign On
• 2FA
• Mobile Device Management
• Application Approval
• Encryption
• Adaptive Defense
![Page 22: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/22.jpg)
Practical Next Steps
• Have a data inventory: Know what
data you have, where it is and how its
protected
• Make sure you have good passwords
(and don’t use the same ones)
• Start planning for 2FA
![Page 23: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/23.jpg)
Questions?
Author: DuMont Television/Rosen Studios, New York-photographer, Uploaded by We hope at en.wikipedia http://commons.wikimedia.org/wiki/File:20_questions_1954.JPG
![Page 24: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/24.jpg)
Upcoming Webinar
Thursday November 20
4:00 – 5:00 PM EST
The Future of Nonprofit CRM:
Takeaways from BBCon and Dreamforce
David Deal and Kyle Haines
![Page 25: Community IT Webinar - IT Security for Nonprofits](https://reader035.fdocuments.in/reader035/viewer/2022062708/5589e0bfd8b42a8c2c8b459e/html5/thumbnails/25.jpg)
After the webinar
• Connect with us
• Provide feedback
Short survey after you exit the
webinar. Be sure to include any
questions that were not answered.
• Missed anything?
Link to slides & recording will be
emailed to you.