Compliance Security - Cyber Security Summit...Cyber Security Summit | October 23-25, 2017 |...
25
Compliance ≠ Security (But, we’re getting closer) Rich Banta, Co-Owner & CISO, Lifeline Data Centers, LLC
Transcript of Compliance Security - Cyber Security Summit...Cyber Security Summit | October 23-25, 2017 |...
Compliance ≠ Security
(But, we’re getting closer) Rich Banta, Co-Owner & CISO, Lifeline Data Centers, LLC
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
• FedRAMP-Ready • HITRUST CSF
Certified • PCI DSS AoC/RoC • SOC2 • IRS-1075
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Rich Banta • CISSP• CCSP• CISA• CRISC• CFCP• CDCDP• CTIA• CTDC
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security WhydoesCompliance≠Security?
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security WhydoesCompliance≠Security?• ComplianceisChecklist-Based
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security WhydoesCompliance≠Security?• ComplianceisChecklist-Based• CompliancedependsonAudits
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security WhydoesCompliance≠Security?• ComplianceisChecklist-Based• CompliancedependsonAudits• AuditsassessapointinAme
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security Whateffortsarebeingmadetoaddressthepoint-in-Ameshortcoming?
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security Whateffortsarebeingmadetoaddressthepoint-in-Ameshortcoming?• CMP:ConAnuousMonitoringProgram
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security CMP:FedRAMP’sapproachtoConAnuousMonitoring
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security TheFedRAMPModerateBaselinecontains326controls*.*AndanaddiAonal~70controlenhancements
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security TheFedRAMPCMPcallsforconAnuousongoingmonitoringandreporAngon58ofthe326controls.
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security NIST800-53R4ControlRA-5:• VulnerabilityScanning
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security NIST800-53R4ControlRA-5:• VulnerabilityScanning– RA-5a:OS/infrastructure/webapplicaAon/databasescans– ScanresultsmustbesubmiYedinFedRAMP-specificdashboardformat
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security NIST800-53R4ControlRA-5:• VulnerabilityScanning– RA-5d:ProvidearAfactstoISSOshowinghigh-riskvulnerabiliAeshavebeenmiAgatedin30daysandmoderaterisk-vulnerabiliAeswithin90days
– POA&M
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security NIST800-53R4ControlCM-7(1)a:• LeastFuncAonality– IdenAfyandeliminateunnecessaryfuncAons,ports,protocols,and/orservices
– PPSM(Ports,Protocols,andServicesManagement)
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security NIST800-53R4ControlCM-8(3)a:• InformaAonSystemComponentInventory– AutomateddetecAonofnewassets– ReportssubmiYedmonthly– Vulnerabilityscanmust=Inventoryscan=PPSM=NAC,etc.
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security Lifelinehasnointernalwirelessnetworks.
(ThisincludestheDMZ)
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security ThisprecludeshavinganIoT,orInternetofThings
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security ThisprecludeshavinganIoT,orInternetofThingsIdiocy
Cyber Security Summit | October 23-25, 2017 | Minneapolis, MN | cybersecuritysummit.org
Compliance ≠ Security ThisprecludeshavinganIoT,orInternetofThings
Compliance ≠ Security
(But, we’re getting closer)
Questions? Comments? Rich Banta, Co-Owner & CISO, Lifeline Data Centers, LLC
Thank you for your time and interest! Rich Banta, Co-Owner & CISO, Lifeline Data Centers, LLC
![CYBER SECURITY - newriver.edu · CYBER SECURITY CYBER SECURITY CERTIFICATE OF APPLICED SCIENCE (CAS) [PROGRAM HOURS: 30] Prepare to work in an entry-level cyber security job. Explore](https://static.fdocuments.in/doc/165x107/5f79ab73890821335e355f81/cyber-security-cyber-security-cyber-security-certificate-of-appliced-science-cas.jpg)
