Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security...
-
Upload
sydni-webb -
Category
Documents
-
view
213 -
download
0
Transcript of Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security...
![Page 1: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/1.jpg)
Layered Security Solutions - Simplified
www.SoftwareSecuritySolutions.com
303-232-9070
© 2008
Monte Robertson - CEO
Layered Security Solutions – Simplified!
![Page 2: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/2.jpg)
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
The Layered Security Solution for Small Businesses
Goals and Outcomes:
• Begin to understand layered security.
• Put information to immediate use, at home and at work.
• Use this to help others with awareness.
![Page 3: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/3.jpg)
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
The Small Business Situation
• SMB does not have the knowledge or skills to address this complex issue.
Small Business Information Security Act of 2008 (Senator Olympia J. Snowe, R-Maine)
As Mentors - You can help!
![Page 4: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/4.jpg)
Identification of Risk
• What data could cause them harm if lost, changed or compromised?
• What do they need to protect?
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
1. Financial Data2. Customer Data3. Vendor Data4. Employee Data5. Health Care, Investments6. Corporate Intellectual Property7. Investors
![Page 5: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/5.jpg)
Identification of Risk• What is the value of each category?
• Where is this information kept?
• What regulations apply to the business’ data?
– PCI, SOX, GLB, HIPAA– E-Discovery requirements for pertinent data
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 6: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/6.jpg)
Data Back-up
• All categories of Data1. Critical\Non Critical
2. Email – Archiving, new legal requirements
3. Data Shares
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 7: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/7.jpg)
Data Back-up
• Local – on site, DAS, NAS, Appliances
• Tape vs. new technology
• Off site, Online
• Redundancy & DR
• Standards & Regulations
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 8: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/8.jpg)
Data Back-up Research
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
• Are all areas identified & backed up? Both on & off site?
• What type do they use & is it efficient?
• Time & resources required to maintain?
• Time & resources required to restore?
• Have backups been tested?
• Comfort & Consequences!
![Page 9: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/9.jpg)
Disaster Recovery Plan
• Identify and assign resources
• Business Continuity
• Insurance
• Tools to help
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 10: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/10.jpg)
Disaster Recovery Research
• Disaster Recovery Journalhttp://www.drj.com/
• Gartner http://www.gartner.com/5_about/news/disaster_recovery.html
• SBA http://www.sba.gov/services/disasterassistance/index.html
• Plans are a work in progress as business changes.• Less than 10% survive without a plan
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 11: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/11.jpg)
Anti Malware
• Client machines – laptop, desktop, mobile• Servers• Gateways
1. Internet, Email
• Changes in technology• New Threats
– Mashups & Web 2.0
• $100 additional cost per user
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 12: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/12.jpg)
Anti Malware Research
• Virus Bulletinhttp://www.virusbtn.com
• Anti Virus Comparativeshttp://www.av-comparatives.org
• AV Testhttp://www.av-test.org
– Times have changed & so have solutions• www.SoftwareSecuritySolutions.com/anti-virus-cost-
calculator.php
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 13: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/13.jpg)
Firewalls
• Gateway• Inspection types• Additional layers
1. Anti Malware
2. Anti Spam
3. Content Filtering
4. Intrusion prevention
• Personal Firewalls
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 14: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/14.jpg)
Firewall Research
• ICSA
http://www.icsa.net/icsa/icsahome.php
• West Coast Labs
http://www.westcoastlabs.com
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 15: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/15.jpg)
Email Security & Filtering
• All user devices• Email Technology
• Spam1. Volume, Cost
• Malware• Phishing• Social Engineering• Archiving, Legal
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 16: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/16.jpg)
Email Security Research
• How critical is Email to their business?
• Associated cost?
• POP3 vs. SMTP
• Conduct CBA on Service vs. Appliances & Software
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 17: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/17.jpg)
Wireless Security
• Mobile Devices1. Anti malware
2. Backup & theft recovery
• Wireless Networks
• Authentication
• Encryption
• WEP\WPA
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 18: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/18.jpg)
Web Security & Filtering
• All user devices\Servers
• Shift in threat
• Web applications– PCI compliance
• Searching\Surfing
• Liabilities
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 19: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/19.jpg)
User Education & Application updates
• Weakest link
• Threat Surface
• Future attacks
• Updates1. OS
2. Office
3. Common apps
4. Checked regularly?
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 20: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/20.jpg)
User Education Resources
Employee Awareness:http://www.gocsi.com/awareness/awareness_peer_group.jhtml
Security Video:http://i.cmpnet.com/gocsi/wsc/video.html
World Security Challenge:http://www.gocsi.com/WSC/
Customizable Awareness Newsletter:http://www.gocsi.com/awareness/front.jhtml
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 21: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/21.jpg)
Security Policy
• Definitions– All Layers– Acceptable Use– Consequences
• Resources– What to use– Who supports
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 22: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/22.jpg)
Security Policy Resources
• Policies, Standards and Guidelines: https://www2.sans.org/resources/policies/
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 23: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/23.jpg)
What they can (and should) do right now
• Network Configuration (P2P vs. Domain)
• Updates – 3rd party
• Office machines – (all in one)
• Laptop encryption, theft tracking
• User rights
• File Access
• Physical Access
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 24: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/24.jpg)
Implementing a Layered Security Solution
• Create a Security Policy
• Formulate an adoption plan
• Budget
• Start with most critical areas
• Set & forget not an option
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 25: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/25.jpg)
Questions and Answers
If your data isn’t secure, it isn’t your data.®
www.SoftwareSecuritySolutions.com
![Page 26: Layered Security Solutions - Simplified 303-232-9070 © 2008 Monte Robertson - CEO Layered Security Solutions – Simplified!](https://reader038.fdocuments.in/reader038/viewer/2022110205/56649c715503460f94922d3f/html5/thumbnails/26.jpg)
Layered Security Solutions - Simplified
www.SoftwareSecuritySolutions.com
303-232-9070
© 2008
Monte Robertson – CEO
Layered Security Solutions – Simplified!