MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
-
Upload
happynako-wholesome -
Category
Documents
-
view
218 -
download
0
Transcript of MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
1/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Copyright 1989 2013 (ISC)2 All Rights Reserved
Exploring the Landscape of
Philippine Cybersecurity
Understanding the Risk and Taking Appropriate Steps to
Mitigate Cybersecurity Threats
Freddy Tan, CISSPChairperson,
(ISC) Board o f Direc to rs
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
2/47
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
3/47
Click to edit Master title style
Copyright 1989 2010, (ISC)2 All Rights Reserved
Copyright 1989 2010, (ISC)2 All Rights Reserved
(ISC)2 Overview & Background
4 Regional Offices
London
(Europe)
Palm Harbor
Headquarters
Hong Kong
(Asia)
Tokyo
(Japan)
Virginia
(America)
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
4/47
Click to edit Master title style
Copyright 1989 2010, (ISC)2 All Rights Reserved
Copyright 1989 2010, (ISC)2 All Rights Reserved
Canada (2) Hong Kong
United Kingdom United States (5)
Korea, South
1000+
500+
200+
100+
Singapore (1)Australia Netherlands
China
Germany Japan(1)
South Africa
(1)
Finland
United Arab
EmiratesSaudi Arabia Taiwan
Belgium
(1)Ireland
(1)
Sweden
France
Brazil MexicoItalyDenmark
(1)
Spain
MalaysiaIsrael
Russia
Poland
Membership Honor Roll 2013
India
Switzerland
Thailand
AustriaNigeriaNew Zealand NorwayArgent ina Columbia
Turkey
http://en.wikipedia.org/wiki/File:Flag_of_Turkey.svghttp://en.wikipedia.org/wiki/File:Flag_of_Colombia.svghttp://www.flags.net/NORW.htmhttp://www.flags.net/NWZE.htmhttp://www.flags.net/NGRA.htmhttp://www.flags.net/AUST.htm -
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
5/47
Click to edit Master title style
Copyright 1989 2010, (ISC)2 All Rights Reserved
Copyright 1989 2010, (ISC)2 All Rights Reserved
0
500
1000
1500
2000
2500
Total worldwide member: 75,000+
As of July 2011
Number of (ISC) Members in Various Asian
Economies
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
6/47
Click to edit Master title style
Copyright 1989 2010, (ISC)2 All Rights Reserved
Copyright 1989 2010, (ISC)2 All Rights Reserved
(ISC) Credential Positioning /Career Path
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
7/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Why do I care aboutcyber security?
What is Cyber Security?
How can Imake a difference?
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
8/47
PROPERTIES
Allow user to leave interaction: After viewing all the steps
Show Next Slide Button: Show upon completion
Completion Button Label: Next Slide
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
9/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Business Requirements
Information systems Support business
processes
Store and process sensitive
and critical data
Are available to almost
everyone
Information stored on all
types of media
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
10/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Best Business Practices (1-5)
1. Incident Reporting Who and When to Call
2. Access Controls Never Share with Others
3. Malicious Code Think Before You Click
4. Internet Avoid Communications Hazards
5. Asset Management Secure Your Valuables
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
11/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Best Business Practices (6-10)
6. Human FactorIts All About the People
7. Physical Security Protect Your Workplace
8. Social EngineeringDont be Fooled
9. Business Continuity Survival of the Business
10. Policies/Compliance Your Responsibilities
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
12/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
1. Incident Reporting Who and When to Call
Prompt identificationand response is key
Know
Who to call
When to call What to do
Dont alter or turn off
your system
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
13/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
2. Access Controls Never Share with Others
First line of defense Passwords
Most common
Weakest form
Other access controls Tokens
Smart cards
Biometrics
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
14/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Password Selection Criteria
MUST be kept private! Easy to remember
Dont write it down
Something personal
Meets companystandards
Hard to guess
Use both uppercase and lowercase letters
Substitute characters for letters (e.g., @ for a)
Substitute numbers for letters (e.g., 1 for i)
PATRIOTS
(Weak)
P@tr10ts
(Strong)
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
15/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Log Off and Protect Your Screen
Lock computerswhen away
Terminate
sessions when
finished Beware of
shoulder
surfing
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
16/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
3. Malicious Code Think Before You Click
What happens if you click on that link? Virus
Worm
Trojan horse
Logic bomb Keystroke logger
Think before you
click!
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
17/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
4. The Internet Avoid Communications
Hazards
Who are you reallychatting with?
ID Theft
Should you click that
ad? Phishing
Secure connections
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
18/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Safely Surfing the World Wide Web
Be very careful! Sites may contain
hidden programs
Never change your
security settings Dont download
unknown files
Spyware/Adware
Cookies
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
19/47
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
20/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Email and Instant Messages
Confidential information Permanent record
Business purposes
Networking and chat
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
21/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Email SPAM
Sometimes dangerous Activate SPAM folders
Do not open email
from unknown senders
Do not openattachments or links
in those emails
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
22/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Portable Storage
Can be a risk tosensitive corporate
data
Use only when
permitted
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
23/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Mobile Devices
Notebooks, tablets, etc. Tele-commuting,
traveling, personal
systems, and
acceptable use
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
24/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Smartphones
Contain personal orcorporate data
Pictures of confidential data
Threat of theft/loss
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
25/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Wireless Equipment
Must be used carefully Follow local policy
Enable security
measures
Use encrypted VPN(virtual private network)
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
26/47
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
27/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
5. Asset Management Protect Your Valuables
Assetan item of value Asset management
Identify
Track
Classify Assign ownership
Information assets
Human assets
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
28/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Information Classification
Identifies sensitive orcritical information
Have procedures for
sensitive information
Protect Process
Store
Transmit
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
29/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Data Backup
How much dataare you willing to
lose?
Backup data,
operatingsystems,
applications, and
configurations
Automated
saves
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
30/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
6. Human FactorIts All About the People
Do Your Part Be aware
Recognize suspicious
activities
Follow procedures
Ask if youre not sure
If in doubt, call the
appropriate security
office
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
31/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Monitoring and Supervision
Insider threats Watch for suspicious activity
Report abnormal behavior
Pay attention to vendors
and consultants
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
32/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
33/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
7. Physical Security Protect Your Workplace
Physical accesscan overcome
almost all other
controls
Know the identityof visitors
Lock it up
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
34/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Entry Controls
Beware of tailgating Issue badges to visitors
Display badges
Report lost credentials
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
35/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Physical Protection
Need to protect fromloss, damage, and theft
Power surges and
spikes
Manmade and naturalthreats
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
36/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
8. Social EngineeringDont Be Fooled
Easiest form ofhacking
Dont be
manipulated or
persuaded When in doubt,
follow policy and
report an incident
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
37/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Identity Theft
Stealing your identity Personal information
Banking details
Credit cards
Takes hundreds ofhours to fix
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
38/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Phishing Attacks
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
39/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Dumpster Diving
Retrieving sensitiveinformation from
garbage dumpsters
In most jurisdictions, its
not against the law
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
40/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
9. Business Continuity Staying in Business
Be prepared forproblems
Know your role
Know who to call
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
41/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
10. Policies/Compliance Your Responsibilities
Be aware of and followyour
Organizations policies
Compliance requirements
Education FERPA
Energy FERC/NERC
Financial Services FFIEC
Healthcare HIPAA
Retail PCI-DSS
U.S. Government FISMA
Workforce Safety and
Security
P i
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
42/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Privacy
Personally IdentifiableInformation (PII)
Policies, awareness,
and controls
B t B i P ti (1 5)
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
43/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Best Business Practices (1-5)
1. Incident Reporting Who and When to Call
2. Access Controls Never Share with Others
3. Malicious Code Think Before You Click
4. Internet Avoid Communications Hazards
5. Asset Management Secure Your Valuables
B t B i P ti (6 10)
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
44/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
Best Business Practices (6-10)
6. Human FactorIts All About the People
7. Physical Security Protect Your Workplace
8. Social EngineeringDont be Fooled
9. Business Continuity Survival of the Business
10. Policies/Compliance Your Responsibilities
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
45/47
2006-2011 SCIPP International, Inc. All Rights Reserved.
www.SCIPPinternat ional.org
2006-2012 SCIPP International, Inc. All Rights Reserved.
End-User Security Awareness Course Summary
Cyber security is
important
We ALL have a role
Be security aware!
Do the right things right!
For more information please contact:
-
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
46/47
Click to edit Master title style
Copyright 1989 2010, (ISC)2 All Rights Reserved Copyright 1989 2010, (ISC)2 All Rights Reserved
Mr Clayton Jones,
Managing Director, Asia-Pacific, (ISC)2
Member Support
For more information, please contact:
mailto:[email protected]:[email protected] -
7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity
47/47
Click to edit Master title style
Thank you!
"All that is necessary for the triumph of evil is that good men do
nothing.",
Edmund Burke, 1729 -1797