MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity

7/28/2019 MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity

1/47

2006-2011 SCIPP International, Inc. All Rights Reserved.

www.SCIPPinternat ional.org


Copyright 1989 2013 (ISC)2 All Rights Reserved

Exploring the Landscape of

Philippine Cybersecurity

Understanding the Risk and Taking Appropriate Steps to

Mitigate Cybersecurity Threats

Freddy Tan, CISSPChairperson,

(ISC) Board o f Direc to rs


2/47


3/47

Click to edit Master title style

Copyright 1989 2010, (ISC)2 All Rights Reserved


(ISC)2 Overview & Background

4 Regional Offices

London

(Europe)

Palm Harbor

Headquarters

Hong Kong

(Asia)

Tokyo

(Japan)

Virginia

(America)


4/47




Canada (2) Hong Kong

United Kingdom United States (5)

Korea, South

1000+

500+

200+

100+

Singapore (1)Australia Netherlands

China

Germany Japan(1)

South Africa

(1)

Finland

United Arab

EmiratesSaudi Arabia Taiwan

Belgium

(1)Ireland

(1)

Sweden

France

Brazil MexicoItalyDenmark

(1)

Spain

MalaysiaIsrael

Russia

Poland

Membership Honor Roll 2013

India

Switzerland

Thailand

AustriaNigeriaNew Zealand NorwayArgent ina Columbia

Turkey
http://en.wikipedia.org/wiki/File:Flag_of_Turkey.svghttp://en.wikipedia.org/wiki/File:Flag_of_Colombia.svghttp://www.flags.net/NORW.htmhttp://www.flags.net/NWZE.htmhttp://www.flags.net/NGRA.htmhttp://www.flags.net/AUST.htm


5/47




0

500

1000

1500

2000

2500

Total worldwide member: 75,000+

As of July 2011

Number of (ISC) Members in Various Asian

Economies


6/47




(ISC) Credential Positioning /Career Path


7/47




Why do I care aboutcyber security?

What is Cyber Security?

How can Imake a difference?


8/47

PROPERTIES

Allow user to leave interaction: After viewing all the steps

Show Next Slide Button: Show upon completion

Completion Button Label: Next Slide


9/47




Business Requirements

Information systems Support business

processes

Store and process sensitive

and critical data

Are available to almost

everyone

Information stored on all

types of media


10/47




Best Business Practices (1-5)

1. Incident Reporting Who and When to Call

2. Access Controls Never Share with Others

3. Malicious Code Think Before You Click

4. Internet Avoid Communications Hazards

5. Asset Management Secure Your Valuables


11/47





6. Human FactorIts All About the People

7. Physical Security Protect Your Workplace

8. Social EngineeringDont be Fooled

9. Business Continuity Survival of the Business

10. Policies/Compliance Your Responsibilities


12/47





Prompt identificationand response is key

Know

Who to call

When to call What to do

Dont alter or turn off

your system


13/47





First line of defense Passwords

Most common

Weakest form

Other access controls Tokens

Smart cards

Biometrics


14/47




Password Selection Criteria

MUST be kept private! Easy to remember

Dont write it down

Something personal

Meets companystandards

Hard to guess

Use both uppercase and lowercase letters

Substitute characters for letters (e.g., @ for a)

Substitute numbers for letters (e.g., 1 for i)

PATRIOTS

(Weak)

P@tr10ts

(Strong)


15/47




Log Off and Protect Your Screen

Lock computerswhen away

Terminate

sessions when

finished Beware of

shoulder

surfing


16/47





What happens if you click on that link? Virus

Worm

Trojan horse

Logic bomb Keystroke logger

Think before you

click!


17/47




4. The Internet Avoid Communications

Hazards

Who are you reallychatting with?

ID Theft

Should you click that

ad? Phishing

Secure connections


18/47




Safely Surfing the World Wide Web

Be very careful! Sites may contain

hidden programs

Never change your

security settings Dont download

unknown files

Spyware/Adware

Cookies


19/47


20/47




Email and Instant Messages

Confidential information Permanent record

Business purposes

Networking and chat


21/47




Email SPAM

Sometimes dangerous Activate SPAM folders

Do not open email

from unknown senders

Do not openattachments or links

in those emails


22/47




Portable Storage

Can be a risk tosensitive corporate

data

Use only when

permitted


23/47




Mobile Devices

Notebooks, tablets, etc. Tele-commuting,

traveling, personal

systems, and

acceptable use


24/47




Smartphones

Contain personal orcorporate data

Pictures of confidential data

Threat of theft/loss


25/47




Wireless Equipment

Must be used carefully Follow local policy

Enable security

measures

Use encrypted VPN(virtual private network)


26/47


27/47




5. Asset Management Protect Your Valuables

Assetan item of value Asset management

Identify

Track

Classify Assign ownership

Information assets

Human assets


28/47




Information Classification

Identifies sensitive orcritical information

Have procedures for

sensitive information

Protect Process

Store

Transmit


29/47




Data Backup

How much dataare you willing to

lose?

Backup data,

operatingsystems,

applications, and

configurations

Automated

saves


30/47





Do Your Part Be aware

Recognize suspicious

activities

Follow procedures

Ask if youre not sure

If in doubt, call the

appropriate security

office


31/47




Monitoring and Supervision

Insider threats Watch for suspicious activity

Report abnormal behavior

Pay attention to vendors

and consultants


32/47





33/47





Physical accesscan overcome

almost all other

controls

Know the identityof visitors

Lock it up


34/47




Entry Controls

Beware of tailgating Issue badges to visitors

Display badges

Report lost credentials


35/47




Physical Protection

Need to protect fromloss, damage, and theft

Power surges and

spikes

Manmade and naturalthreats


36/47




8. Social EngineeringDont Be Fooled

Easiest form ofhacking

Dont be

manipulated or

persuaded When in doubt,

follow policy and

report an incident


37/47




Identity Theft

Stealing your identity Personal information

Banking details

Credit cards

Takes hundreds ofhours to fix


38/47




Phishing Attacks


39/47




Dumpster Diving

Retrieving sensitiveinformation from

garbage dumpsters

In most jurisdictions, its

not against the law


40/47




9. Business Continuity Staying in Business

Be prepared forproblems

Know your role

Know who to call


41/47





Be aware of and followyour

Organizations policies

Compliance requirements

Education FERPA

Energy FERC/NERC

Financial Services FFIEC

Healthcare HIPAA

Retail PCI-DSS

U.S. Government FISMA

Workforce Safety and

Security

P i


42/47




Privacy

Personally IdentifiableInformation (PII)

Policies, awareness,

and controls

B t B i P ti (1 5)


43/47








4. Internet Avoid Communications Hazards

5. Asset Management Secure Your Valuables

B t B i P ti (6 10)


44/47







8. Social EngineeringDont be Fooled

9. Business Continuity Survival of the Business



45/47




End-User Security Awareness Course Summary

Cyber security is

important

We ALL have a role

Be security aware!

Do the right things right!

For more information please contact:


46/47


Copyright 1989 2010, (ISC)2 All Rights Reserved Copyright 1989 2010, (ISC)2 All Rights Reserved

Mr Clayton Jones,

Managing Director, Asia-Pacific, (ISC)2

[email protected]

Member Support

[email protected]

For more information, please contact:
mailto:[email protected]:[email protected]


47/47


Thank you!

"All that is necessary for the triumph of evil is that good men do

nothing.",

Edmund Burke, 1729 -1797

MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity

Documents

Transcript of MNSA MATERIAL Exploring the Landscape of the Phil Cybersecurity