Adequate securitynew1404.019

•Télécharger en tant que PPTX, PDF•

1 j'aime•569 vues

Wivenhoe Management Group

Technologie Business

What is an Adequate Level of
Security?
There is clearly a substantial difference in
protecting a facility from persons intent on
destroying the infrastructure to those
intent on defacing it.
Defining that difference is critical
Wivenhoe Management Group

Factors That Determine An
Adequate Level of Security
1. Type of Facility
2. Cost
3. Risk Acceptance
4. Insurance Requirements
5. SVA Recommendations
6. Liability
Wivenhoe Management Group

Factors That Determine An
Adequate Level of Security
1. Basis of Security Understanding
2. Threat Level
3. Accepted Security Industry Standards & Practice
4. Legal Compliance
5. Environment
6. Incident History
7. Other
Wivenhoe Management Group

Basis of Security Understanding
Sandia - Detect, Delay, Respond
DHS - Deter, Detect, Delay, Respond
Security Industry Experience
Keep the Problem Out
Deter the Problem Elsewhere
Wivenhoe Management Group

Threat Level
Crime Rate Statistics
• Homicide
• Rape
• Robbery
• Aggravated Assault
• Crimes Against Persons
• Burglary
• Larceny
• Motor Vehicle Theft
• Crimes Against Property
Wivenhoe Management Group

Accepted Security Industry
Standards & Practices
Design Criteria
Properly Maintained Equipment
Training
Manufacturer Authorized Installers
Proper Lighting
Accepted System Design
Current Software & Firmware
Wivenhoe Management Group

Accepted Security Industry
Standards & Practices
As Built Drawings
Response Time to System Failure
Back-Up Power Systems
Meeting Federal & Local Codes
Minimum Video Recording Time
Schedules Identifying Types &
Quantities of Security Panels
Wivenhoe Management Group

Accepted Security Industry
Standards & Practices
Due Diligence Related to Contractors
Clear Definition of Performance
Requirements
Required Installation Permits
Electric Surge Protection
Wivenhoe Management Group

Legal Compliance
• Specific Industry Security
Requirements
• Data Security Requirements
• Physical Security Requirements
Wivenhoe Management Group

Incident History
• Five (5) Year History
• Type of Incident
• Actions Taken
• Incident/Serious Breach
Wivenhoe Management Group

Liability
• Standard Law Suit
• Negligence
• Gross Negligence
• Repercussions
Wivenhoe Management Group

Environment
• Crime Rates
• Type of Crime Category
• Transportation Hub
• Nearby Targets
• Sensitive Border
• Target Vantage Point
Wivenhoe Management Group

Type of Facility
• Hazardous
• Strategic Value
• Age & Condition
• Key Infrastructure
• Research Facility
• Communication Hub
Wivenhoe Management Group

Cost
• Cost, the Leading Factor
• Cost, a Double-Edged Sword
• Cost, Lowest Bidder
• Cost, Technology Changes
Wivenhoe Management Group

Risk Acceptance
Higher Risk = Less Cost
Lower Risk Safe Choice
Difference is Liability
Wivenhoe Management Group

Insurance Concerns
Escalating Medical Costs
Increasing Value of Assets
Ever Present Terrorism
Wivenhoe Management Group

Insurance Requirements
UL Certified Alarm System
Data Security Compliance
Safety Compliance
Cyber Crime Prevention
Active Shooter Containment
Wivenhoe Management Group

SVA Requirements
What is an SVA?
Security Vulnerability Assessment
Wivenhoe Management Group

Why Perform An SVA?
• Threat Level
• Critical Assets
• Findings & Recommendations
• Federal Grant Funding
• Customer Confidence
Wivenhoe Management Group

Why Perform An SVA?
• Counter Liability
• Phased Solution
• Emergency Planning & Response
– Active Shooter
– Bomb Threat
• Measured Response
Wivenhoe Management Group

SUMMARY
Basis of Security
• Deter Detect Delay Respond
• Detect Delay Respond
Wivenhoe Management Group

SUMMARY
Many Factors
Threat Level Legal Compliance
Accepted Standards Environment
Incident History Liability
Facility Type Risk Acceptance
Insurance Cost
Security Vulnerability Assessment
Wivenhoe Management Group

SUMMARY
More Important Factors
Threat Level
Liability
Facility Type
Legal Compliance
Wivenhoe Management Group

QUESTIONS
Questions can be sent to:
David McCann
Principal Consultant
Wivenhoe Management Group
dmccann@wivenhoegroup.com
www.wivenhoegroup.com
Wivenhoe Management Group

Contenu connexe

Tendances

Risk Management Methodology - Copy

Rabah Odeh ITIL 5.0-OCP-CISA-PMP-OCP..etc

Wastewater Workshop Presentation 2007[2 R]

Wivenhoe Management Group

Cyber Resilience: Managing Cyber Shocks

Phil Huggins FBCS CITP

In 2017, Resolver acquired RiskVision—a recognized leader in integrated risk management software for security operations. In this presentation you will learn how to prioritize efforts around risk mitigation and response to cyber threats. You’ll also learn where we’re heading on the product roadmap and how it will drive your IT efficiency even further and make it easier to share real-time information with your C-suite, board, and other stakeholders.

An Intro to Resolver's InfoSec Application (RiskVision)

Resolver Inc.

ComResource - NW Agent Cybersecurity

Anthony Dials

Risk Assessment And Management

vikasraina

Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...

Citrin Cooperman

Cyber–supply chain risks pose a new set of challenges for businesses (loss of critical IP, unwanted functionality in products) which jeopardize brand reputation and shareholder value. This session will present case study research from NIST on cutting-edge practices and tools that today’s industry leaders in supply chain risk management are deploying to secure their supply chains from end to end. (Source: RSA USA 2016-San Francisco)

Integrating Cybersecurity into Supply Chain Risk Management

Priyanka Aash

Risk Assessments

JoAnna Cheshire

Pitfalls of Cyber Data

Phil Huggins FBCS CITP

Resilience is the new cyber security

Phil Huggins FBCS CITP

Bay Dynamics

Meg Vorland

Vendor Cybersecurity Governance: Scaling the risk

Sarah Clarke

The Measure of Success: Security Metrics to Tell Your Story

Priyanka Aash

Proactive incident response

Brian Honan

Managing Insider Risk

Phil Huggins FBCS CITP

IT Security management and risk assessment

CAS

OWASP based Threat Modeling Framework

Chaitanya Bhatt

Cyber Resilience

Phil Huggins FBCS CITP

Countering Cyber Threats

Phil Huggins FBCS CITP

Tendances (20)

Risk Management Methodology - Copy

Wastewater Workshop Presentation 2007[2 R]

Cyber Resilience: Managing Cyber Shocks

An Intro to Resolver's InfoSec Application (RiskVision)

ComResource - NW Agent Cybersecurity

Risk Assessment And Management

Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...

Integrating Cybersecurity into Supply Chain Risk Management

Risk Assessments

Pitfalls of Cyber Data

Resilience is the new cyber security

Bay Dynamics

Vendor Cybersecurity Governance: Scaling the risk

The Measure of Success: Security Metrics to Tell Your Story

Proactive incident response

Managing Insider Risk

IT Security management and risk assessment

OWASP based Threat Modeling Framework

Cyber Resilience

Countering Cyber Threats

Similaire à Adequate securitynew1404.019

Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015

Joe Bartolo

Wasn't expecting that! Now what?

Jisc

Security architecture frameworks

John Arnold

Stay Ahead of Threats with Advanced Security Protection - Fortinet

MarcoTechnologies

Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...

North Texas Chapter of the ISSA

Enterprise under attack dealing with security threats and compliance

SPAN Infotech (India) Pvt Ltd

ION-E Defense In Depth Presentation for The Institiute of Internal Auditors

mdagrossa

Undertake the Risk Analysis Policy

Komal Zahra

There's a data explosion underway and it's a lucrative market for cyber criminals. Charities with their complex contexts and valuable data are an obvious target and so it's essential Cyber threats are addressed in Charities' risk strategies. This presentation set outs the current situation, what the potential consequences are and who could be impacted before explaining what can be done about it and how to approach the challenge. Presentation to representatives from the UK Charities sector at the Charity Finance Group's annual IT, Data, Insights and Cyber Security Conference.

Cyber Attacks aren't going away - including Cyber Security in your risk strategy

James Mulhern

The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt

John D. Johnson

Threat Based Risk Assessment

Michael Lines

Cyber Security 2016 Cade Zvavanjanja1

Cade Zvavanjanja

Risk Management (1) (1).ppt

AjjuSingh2

Focusing on the Threats to the Detriment of the Vulnerabilities

Roger Johnston

Presented by: Andrew Plato, Anitian Abstract: Understanding, managing and responding to risk is one of the core functions of any information security program. However, for many organizations risk assessment is cumbersome and time consuming process. IT leaders, as well as security regulations, are demanding risk management practices that can deliver quick and actionable results. Rapid Risk Assessment is a new approach to risk management that dramatically reduces the time, effort, and complexity for IT security risk assessment. Using the existing principles of risk management defined in NIST 800-30 documents, Rapid Risk Assessment can deliver more actionable and reliable results empowering business leaders to make sound decisions about risk. The key to this approach is a unique combination of skills, organization, and documentation that accelerates every aspect of the risk management process. This presentation shows why current risk management tactics are failing and how Rapid Risk Assessment can correct those deficiencies.

Rapid Risk Assessment: A New Approach to Risk Management

EnergySec

Maintaining, verifying, and demonstrating compliance with regulatory requirements, whether PCI DSS, HIPAA, GLBA or others, is far from a trivial exercise. Proving compliance with these requirements often translates into a lot of manual and labor-intensive tasks – chasing down discrepancies in asset inventory spreadsheets, remediating critical vulnerabilities, and weeding through log data trying to make sense of it all. In fact, you may need to consult at least a dozen different tools to assemble the security controls and reports you need. Compliance doesn't have to be so hard. Review this presentation to learn: - Common audit compliance failures - A pre-audit checklist to help you plan and prepare - Core security capabilities needed to demonstrate compliance - How to simplify compliance with a unified approach to security

How to Simplify Audit Compliance with Unified Security Management

AlienVault

Security Site Surveys and Risk Assessments

Enterprise Security Risk Management

2015 Global Threat Intelligence Report - an analysis of global security trends

DImension Data

Assuring Reliable and Secure IT Services

tsaiblake

My_notes_part1.pdf

PhilLopez4

Similaire à Adequate securitynew1404.019 (20)

Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015

Wasn't expecting that! Now what?

Security architecture frameworks

Stay Ahead of Threats with Advanced Security Protection - Fortinet

Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...

Enterprise under attack dealing with security threats and compliance

ION-E Defense In Depth Presentation for The Institiute of Internal Auditors

Undertake the Risk Analysis Policy

Cyber Attacks aren't going away - including Cyber Security in your risk strategy

The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt

Threat Based Risk Assessment

Cyber Security 2016 Cade Zvavanjanja1

Risk Management (1) (1).ppt

Focusing on the Threats to the Detriment of the Vulnerabilities

Rapid Risk Assessment: A New Approach to Risk Management

How to Simplify Audit Compliance with Unified Security Management

Security Site Surveys and Risk Assessments

2015 Global Threat Intelligence Report - an analysis of global security trends

Assuring Reliable and Secure IT Services

My_notes_part1.pdf

Dernier

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

FIDO Alliance

In the ever-evolving landscape of data management, Zero-ETL is an approach that is reshaping how businesses handle and integrate their data. This webinar explores Zero-ETL, a paradigm shift from the traditional Extract, Transform, Load (ETL) process, offering a more streamlined, efficient, and real-time data integration method. We will begin with an introduction to the concept of Zero-ETL, including how it allows direct access to data in its native environment and real-time data transformation, providing up-to-date information with significantly reduced data redundancy. Next, we'll take you through several demonstrations showing how Zero-ETL can deliver real-time data and enable the free movement of data between systems. We will also discuss the various tools that support all aspects of Zero-ETL, providing attendees with an understanding of how they can adopt this innovative approach in their organizations. Lastly, the session will conclude with an interactive Q&A segment, allowing participants to gain deeper insights into how Zero-ETL can be tailored to their specific business needs and how they can get started today. Join us to discover how Zero-ETL can elevate your organization's data strategy.

The Zero-ETL Approach: Enhancing Data Agility and Insight

Safe Software

Using IESVE for Room Loads Analysis - UK & Ireland

IES VE

Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside

Stefan Dietze

Overview of Hyperledger Foundation

Hyperleger Tokyo Meetup

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

FIDO Alliance

Explore the latest trends and insights on JavaScript usage with Pixlogix's informative blog. Discover key statistics and facts about JavaScript's role in web development, its popularity among developers, and its impact on modern websites. Stay updated with the evolving landscape of JavaScript frameworks and libraries, and learn how they're shaping the future of web development. Gain valuable insights to enhance your JavaScript skills and stay ahead in the digital realm.

JavaScript Usage Statistics 2024 - The Ultimate Guide

Pixlogix Infotech

At Skynet Technologies, our team of accessibility experts performs automated, semi-automated, and manual audits of websites and web applications as per WCAG 2.2 level AA, ADA, and section 508. Based on evaluations of the accessibility compliance level of the website’s UI, design, source code, navigation, interactive elements, and overall usability, we will provide a digital accessibility evaluation report with in-depth details of potential accessibility barriers and remediation recommendations. Get a manual website WCAG audit (2.0, 2.1, 2.2 level AA) for a small website: 10 pages: $2,500 within 7 business days 30 pages: $7,500 within 14 business days 50 pages: $12,500 within 28 business days For medium websites: 100 pages: $25,000 within 6 weeks For larger websites or audits of all pages, please reach out hello@skynettechnologies.com.

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...

Skynet Technologies

Intro to Passkeys and the State of Passwordless.pptx

FIDO Alliance

Introduction to FIDO Authentication and Passkeys.pptx

FIDO Alliance

Intro in Product Management - Коротко про професію продакт менеджера

Mark Opanasiuk

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...

FIDO Alliance

Extensible Python: Robustness through Addition - PyCon 2024

Patrick Viafore

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

FIDO Alliance

Google I/O Extended 2024 Warsaw

GDSC PJATK

Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...

ScyllaDB

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

FIDO Alliance

ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...

FIDO Alliance

Design Guidelines for Passkeys 2024.pptx

FIDO Alliance

Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.

2024 May Patch Tuesday

Ivanti

Dernier (20)

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

The Zero-ETL Approach: Enhancing Data Agility and Insight

Using IESVE for Room Loads Analysis - UK & Ireland

Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside

Overview of Hyperledger Foundation

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

JavaScript Usage Statistics 2024 - The Ultimate Guide

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...

Intro to Passkeys and the State of Passwordless.pptx

Introduction to FIDO Authentication and Passkeys.pptx

Intro in Product Management - Коротко про професію продакт менеджера

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...

Extensible Python: Robustness through Addition - PyCon 2024

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

Google I/O Extended 2024 Warsaw

Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...

Design Guidelines for Passkeys 2024.pptx

2024 May Patch Tuesday

Adequate securitynew1404.019

1. WHAT IS AN ADEQUATE LEVEL OF SECURITY? Wivenhoe Management Group

2. What is an Adequate Level of Security? There is clearly a substantial difference in protecting a facility from persons intent on destroying the infrastructure to those intent on defacing it. Defining that difference is critical Wivenhoe Management Group

3. Factors That Determine An Adequate Level of Security 1. Type of Facility 2. Cost 3. Risk Acceptance 4. Insurance Requirements 5. SVA Recommendations 6. Liability Wivenhoe Management Group

4. Factors That Determine An Adequate Level of Security 1. Basis of Security Understanding 2. Threat Level 3. Accepted Security Industry Standards & Practice 4. Legal Compliance 5. Environment 6. Incident History 7. Other Wivenhoe Management Group

5. Basis of Security Understanding Sandia - Detect, Delay, Respond DHS - Deter, Detect, Delay, Respond Security Industry Experience Keep the Problem Out Deter the Problem Elsewhere Wivenhoe Management Group

6. Threat Level Crime Rate Statistics • Homicide • Rape • Robbery • Aggravated Assault • Crimes Against Persons • Burglary • Larceny • Motor Vehicle Theft • Crimes Against Property Wivenhoe Management Group

7. Accepted Security Industry Standards & Practices Design Criteria Properly Maintained Equipment Training Manufacturer Authorized Installers Proper Lighting Accepted System Design Current Software & Firmware Wivenhoe Management Group

8. Accepted Security Industry Standards & Practices As Built Drawings Response Time to System Failure Back-Up Power Systems Meeting Federal & Local Codes Minimum Video Recording Time Schedules Identifying Types & Quantities of Security Panels Wivenhoe Management Group

9. Accepted Security Industry Standards & Practices Due Diligence Related to Contractors Clear Definition of Performance Requirements Required Installation Permits Electric Surge Protection Wivenhoe Management Group

10. Legal Compliance • Specific Industry Security Requirements • Data Security Requirements • Physical Security Requirements Wivenhoe Management Group

11. Incident History • Five (5) Year History • Type of Incident • Actions Taken • Incident/Serious Breach Wivenhoe Management Group

12. Liability • Standard Law Suit • Negligence • Gross Negligence • Repercussions Wivenhoe Management Group

13. Environment • Crime Rates • Type of Crime Category • Transportation Hub • Nearby Targets • Sensitive Border • Target Vantage Point Wivenhoe Management Group

14. Type of Facility • Hazardous • Strategic Value • Age & Condition • Key Infrastructure • Research Facility • Communication Hub Wivenhoe Management Group

15. Cost • Cost, the Leading Factor • Cost, a Double-Edged Sword • Cost, Lowest Bidder • Cost, Technology Changes Wivenhoe Management Group

16. Risk Acceptance Higher Risk = Less Cost Lower Risk Safe Choice Difference is Liability Wivenhoe Management Group

17. Insurance Concerns Escalating Medical Costs Increasing Value of Assets Ever Present Terrorism Wivenhoe Management Group

18. Insurance Requirements UL Certified Alarm System Data Security Compliance Safety Compliance Cyber Crime Prevention Active Shooter Containment Wivenhoe Management Group

19. SVA Requirements What is an SVA? Security Vulnerability Assessment Wivenhoe Management Group

20. Why Perform An SVA? • Threat Level • Critical Assets • Findings & Recommendations • Federal Grant Funding • Customer Confidence Wivenhoe Management Group

21. Why Perform An SVA? • Counter Liability • Phased Solution • Emergency Planning & Response – Active Shooter – Bomb Threat • Measured Response Wivenhoe Management Group

22. SUMMARY Basis of Security • Deter Detect Delay Respond • Detect Delay Respond Wivenhoe Management Group

23. SUMMARY Many Factors Threat Level Legal Compliance Accepted Standards Environment Incident History Liability Facility Type Risk Acceptance Insurance Cost Security Vulnerability Assessment Wivenhoe Management Group

24. SUMMARY More Important Factors Threat Level Liability Facility Type Legal Compliance Wivenhoe Management Group

25. QUESTIONS Questions can be sent to: David McCann Principal Consultant Wivenhoe Management Group dmccann@wivenhoegroup.com www.wivenhoegroup.com Wivenhoe Management Group

Adequate securitynew1404.019

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Adequate securitynew1404.019

Similaire à Adequate securitynew1404.019 (20)

Dernier

Dernier (20)

Adequate securitynew1404.019