2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
1. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Taking a Holistic Approach to
Cybersecurity
Abu Sadeq
Founder & CEO
Zartech
Nov 10, 2017
2. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
About me
• Currently Founder & CEO of Zartech – a cybersecurity
products and advisory services company
• Also work as ‘Fractional CISO’ for several companies
• Over 20+ years in the technology space within
diverse industries
• Creator of Cyberator - a best-of-breed
cybersecurity assessment tool
2
3. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Who invented the Internet?
3
4. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
The Birthplace of Internet
4
Room 3420 at the University of
California, Los Angeles’s Boetler
Hall.
Back in 1969 the Advanced
Research Projects Agency
Network (ARPANET) which
developed the network that
became the basis for the
Internet.
6. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
The Internet Today
6
- Google has indexed over 50 billion webpages
- 3.8 Billion Internet users in June 30, 2017
- 2.8 Billion active social media users
- 8.4 Billion Connected "Things" in Use and
expected to be >25 Billion by 2020
- 1.6 Billion users purchasing via e-commerce
- Digital data stored in the cloud is 16.1 zettabytes
9. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
We need a holistic approach
9
10. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Start by taking a 360 view
of your security program
10
11. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
NIST Cybersecurity Framework (CSF)
11
Tex
t
Tex
t
Tex
t
Tex
t
Protect
Detect
Respond
Recover Identify
Identify: What's the organization's
understanding to managing
cybersecurity risk to systems, assets,
data, and capabilities
Protect: What appropriate
safeguards have been developed
and implemented to ensure
delivery of critical infrastructure
services
Detect: What appropriate activities
have been developed and implemented
to identify the occurrence of a
cybersecurity event
Respond: What appropriate activities
have been develop and implemented to
take action regarding a detected
cybersecurity event
Recover: What appropriate activities
have been developed and implemented to
maintain plans for resilience and to restore
any capabilities or services that were
impaired due to a cybersecurity event
NIST
Cybersecurity
Framework
Tex
t
13. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Purpose of the NIST CSF
13
14. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Function: Identify
14
What's the organization's
understanding to managing
cybersecurity risk to systems,
assets, data, and capabilities?
15. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Function: Protect
15
What appropriate safeguards
have been developed and
implemented to ensure
delivery of critical
infrastructure services?
16. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Function: Detect
16
What appropriate activities
have been developed and
implemented to identify the
occurrence of a cybersecurity
event?
17. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Function: Respond
17
What appropriate activities
have been develop and
implemented to take action
regarding a detected
cybersecurity event?
18. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
Function: Recover
18
What appropriate activities have
been developed and
implemented to maintain plans
for resilience and to restore any
capabilities or services that were
impaired due to a cybersecurity
event?
19. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
19
A number of studies show that
implementation of these seven
Controls provides an effective
defense against the most
common cyber attacks (~90% of
attacks).
20. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
7 controls for effective defense
#1. Implementing a formal information security
governance approach
#2. Inventory of Authorized & Unauthorized Devices
#3. Inventory of Authorized & Unauthorized Software
#4. Secure Configurations for Hardware & Software on
Mobile Devices, Laptops, Workstations, & Servers
#5. Continuous Vulnerability Assessment & Remediation
#6. Controlled Use of Administrative Privileges
#7. User Education & Awareness
20
21. NTXISSA Cyber Security Conference – November 10-11, 2017
@NTXISSA #NTXISSACSC5
21
Thank you