1 / 22

Securing Valuable Information: Protect your data that matter most! Tim Grelling March 2013

Securing Valuable Information: Protect your data that matter most! Tim Grelling March 2013. Introduction. Who am I? Based in the Philadelphia area InfoSec consultant for over 12 years Have assisted clients across every vertical, with every major compliance and security concern.

stacy
Download Presentation

Securing Valuable Information: Protect your data that matter most! Tim Grelling March 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Valuable Information:Protect your data that matter most!Tim GrellingMarch 2013

  2. Introduction • Who am I? • Based in the Philadelphia area • InfoSec consultant for over 12 years • Have assisted clients across every vertical, with every major compliance and security concern

  3. Core BTS Overview Office Locations 12 offices , 7 states Global Implementation 12 countries Impact Experience Transformation madison, WI milwaukee, WI appleton, WI indianapolis, IN nashville, TN exton, PA reading, PA somerville, NJ washington, DC new york city, NY long island, NY albany, NY

  4. Services Overview “Service Disciplines” PLAN BUILD DEPLOY OPERATE EXECUTE ENABLE ENVISION \ PRODUCT ARCHITECTURES COMMUNICATIONS DATACENTER CLOUD INFRASTRUCTURE VOICE VIRTUALIZATION PLATFORM UNIFIED MESSAGING UNIFIED STORAGE SOFTWARE MOBILITY & PRESENCE ARCHIVING & BACKUP SERVICES VIDEO CONFERENCING BUSINESS CONTINUITY SOCIAL TECHNOLOGIES NETWORKING

  5. Customer Snapshot SLED & HIGHER EDUCATION HEALTHCARE ENTERTAINMENT • FINANCIAL

  6. Overview • What “sensitive” data do schools have? • Schools present unique security challenges. • Typical issues encountered. • What can we do to reduce risk? • Staying secure on a school budget. …lots of content, moving quickly!

  7. Before we begin • Please help me avoid this… let’s collaborate!

  8. What are we protecting? • Schools differ with “how much” data they have, but they always have something • Employee data (SSN, DOB, etc.) • Student data (grades, DOB, etc.) • Internal operational data (processes, financials, etc.)

  9. Why protect our data? • We often hear, “We’re not a bank!” • …with the implication that we don’t need an elevated level of security • …that’s right! • InfoSec risks abound for schools: • Insider threats (students, employees) • Outsider threats (parents, random attackers) • Environmental threats (blizzards, storms, power disruptions, etc.)

  10. Breaches @School • While not as newsworthy as breaches in the financial sector, they occur

  11. Cultural Challenges • The School District environment presents unique IT challenges… • Priority of student enrichment above all else • Used to justify poor security practices • In the race to stay “cutting edge” we may implement technologies without assessing risk • Smart boards, laptops, tablets, smartphones…

  12. Cultural Challenges • The School District environment presents unique IT challenges… • Annual turnover of students, and related IT Accounts stresses our IT staff • Students sometimes retain email or some other access privileges post-graduation

  13. Cultural Challenges • The School District environment presents unique IT challenges… • How do you secure a 6 year old? • “Enterprise” security controls, such as strong passwords, aren’t an option

  14. Cultural Challenges • The School District environment presents unique IT challenges… • IT Staff are stretched thin • Often utilize “Technology Coordinators” to supplement at each location • IT spends substantial time “troubleshooting”

  15. Common Issues • While the K12 environment presents unique challenges, baseline security controls are universal • Patch Management weaknesses • Configuration/hardening weaknesses • Third Party Management weaknesses • Policy / Procedures DNE • Key takeaway: organizations often struggle with strong process

  16. What do we do?

  17. Effective security programs can be tough • Build-in security from the ground up! • Cheaper in the long run • We become “better” at security • Security add-ons lead to: • Non-functional Band-Aids… you may pass an audit, or think you’ve avoided incidents, but won’t have effective security • Dollars wasted on ineffective solutions – we could have done ANYTHING else with those dollars

  18. Back to the basics… • Certain themes crop up again and again: • Lack of security assessment • Lack of strong foundational security controls • Lack of understanding of sensitive data, and its location • Third party risks • These aren’t “easy,” but can be addressed

  19. Utilize Free Tools/Resources • http://sectools.org/ - Top 125 free and commercial security tools • http://cisecurity.org/ - Security Baselines • http://www.sans.org/security-resources/ - Little bit of everything

  20. Summary • The security battlefield is changing: • Laptops, smartphones, tablets enable our users and students but render some organizational controls useless • We need to be proactive with our controls - policy and process first, then education of end users, then implementation of widgets, if any • Understand your risk to make better business decisions

  21. Questions?

  22. Thank You! • I am very thankful for your valuable time. Tim Grelling Tim.Grelling@corebts.com 484-875-3247

More Related