Professional Documents
Culture Documents
Cybersecurity Management Webinar Slides Week 1
Cybersecurity Management Webinar Slides Week 1
Management
Webinar 1
Effective and Efficient Cybersecurity
Jeremy Koster
1
Mentor Introduction
• Jeremy Koster
• 20 years in IT
• Over 10 Years in Information Security
• Qualifications
• Experience
• Lecturing for IT Masters and CSU for 4 years
2
House Keeping
Webinars
•
– GoToWebinar
– Wednesday 8:30pm AEST
The Forum
•
Lively discussions are encouraged
–
Weekly homework
–
Weekly discussion questions
–
The Exam
•
40 multiple choice questions
–
Enquiries and questions
•
– Course topics – Mentor
Student Administration for everything else
–
3
Related Certifications
4
The Cybersecurity Manager
5
The Enterprise Landscape
6
What is at Stake?
7
The Threat Landscape
• International exposure
• Anonymity
• Automation and weaponisation
• Comoditisation of Cybercrime actors
– Developers
– Hackers
– Mules
– Botnets and zombies
– Organisers
8
The Attackers
• Internal
– Disgruntled employees, drugs, gambling and fraud
– Accidental and inadvertent
• External
– Funded criminals
– State sponsored agents
– Activists
– Bored teens
9
Breaches in the News
11
Information Security Risk
12
The CIA Objectives
13
Communication is Key
1. Actor
– Bad guy, good guy
– External, internal
– Incidental, malicious
2. Negative impact
– Expose
– Unauthorised access
– Loss of service
– Loss of data
3. Asset
– Confidential information
– Privileged function or business functionality
16
Threat Scenarios - Examples
• Vulnerability – Big “delete all” button right next to the “update record” button in
the customer relationship manager application.
• Threat Scenario – A staff member may accidentally delete the full customer
database.
17
Policies and Standards
• Baseline
– Technology and vendor specific
– Technical configuration to maintain security
– Examples
• RHEL build standard
• Windows 10 secure build configuration
• Plans
– What to do when a specific issue occurs
– Contains responsibilities and contacts
– Examples:
• Incident response plan
• Business continuity plan
19
Discussion Questions
1. Are threats to modern organisations increasing or
decreasing?