Beruflich Dokumente
Kultur Dokumente
Presented by:
Michael Weaver, CISSP, QSA
Sword & Shield Enterprise Security
October 6, 2015
Who am I?
Senior Enterprise Consultant at Sword &
Shield
Started hacking around the age of 12 on
a Windows 3.11 machine using a 14.4k
modem
Started a professional IT career doing
systems and network administration in
2002
2
Audits
Evidence
Policies and Procedures to show that the organization has set
expectations and communicated them to the appropriate parties.
Standard sets of supporting documents, such as diagrams, logs,
screen shots, configuration files, etc., are requested in every
engagement. However, I dig a lot deeper when you make
extraordinary claims or hide something.
Interviews with people who setup the controls protecting the
information.
Observations of the work areas and the secure areas where the
information is stored, processed, or transmitted.
Verification through action.
6
Technology Solutions
Basic Firewall
Web Application Firewall
Multifactor
Biometric
Web Filter
MSSP/SIEM
DDoS Mitigation
Mobile Device
Management
Password Management
Update Management
IDS/IPS
Backup Solutions
Email Archiving
DR Sites
Whitelisting
Enterprise Wireless
Data Loss Prevention
Vulnerability Scanning
Secure File Transfer
NAC
Inventory Managemen
FIM
10
Steps to Success
1. Senior leadership within the organization must
understand and support security decisions or they will fail.
2. Everyone in the organization must know their
responsibilities and ownership in the security program.
3. You need visibility and knowledge of how information
flows through the business.
4. Identify and address all risks to your information. All
identified risks will be accepted, avoided, mitigated, or
transferred.
5. Develop a security plan and set goals to obtain a strong
security posture.
6. Get help when you need it. Training, 3 rd parties, and
additional staff can provide additional knowledge,
expertise, and resources.
11
Questions
?
12
Thank you!
13