Adequate securitynew1404.019

•Descargar como PPTX, PDF•

1 recomendación•569 vistas

Wivenhoe Management Group

Tecnología Empresariales

What is an Adequate Level of
Security?
There is clearly a substantial difference in
protecting a facility from persons intent on
destroying the infrastructure to those
intent on defacing it.
Defining that difference is critical
Wivenhoe Management Group

Factors That Determine An
Adequate Level of Security
1. Type of Facility
2. Cost
3. Risk Acceptance
4. Insurance Requirements
5. SVA Recommendations
6. Liability
Wivenhoe Management Group

Factors That Determine An
Adequate Level of Security
1. Basis of Security Understanding
2. Threat Level
3. Accepted Security Industry Standards & Practice
4. Legal Compliance
5. Environment
6. Incident History
7. Other
Wivenhoe Management Group

Basis of Security Understanding
Sandia - Detect, Delay, Respond
DHS - Deter, Detect, Delay, Respond
Security Industry Experience
Keep the Problem Out
Deter the Problem Elsewhere
Wivenhoe Management Group

Threat Level
Crime Rate Statistics
• Homicide
• Rape
• Robbery
• Aggravated Assault
• Crimes Against Persons
• Burglary
• Larceny
• Motor Vehicle Theft
• Crimes Against Property
Wivenhoe Management Group

Accepted Security Industry
Standards & Practices
Design Criteria
Properly Maintained Equipment
Training
Manufacturer Authorized Installers
Proper Lighting
Accepted System Design
Current Software & Firmware
Wivenhoe Management Group

Accepted Security Industry
Standards & Practices
As Built Drawings
Response Time to System Failure
Back-Up Power Systems
Meeting Federal & Local Codes
Minimum Video Recording Time
Schedules Identifying Types &
Quantities of Security Panels
Wivenhoe Management Group

Accepted Security Industry
Standards & Practices
Due Diligence Related to Contractors
Clear Definition of Performance
Requirements
Required Installation Permits
Electric Surge Protection
Wivenhoe Management Group

Legal Compliance
• Specific Industry Security
Requirements
• Data Security Requirements
• Physical Security Requirements
Wivenhoe Management Group

Incident History
• Five (5) Year History
• Type of Incident
• Actions Taken
• Incident/Serious Breach
Wivenhoe Management Group

Liability
• Standard Law Suit
• Negligence
• Gross Negligence
• Repercussions
Wivenhoe Management Group

Environment
• Crime Rates
• Type of Crime Category
• Transportation Hub
• Nearby Targets
• Sensitive Border
• Target Vantage Point
Wivenhoe Management Group

Type of Facility
• Hazardous
• Strategic Value
• Age & Condition
• Key Infrastructure
• Research Facility
• Communication Hub
Wivenhoe Management Group

Cost
• Cost, the Leading Factor
• Cost, a Double-Edged Sword
• Cost, Lowest Bidder
• Cost, Technology Changes
Wivenhoe Management Group

Risk Acceptance
Higher Risk = Less Cost
Lower Risk Safe Choice
Difference is Liability
Wivenhoe Management Group

Insurance Concerns
Escalating Medical Costs
Increasing Value of Assets
Ever Present Terrorism
Wivenhoe Management Group

Insurance Requirements
UL Certified Alarm System
Data Security Compliance
Safety Compliance
Cyber Crime Prevention
Active Shooter Containment
Wivenhoe Management Group

SVA Requirements
What is an SVA?
Security Vulnerability Assessment
Wivenhoe Management Group

Why Perform An SVA?
• Threat Level
• Critical Assets
• Findings & Recommendations
• Federal Grant Funding
• Customer Confidence
Wivenhoe Management Group

Why Perform An SVA?
• Counter Liability
• Phased Solution
• Emergency Planning & Response
– Active Shooter
– Bomb Threat
• Measured Response
Wivenhoe Management Group

SUMMARY
Basis of Security
• Deter Detect Delay Respond
• Detect Delay Respond
Wivenhoe Management Group

SUMMARY
Many Factors
Threat Level Legal Compliance
Accepted Standards Environment
Incident History Liability
Facility Type Risk Acceptance
Insurance Cost
Security Vulnerability Assessment
Wivenhoe Management Group

SUMMARY
More Important Factors
Threat Level
Liability
Facility Type
Legal Compliance
Wivenhoe Management Group

QUESTIONS
Questions can be sent to:
David McCann
Principal Consultant
Wivenhoe Management Group
dmccann@wivenhoegroup.com
www.wivenhoegroup.com
Wivenhoe Management Group

Más contenido relacionado

La actualidad más candente

Risk Management Methodology - Copy

Rabah Odeh ITIL 5.0-OCP-CISA-PMP-OCP..etc

Wastewater Workshop Presentation 2007[2 R]

Wivenhoe Management Group

Cyber Resilience: Managing Cyber Shocks

Phil Huggins FBCS CITP

In 2017, Resolver acquired RiskVision—a recognized leader in integrated risk management software for security operations. In this presentation you will learn how to prioritize efforts around risk mitigation and response to cyber threats. You’ll also learn where we’re heading on the product roadmap and how it will drive your IT efficiency even further and make it easier to share real-time information with your C-suite, board, and other stakeholders.

An Intro to Resolver's InfoSec Application (RiskVision)

Resolver Inc.

ComResource - NW Agent Cybersecurity

Anthony Dials

Risk Assessment And Management

vikasraina

Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...

Citrin Cooperman

Cyber–supply chain risks pose a new set of challenges for businesses (loss of critical IP, unwanted functionality in products) which jeopardize brand reputation and shareholder value. This session will present case study research from NIST on cutting-edge practices and tools that today’s industry leaders in supply chain risk management are deploying to secure their supply chains from end to end. (Source: RSA USA 2016-San Francisco)

Integrating Cybersecurity into Supply Chain Risk Management

Priyanka Aash

Risk Assessments

JoAnna Cheshire

Pitfalls of Cyber Data

Phil Huggins FBCS CITP

Resilience is the new cyber security

Phil Huggins FBCS CITP

Bay Dynamics

Meg Vorland

Vendor Cybersecurity Governance: Scaling the risk

Sarah Clarke

The Measure of Success: Security Metrics to Tell Your Story

Priyanka Aash

Proactive incident response

Brian Honan

Managing Insider Risk

Phil Huggins FBCS CITP

IT Security management and risk assessment

CAS

OWASP based Threat Modeling Framework

Chaitanya Bhatt

Cyber Resilience

Phil Huggins FBCS CITP

Countering Cyber Threats

Phil Huggins FBCS CITP

La actualidad más candente (20)

Risk Management Methodology - Copy

Wastewater Workshop Presentation 2007[2 R]

Cyber Resilience: Managing Cyber Shocks

An Intro to Resolver's InfoSec Application (RiskVision)

ComResource - NW Agent Cybersecurity

Risk Assessment And Management

Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...

Integrating Cybersecurity into Supply Chain Risk Management

Risk Assessments

Pitfalls of Cyber Data

Resilience is the new cyber security

Bay Dynamics

Vendor Cybersecurity Governance: Scaling the risk

The Measure of Success: Security Metrics to Tell Your Story

Proactive incident response

Managing Insider Risk

IT Security management and risk assessment

OWASP based Threat Modeling Framework

Cyber Resilience

Countering Cyber Threats

Similar a Adequate securitynew1404.019

Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015

Joe Bartolo

Wasn't expecting that! Now what?

Jisc

Security architecture frameworks

John Arnold

Stay Ahead of Threats with Advanced Security Protection - Fortinet

MarcoTechnologies

Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...

North Texas Chapter of the ISSA

Enterprise under attack dealing with security threats and compliance

SPAN Infotech (India) Pvt Ltd

ION-E Defense In Depth Presentation for The Institiute of Internal Auditors

mdagrossa

Undertake the Risk Analysis Policy

Komal Zahra

There's a data explosion underway and it's a lucrative market for cyber criminals. Charities with their complex contexts and valuable data are an obvious target and so it's essential Cyber threats are addressed in Charities' risk strategies. This presentation set outs the current situation, what the potential consequences are and who could be impacted before explaining what can be done about it and how to approach the challenge. Presentation to representatives from the UK Charities sector at the Charity Finance Group's annual IT, Data, Insights and Cyber Security Conference.

Cyber Attacks aren't going away - including Cyber Security in your risk strategy

James Mulhern

The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt

John D. Johnson

Threat Based Risk Assessment

Michael Lines

Cyber Security 2016 Cade Zvavanjanja1

Cade Zvavanjanja

Risk Management (1) (1).ppt

AjjuSingh2

Focusing on the Threats to the Detriment of the Vulnerabilities

Roger Johnston

Presented by: Andrew Plato, Anitian Abstract: Understanding, managing and responding to risk is one of the core functions of any information security program. However, for many organizations risk assessment is cumbersome and time consuming process. IT leaders, as well as security regulations, are demanding risk management practices that can deliver quick and actionable results. Rapid Risk Assessment is a new approach to risk management that dramatically reduces the time, effort, and complexity for IT security risk assessment. Using the existing principles of risk management defined in NIST 800-30 documents, Rapid Risk Assessment can deliver more actionable and reliable results empowering business leaders to make sound decisions about risk. The key to this approach is a unique combination of skills, organization, and documentation that accelerates every aspect of the risk management process. This presentation shows why current risk management tactics are failing and how Rapid Risk Assessment can correct those deficiencies.

Rapid Risk Assessment: A New Approach to Risk Management

EnergySec

Maintaining, verifying, and demonstrating compliance with regulatory requirements, whether PCI DSS, HIPAA, GLBA or others, is far from a trivial exercise. Proving compliance with these requirements often translates into a lot of manual and labor-intensive tasks – chasing down discrepancies in asset inventory spreadsheets, remediating critical vulnerabilities, and weeding through log data trying to make sense of it all. In fact, you may need to consult at least a dozen different tools to assemble the security controls and reports you need. Compliance doesn't have to be so hard. Review this presentation to learn: - Common audit compliance failures - A pre-audit checklist to help you plan and prepare - Core security capabilities needed to demonstrate compliance - How to simplify compliance with a unified approach to security

How to Simplify Audit Compliance with Unified Security Management

AlienVault

Security Site Surveys and Risk Assessments

Enterprise Security Risk Management

2015 Global Threat Intelligence Report - an analysis of global security trends

DImension Data

Assuring Reliable and Secure IT Services

tsaiblake

My_notes_part1.pdf

PhilLopez4

Similar a Adequate securitynew1404.019 (20)

Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015

Wasn't expecting that! Now what?

Security architecture frameworks

Stay Ahead of Threats with Advanced Security Protection - Fortinet

Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...

Enterprise under attack dealing with security threats and compliance

ION-E Defense In Depth Presentation for The Institiute of Internal Auditors

Undertake the Risk Analysis Policy

Cyber Attacks aren't going away - including Cyber Security in your risk strategy

The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt

Threat Based Risk Assessment

Cyber Security 2016 Cade Zvavanjanja1

Risk Management (1) (1).ppt

Focusing on the Threats to the Detriment of the Vulnerabilities

Rapid Risk Assessment: A New Approach to Risk Management

How to Simplify Audit Compliance with Unified Security Management

Security Site Surveys and Risk Assessments

2015 Global Threat Intelligence Report - an analysis of global security trends

Assuring Reliable and Secure IT Services

My_notes_part1.pdf

Último

TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...

marcuskenyatta275

ERP Contender Series: Acumatica vs. Sage Intacct

BrainSell Technologies

Design Guidelines for Passkeys 2024.pptx

FIDO Alliance

WebRTC and SIP not just audio and video @ OpenSIPS 2024

Lorenzo Miniero

Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...

ScyllaDB

ADP Passwordless Journey Case Study.pptx

FIDO Alliance

Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside

Stefan Dietze

Delivered by Michael Down at Gartner Data & Analytics Summit London 2024 - Your enemies use GenAI too: Staying ahead of fraud with Neo4j. Fraudsters exploit the latest technologies like generative AI to stay undetected. Static applications can’t adapt quickly enough. Learn why you should build flexible fraud detection apps on Neo4j’s native graph database combined with advanced data science algorithms. Uncover complex fraud patterns in real-time and shut down schemes before they cause damage.

Your enemies use GenAI too - staying ahead of fraud with Neo4j

Neo4j

Working together SRE & Platform Engineering

Marcus Vechiato

ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...

FIDO Alliance

Intro in Product Management - Коротко про професію продакт менеджера

Mark Opanasiuk

Portal Kombat : extension du réseau de propagande russe

中央社

Hyatt driving innovation and exceptional customer experiences with FIDO passw...

FIDO Alliance

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf

FIDO Alliance

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

FIDO Alliance

Using IESVE for Room Loads Analysis - UK & Ireland

IES VE

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

FIDO Alliance

Oauth 2.0 Introduction and Flows with MuleSoft

shyamraj55

State of the Smart Building Startup Landscape 2024!

Memoori

Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...

FIDO Alliance

Adequate securitynew1404.019

1. WHAT IS AN ADEQUATE LEVEL OF SECURITY? Wivenhoe Management Group

2. What is an Adequate Level of Security? There is clearly a substantial difference in protecting a facility from persons intent on destroying the infrastructure to those intent on defacing it. Defining that difference is critical Wivenhoe Management Group

3. Factors That Determine An Adequate Level of Security 1. Type of Facility 2. Cost 3. Risk Acceptance 4. Insurance Requirements 5. SVA Recommendations 6. Liability Wivenhoe Management Group

4. Factors That Determine An Adequate Level of Security 1. Basis of Security Understanding 2. Threat Level 3. Accepted Security Industry Standards & Practice 4. Legal Compliance 5. Environment 6. Incident History 7. Other Wivenhoe Management Group

5. Basis of Security Understanding Sandia - Detect, Delay, Respond DHS - Deter, Detect, Delay, Respond Security Industry Experience Keep the Problem Out Deter the Problem Elsewhere Wivenhoe Management Group

6. Threat Level Crime Rate Statistics • Homicide • Rape • Robbery • Aggravated Assault • Crimes Against Persons • Burglary • Larceny • Motor Vehicle Theft • Crimes Against Property Wivenhoe Management Group

7. Accepted Security Industry Standards & Practices Design Criteria Properly Maintained Equipment Training Manufacturer Authorized Installers Proper Lighting Accepted System Design Current Software & Firmware Wivenhoe Management Group

8. Accepted Security Industry Standards & Practices As Built Drawings Response Time to System Failure Back-Up Power Systems Meeting Federal & Local Codes Minimum Video Recording Time Schedules Identifying Types & Quantities of Security Panels Wivenhoe Management Group

9. Accepted Security Industry Standards & Practices Due Diligence Related to Contractors Clear Definition of Performance Requirements Required Installation Permits Electric Surge Protection Wivenhoe Management Group

10. Legal Compliance • Specific Industry Security Requirements • Data Security Requirements • Physical Security Requirements Wivenhoe Management Group

11. Incident History • Five (5) Year History • Type of Incident • Actions Taken • Incident/Serious Breach Wivenhoe Management Group

12. Liability • Standard Law Suit • Negligence • Gross Negligence • Repercussions Wivenhoe Management Group

13. Environment • Crime Rates • Type of Crime Category • Transportation Hub • Nearby Targets • Sensitive Border • Target Vantage Point Wivenhoe Management Group

14. Type of Facility • Hazardous • Strategic Value • Age & Condition • Key Infrastructure • Research Facility • Communication Hub Wivenhoe Management Group

15. Cost • Cost, the Leading Factor • Cost, a Double-Edged Sword • Cost, Lowest Bidder • Cost, Technology Changes Wivenhoe Management Group

16. Risk Acceptance Higher Risk = Less Cost Lower Risk Safe Choice Difference is Liability Wivenhoe Management Group

17. Insurance Concerns Escalating Medical Costs Increasing Value of Assets Ever Present Terrorism Wivenhoe Management Group

18. Insurance Requirements UL Certified Alarm System Data Security Compliance Safety Compliance Cyber Crime Prevention Active Shooter Containment Wivenhoe Management Group

19. SVA Requirements What is an SVA? Security Vulnerability Assessment Wivenhoe Management Group

20. Why Perform An SVA? • Threat Level • Critical Assets • Findings & Recommendations • Federal Grant Funding • Customer Confidence Wivenhoe Management Group

21. Why Perform An SVA? • Counter Liability • Phased Solution • Emergency Planning & Response – Active Shooter – Bomb Threat • Measured Response Wivenhoe Management Group

22. SUMMARY Basis of Security • Deter Detect Delay Respond • Detect Delay Respond Wivenhoe Management Group

23. SUMMARY Many Factors Threat Level Legal Compliance Accepted Standards Environment Incident History Liability Facility Type Risk Acceptance Insurance Cost Security Vulnerability Assessment Wivenhoe Management Group

24. SUMMARY More Important Factors Threat Level Liability Facility Type Legal Compliance Wivenhoe Management Group

25. QUESTIONS Questions can be sent to: David McCann Principal Consultant Wivenhoe Management Group dmccann@wivenhoegroup.com www.wivenhoegroup.com Wivenhoe Management Group

Adequate securitynew1404.019

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Adequate securitynew1404.019

Similar a Adequate securitynew1404.019 (20)

Último

Último (20)

Adequate securitynew1404.019