MNSA MATERIAL Exploring The Landscape of The Phil Cybersecurity

Exploring the Landscape of Philippine Cybersecurity
www.SCIPPinternational.org
Understanding the Risk and Taking Appropriate Steps to Mitigate Cybersecurity Threats
Freddy Tan, CISSP Chairperson, (ISC) Board of Directors
2006-2011 SCIPP International, Inc. All Rights Reserved.

Copyright 1989 2013 (ISC)2 All Rights Reserved
(ISC)2 Overview & Background
Global leaders in certifying and educating information security professionals with the CISSP and related concentrations, CSSLP, CAP, and SSCP.
Formed in 1989, not-for-profit consortium of industry leaders.

Over 86,600 certified professionals in over 135 countries. Board of Directors - top information security professionals worldwide. All of the information security credentials are accredited ANSI/ISO/IEC Standard 17024 with the CISSP being the first technology-related credential to receive this accreditation.
Copyright 1989 2010, (ISC)2 All Rights Reserved
Click to edit Master title style
(ISC)2 Overview & Background

Palm Harbor Headquarters
London (Europe)
Hong Kong (Asia)
Virginia (America)

4 Regional Offices
Tokyo (Japan)
Membership Honor Roll 2013

1000+ Australia Canada (2) Germany Hong Kong India Japan(1) Korea, South Netherlands Singapore (1)
United Kingdom
United States (5)
500+
China France Switzerland
200+
Brazil
Belgium Denmark Finland (1) (1)
Ireland (1)
Israel
Italy
Malaysia
Mexico
Poland Saudi Arabia South Africa (1)
Spain
Sweden
Taiwan
United Arab Emirates

100+
Copyright 1989 2010, (ISC)2 All Rights Reserved Argentina Austria Columbia New Zealand Nigeria Norway Russia Thailand Turkey
Number of (ISC) Members in Various Asian As of July 2011 Economies

Total worldwide member: 75,000+
2500 2000 1500 1000 500
(ISC) Credential Positioning / Career Path
What is Cyber Security?

Why do I care about cyber security?
How can I make a difference?

PROPERTIES Allow user to leave interaction: Show Next Slide Button: Completion Button Label:
After viewing all the steps Show upon completion Next Slide
Business Requirements
Information systems
Support business processes Store and process sensitive and critical data Are available to almost everyone
Information stored on all types of media

Best Business Practices (1-5)

1. Incident Reporting Who and When to Call 2. Access Controls Never Share with Others
3. Malicious Code Think Before You Click

4. Internet Avoid Communications Hazards 5. Asset Management Secure Your Valuables


6. Human Factor Its All About the People
7. Physical Security Protect Your Workplace

8. Social Engineering Dont be Fooled 9. Business Continuity Survival of the Business 10. Policies/Compliance Your Responsibilities

1. Incident Reporting Who and When to Call

Prompt identification and response is key Know

Who to call When to call What to do
Dont alter or turn off your system

2. Access Controls Never Share with Others

First line of defense Passwords

Most common Weakest form
Other access controls

Tokens Smart cards Biometrics

Password Selection Criteria

MUST be kept private! Easy to remember

Dont write it down Something personal Meets company standards
PATRIOTS
(Weak)
P@tr10ts
(Strong)
Hard to guess
Use both uppercase and lowercase letters Substitute characters for letters (e.g., @ for a) Substitute numbers for letters (e.g., 1 for i)

Log Off and Protect Your Screen

Lock computers when away Terminate sessions when finished Beware of shoulder surfing


What happens if you click on that link?

Virus Worm Trojan horse Logic bomb Keystroke logger
Think before you click!

4. The Internet Avoid Communications Hazards

Who are you really chatting with? ID Theft Should you click that ad? Phishing Secure connections

Safely Surfing the World Wide Web

Be very careful! Sites may contain hidden programs Never change your security settings Dont download unknown files Spyware/Adware Cookies

Email and Instant Messages

Confidential information Permanent record Business purposes Networking and chat

Email SPAM
Sometimes dangerous Activate SPAM folders Do not open email from unknown senders Do not open attachments or links in those emails

Portable Storage
Can be a risk to sensitive corporate data Use only when permitted

Mobile Devices
Notebooks, tablets, etc. Tele-commuting, traveling, personal systems, and acceptable use

Smartphones
Contain personal or corporate data

Pictures of confidential data
Threat of theft/loss

Wireless Equipment
Must be used carefully Follow local policy Enable security measures Use encrypted VPN (virtual private network)

5. Asset Management Protect Your Valuables

Asset an item of value Asset management

Identify Track Classify Assign ownership
Information assets Human assets

Information Classification
Identifies sensitive or critical information Have procedures for sensitive information

Protect Process Store Transmit

Data Backup
How much data are you willing to lose? Backup data, operating systems, applications, and configurations Automated saves


Do Your Part
Be aware Recognize suspicious activities Follow procedures Ask if youre not sure
If in doubt, call the appropriate security office

Monitoring and Supervision

Insider threats
Watch for suspicious activity Report abnormal behavior
Pay attention to vendors and consultants


7. Physical Security Protect Your Workplace

Physical access can overcome almost all other controls Know the identity of visitors Lock it up

Entry Controls
Beware of tailgating Issue badges to visitors Display badges Report lost credentials

Physical Protection
Need to protect from loss, damage, and theft Power surges and spikes Manmade and natural threats

8. Social Engineering Dont Be Fooled

Easiest form of hacking Dont be manipulated or persuaded When in doubt, follow policy and report an incident

Identity Theft
Stealing your identity

Personal information Banking details Credit cards
Takes hundreds of hours to fix

Phishing Attacks

Dumpster Diving
Retrieving sensitive information from garbage dumpsters In most jurisdictions, its not against the law

9. Business Continuity Staying in Business

Be prepared for problems Know your role Know who to call

10. Policies/Compliance Your Responsibilities

Be aware of and follow your

Organizations policies Compliance requirements
Education FERPA Energy FERC/NERC Financial Services FFIEC Healthcare HIPAA Retail PCI-DSS U.S. Government FISMA Workforce Safety and Security

Privacy
Personally Identifiable Information (PII) Policies, awareness, and controls


1. Incident Reporting Who and When to Call 2. Access Controls Never Share with Others

4. Internet Avoid Communications Hazards 5. Asset Management Secure Your Valuables



7. Physical Security Protect Your Workplace 8. Social Engineering Dont be Fooled 9. Business Continuity Survival of the Business 10. Policies/Compliance Your Responsibilities

End-User Security Awareness Course Summary

Cyber security is important We ALL have a role Be security aware!
Do the right things right!

For more information, please contact:
Mr Clayton Jones, Managing Director, Asia-Pacific, (ISC)2

cjones@isc2.org
Member Support

membersupport@isc2.org
Thank you!
"All that is necessary for the triumph of evil is that good men do nothing.",
Click to edit Master Edmund titleBurke, style 1729 -1797

MNSA MATERIAL Exploring The Landscape of The Phil Cybersecurity

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MNSA MATERIAL Exploring The Landscape of The Phil Cybersecurity

Uploaded by

Copyright:

Available Formats

Exploring the Landscape of Philippine Cybersecurity

Freddy Tan, CISSP Chairperson, (ISC) Board of Directors

2006-2011 SCIPP International, Inc. All Rights Reserved.

(ISC)2 Overview & Background

Formed in 1989, not-for-profit consortium of industry leaders.

Click to edit Master title style

(ISC)2 Overview & Background

Hong Kong (Asia)

Click to edit Master title style

Copyright 1989 2010, (ISC)2 All Rights Reserved

Membership Honor Roll 2013

United States (5)

Belgium Denmark Finland (1) (1)

Poland Saudi Arabia South Africa (1)

United Arab Emirates

Click to edit Master title style

Number of (ISC) Members in Various Asian As of July 2011 Economies

2500 2000 1500 1000 500

Click to edit Master title style

Copyright 1989 2010, (ISC)2 All Rights Reserved

(ISC) Credential Positioning / Career Path

Click to edit Master title style

Copyright 1989 2010, (ISC)2 All Rights Reserved

What is Cyber Security?

Why do I care about cyber security?

How can I make a difference?

2006-2011 SCIPP International, Inc. All Rights Reserved.

Information stored on all types of media

2006-2011 SCIPP International, Inc. All Rights Reserved.

Best Business Practices (1-5)

3. Malicious Code Think Before You Click

2006-2011 SCIPP International, Inc. All Rights Reserved.

Best Business Practices (6-10)

6. Human Factor Its All About the People

7. Physical Security Protect Your Workplace

2006-2011 SCIPP International, Inc. All Rights Reserved.

1. Incident Reporting Who and When to Call

Prompt identification and response is key Know

Dont alter or turn off your system

2006-2011 SCIPP International, Inc. All Rights Reserved.

2. Access Controls Never Share with Others

First line of defense Passwords

Other access controls

2006-2011 SCIPP International, Inc. All Rights Reserved.

Password Selection Criteria

MUST be kept private! Easy to remember

2006-2011 SCIPP International, Inc. All Rights Reserved.

Log Off and Protect Your Screen

2006-2011 SCIPP International, Inc. All Rights Reserved.

3. Malicious Code Think Before You Click

What happens if you click on that link?

Think before you click!

2006-2011 SCIPP International, Inc. All Rights Reserved.

4. The Internet Avoid Communications Hazards

2006-2011 SCIPP International, Inc. All Rights Reserved.

Safely Surfing the World Wide Web

2006-2011 SCIPP International, Inc. All Rights Reserved.

Email and Instant Messages

Confidential information Permanent record Business purposes Networking and chat

2006-2011 SCIPP International, Inc. All Rights Reserved.

2006-2011 SCIPP International, Inc. All Rights Reserved.

Can be a risk to sensitive corporate data Use only when permitted

2006-2011 SCIPP International, Inc. All Rights Reserved.