No InfoSec Staff? No Problem - Addressing Security Challenges Without Dedicated Personnel
via YouTube
Overview
Syllabus
Intro
NO INFO SEC STAFF? NO PROBLEM.
Evolving Threat Landscape Numerous attack vectors Sophisticated malware Zero day vulnerabilities [O-dayl Denial of Service DDOS Advanced Persistent Threats APT] Advanced Social Engineering Watering holes Ransomware Cybercriminal malware market Numerous types of threat actors Sell My Soul Drivers Summary of Challenges
What information is required to assess risk? Corporate information technology assets • Information systems vulnerabilities - Probability of vulnerabilities being exploited Impact of loss resulting from exploit
Employee security awareness Segregation of duties and least privilege & Acceptable use Use of removable media Mobile device and wireless usage Data backup and retention Security track on all IT projects Compliance specific