Oct
16
Cyber Hygiene: Why the Fundamentals Matter
SEI Speaking Online Access FreeOct 16, 2019 · Webcast
Summary
In this webcast, as a part of National Cybersecurity Awareness Month, our experts will provide an overview of the concept of cyber hygiene, which addresses simple sets of actions that users can take to help reduce cybersecurity risks.
More Information
https://www.eventbrite.com/e/cyber-hygiene-why-the-fundamentals-matter-registration-74993947917Agenda
In this webcast, as a part of National Cybersecurity Awareness Month, our experts will provide an overview of the concept of cyber hygiene, which bears an analogy to the concept of hygiene in the medical profession. Like the practice of washing hands to prevent infections, cyber hygiene addresses simple sets of actions that users can take to help reduce cybersecurity risks. Matt Butkovic, Randy Trzeciak, and Matt Trevors will discuss what some of those practices are, such as implementing password security protocols and determining which other practices an organization should implement. Finally, they discuss the special case of phishing—which is a form of attack that can bypass technical safeguards and exploit people’s weaknesses—and how changes in behavior, understanding, and technology might address this issue.
Good cyber hygiene is important because an organization's threat landscape changes daily, and new variants of attacks on computer systems appear by the hour. The sheer number of security vulnerabilities in hardware, software, and underlying protocols—and in the dynamic threat environment—make it nearly impossible for most organizations to keep pace.
Threats aren't only technological, either. Hackers and other bad actors are adept at social engineering to gain access to systems and the information they house. Social engineering attacks can be a sophisticated phishing campaign, a sob story delivered to a customer service representative over the phone, or even an individual on-site claiming to be fixing the HVAC but actually planting a wireless-enabled device. The IT department alone can't mitigate social engineering attacks. It's a responsibility shared by everyone, from the C-suite to the most junior staff members, and you might never get all personnel on board.
At the CERT® Division of the SEI, our approach to cyber hygiene involves identifying the commonalities among these cyber practices and aligning them with the resilience management practices in the CERT Resilience Management Model (CERT-RMM). Resilience management is the application of the methodologies of the CERT-RMM, which is a capability-focused maturity model. Resilience management can be expressed in terms of establishing organization-appropriate levels of protection and sustainment capabilities.
Good cyber hygiene is important because an organization's threat landscape changes daily, and new variants of attacks on computer systems appear by the hour. The sheer number of security vulnerabilities in hardware, software, and underlying protocols—and in the dynamic threat environment—make it nearly impossible for most organizations to keep pace.
Threats aren't only technological, either. Hackers and other bad actors are adept at social engineering to gain access to systems and the information they house. Social engineering attacks can be a sophisticated phishing campaign, a sob story delivered to a customer service representative over the phone, or even an individual on-site claiming to be fixing the HVAC but actually planting a wireless-enabled device. The IT department alone can't mitigate social engineering attacks. It's a responsibility shared by everyone, from the C-suite to the most junior staff members, and you might never get all personnel on board.
At the CERT® Division of the SEI, our approach to cyber hygiene involves identifying the commonalities among these cyber practices and aligning them with the resilience management practices in the CERT Resilience Management Model (CERT-RMM). Resilience management is the application of the methodologies of the CERT-RMM, which is a capability-focused maturity model. Resilience management can be expressed in terms of establishing organization-appropriate levels of protection and sustainment capabilities.
What attendees will learn
• Key findings from the CERT Division of the SEI, and the CERT-RMM team, in identifying commonalities among cyber practices and aligning them to CERT-RMM practices
• The CERT Division’s 11 cyber hygiene areas, comprising 41 CERT-RMM practices that are paramount to every organization’s success
• What organizations can do to change behavior, understanding, and technology to implement good cyber hygiene
• Key findings from the CERT Division of the SEI, and the CERT-RMM team, in identifying commonalities among cyber practices and aligning them to CERT-RMM practices
• The CERT Division’s 11 cyber hygiene areas, comprising 41 CERT-RMM practices that are paramount to every organization’s success
• What organizations can do to change behavior, understanding, and technology to implement good cyber hygiene
Who should attend?
• CISOs and Information Security Professionals
• Individuals from organizational units such as Information Technology and Information Security who play a key role in establishing and improving organizational-appropriate levels of protection and sustainment capabilities
• CISOs and Information Security Professionals
• Individuals from organizational units such as Information Technology and Information Security who play a key role in establishing and improving organizational-appropriate levels of protection and sustainment capabilities
Register
Oct 16, 2019
2:00 - 3:00 pm ET
Location
OnlineTime
2:00 - 3:00 pm ET