SlideShare a Scribd company logo

MCG Cybersecurity Webinar Series - Risk Management

Download as PPTX, PDF
William McBorrough
William McBorrough

Learn the five steps all businesses must follow to protect themselves from costly data breaches. This will be the first of a monthly series to educational webinars for small business leaders. Knowing is the first step in protecting your business.

Related slideshows

Social Engineering the CEO
Social Engineering the CEOSocial Engineering the CEO
Social Engineering the CEO
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber Shocks
 
Resilience is the new cyber security
Resilience is the new cyber securityResilience is the new cyber security
Resilience is the new cyber security
 
1 of 19
Cybersecurity Webinar Series 5 Steps to Managing your Risks “Size Doesn’t Matter”
Presenter • William J McBorrough, MSIA, CISSP, CISA, CRISC, CEH, CCSFP • Managing Principal, MCGlobalTech • 17 years Information Security Professional • 9 years Adjunct College Professor • Security and Risk Management “Expert” • Small Business Owner
The PROBLEM is Real • FACT: Cyber attacks on small business are on the rise • FACT: The impact to a small business is much greater than larger counterparts. • FACT: Most small businesses aren’t prepared to face this reality.
The PROBLEM is Real • Small Businesses are in denial when it comes to cyber risks. Common excuses are: • “We’re too small.” • “We can’t afford it.” • “It’s too complicated.” • “Our IT guy is taking care of it.” • But that’s not all, is it? • More pressing priorities • Competing demands on time, resources and energy
Sources of Cyber Information Security Vendors want to see their products. “If I’m selling hammers, I’m only interested in your nails. I’m not concerned with the fact that your screws are all falling out” - WJM News media reports are focused on sensational stories. Large brand names. Millions of affected users. A small business getting hacked is not sexy.
Risk Driven vs. Controls Focused Security “Technology” Risk Management “Business”
Case Study - Size Doesn’t Matter Meet Sam Solopreneur = Sam, Inc!  “Always on the Go!”  “No office space.”  “No Infrastrure”  ”No Employees”  ”No Security Program”
Risk Management Step 1 1. Identify Critical Asset • Communication • (Calls, Email, Text, Social Media,etc) • Data • (Contacts, emails, files, Photos, Videos, etc) • Apps • (Productivity, Financial, etc)
Risk Management Step 2 1. Identify Critical Assets 2. Identify Threats I. Gravity, Clumsy Fingers II. Thieves, Faulty Memory III. Shoulder surfers, Nosy people IV. Software bugs
Risk Management Step 3 1. Identify Critical Assets 2. Identify Threats 3. Identify Vulnerabilities I. Glass screen - Scratches, Cracks, Breaks II. Small, portable - Easy to conceal, lose track of III. Screen visible from above, sides IV. Poor Software Development, Testing - Vendor
Risk Management Step 4 1. Identify Critical Assets 2. Identify Threats 3. Identify Vulnerabilities 4. Assess Risks I. High II. High III. Medium IV. Low Likelihood = Probability of threat exploiting Vulnerability Consequences = Impact to business Risk = Likelihood of Consequence
Risk Management Step 5 1. Identify Critical Assets 2. Identify Threats 3. Identify Vulnerabilities 4. Assess Risks 5. Manage Risk( Avoid, Mitigate, Transfer, Accept) I. Mitigate - Purchase Case, Screen Cover II. Mitigate, Transfer - Password, Backup, Location Service/App, Insurance, III. Mitigate - Privacy screen, Behavior IV. Accept - Delay upgrades? Oh well V. Avoid - Toss phone out the window
Now that you know….. 1. Have you identified your business critical assets? 2. Have to thought about the threats that may affect them and adversely impact your business? 3. Have you looked for where your assets might be susceptible to those threats? 4. Have you assessed the risk by considering the potential likelihood and impact to your business? 5. Have you made an informed, conscious decision in line with your business mission and needs about your risk?
Key Takeaways  Size doesn’t matter.  Your “IT Guy” can’t do this for you.  It doesn’t have to be expensive and complicated.  We can help.
QUESTIONS
About Us MCGlobalTech – Mission Critical Global Technology Group (MCGlobalTech) is a minority owned, small business founded by industry leaders to provide strategic advisory and security consulting services to public and private sector business managers to better align technology and security programs with organizational mission and business goals. – The Principals at MCGlobalTech have been providing Information Security services to the Federal Government and the private sector for over 25 years
Our Values At MCGlobalTech, we believe that strong values create long term relationships with our customers, employees, partners and the communities we serve. At the heart of everything we do, our corporate values are: – Providing customer satisfaction – Delivering innovative solutions – Empowering staff for success – Promoting Entrepreneurial spirit – Maintaining technical excellence Staff Skills Success
What we offer MCGlobalTech is able to provide our customers with innovative, mission-critical solutions in a broad variety of technologies. We consider the following our core competencies: – Information Assurance (Security Authorization) – Vulnerability Management – Security Risk Management – Security Engineering – Penetration Testing – Network Security
Contact Us Mission Critical Global Technology Group 1325 G Street, NW Suite 500 Washington, District of Columbia 20005 Phone: 202.355.9448 Email: Info@mcglobaltech.com William J. McBorrough Sales Division Co-Founder/Managing Principal Corporate Headquarters wjm4@mcglobaltech.com sales@mcglobaltech.com (202) 355-9448 x101 (202) 355-9448 x200 (571) 249-4677 (cell)

More Related Content

MCG Cybersecurity Webinar Series - Risk Management

  • 1. Cybersecurity Webinar Series 5 Steps to Managing your Risks “Size Doesn’t Matter”
  • 2. Presenter • William J McBorrough, MSIA, CISSP, CISA, CRISC, CEH, CCSFP • Managing Principal, MCGlobalTech • 17 years Information Security Professional • 9 years Adjunct College Professor • Security and Risk Management “Expert” • Small Business Owner
  • 3. The PROBLEM is Real • FACT: Cyber attacks on small business are on the rise • FACT: The impact to a small business is much greater than larger counterparts. • FACT: Most small businesses aren’t prepared to face this reality.
  • 4. The PROBLEM is Real • Small Businesses are in denial when it comes to cyber risks. Common excuses are: • “We’re too small.” • “We can’t afford it.” • “It’s too complicated.” • “Our IT guy is taking care of it.” • But that’s not all, is it? • More pressing priorities • Competing demands on time, resources and energy
  • 5. Sources of Cyber Information Security Vendors want to see their products. “If I’m selling hammers, I’m only interested in your nails. I’m not concerned with the fact that your screws are all falling out” - WJM News media reports are focused on sensational stories. Large brand names. Millions of affected users. A small business getting hacked is not sexy.
  • 6. Risk Driven vs. Controls Focused Security “Technology” Risk Management “Business”
  • 7. Case Study - Size Doesn’t Matter Meet Sam Solopreneur = Sam, Inc!  “Always on the Go!”  “No office space.”  “No Infrastrure”  ”No Employees”  ”No Security Program”
  • 8. Risk Management Step 1 1. Identify Critical Asset • Communication • (Calls, Email, Text, Social Media,etc) • Data • (Contacts, emails, files, Photos, Videos, etc) • Apps • (Productivity, Financial, etc)
  • 9. Risk Management Step 2 1. Identify Critical Assets 2. Identify Threats I. Gravity, Clumsy Fingers II. Thieves, Faulty Memory III. Shoulder surfers, Nosy people IV. Software bugs
  • 10. Risk Management Step 3 1. Identify Critical Assets 2. Identify Threats 3. Identify Vulnerabilities I. Glass screen - Scratches, Cracks, Breaks II. Small, portable - Easy to conceal, lose track of III. Screen visible from above, sides IV. Poor Software Development, Testing - Vendor
  • 11. Risk Management Step 4 1. Identify Critical Assets 2. Identify Threats 3. Identify Vulnerabilities 4. Assess Risks I. High II. High III. Medium IV. Low Likelihood = Probability of threat exploiting Vulnerability Consequences = Impact to business Risk = Likelihood of Consequence
  • 12. Risk Management Step 5 1. Identify Critical Assets 2. Identify Threats 3. Identify Vulnerabilities 4. Assess Risks 5. Manage Risk( Avoid, Mitigate, Transfer, Accept) I. Mitigate - Purchase Case, Screen Cover II. Mitigate, Transfer - Password, Backup, Location Service/App, Insurance, III. Mitigate - Privacy screen, Behavior IV. Accept - Delay upgrades? Oh well V. Avoid - Toss phone out the window
  • 13. Now that you know….. 1. Have you identified your business critical assets? 2. Have to thought about the threats that may affect them and adversely impact your business? 3. Have you looked for where your assets might be susceptible to those threats? 4. Have you assessed the risk by considering the potential likelihood and impact to your business? 5. Have you made an informed, conscious decision in line with your business mission and needs about your risk?
  • 14. Key Takeaways  Size doesn’t matter.  Your “IT Guy” can’t do this for you.  It doesn’t have to be expensive and complicated.  We can help.
  • 16. About Us MCGlobalTech – Mission Critical Global Technology Group (MCGlobalTech) is a minority owned, small business founded by industry leaders to provide strategic advisory and security consulting services to public and private sector business managers to better align technology and security programs with organizational mission and business goals. – The Principals at MCGlobalTech have been providing Information Security services to the Federal Government and the private sector for over 25 years
  • 17. Our Values At MCGlobalTech, we believe that strong values create long term relationships with our customers, employees, partners and the communities we serve. At the heart of everything we do, our corporate values are: – Providing customer satisfaction – Delivering innovative solutions – Empowering staff for success – Promoting Entrepreneurial spirit – Maintaining technical excellence Staff Skills Success
  • 18. What we offer MCGlobalTech is able to provide our customers with innovative, mission-critical solutions in a broad variety of technologies. We consider the following our core competencies: – Information Assurance (Security Authorization) – Vulnerability Management – Security Risk Management – Security Engineering – Penetration Testing – Network Security
  • 19. Contact Us Mission Critical Global Technology Group 1325 G Street, NW Suite 500 Washington, District of Columbia 20005 Phone: 202.355.9448 Email: Info@mcglobaltech.com William J. McBorrough Sales Division Co-Founder/Managing Principal Corporate Headquarters wjm4@mcglobaltech.com sales@mcglobaltech.com (202) 355-9448 x101 (202) 355-9448 x200 (571) 249-4677 (cell)

Editor's Notes

  1. -
  2. -
  3. -
  4. -
  5. -
  6. -
  7. -
  8. -
  9. -
  10. -
  11. -