Digital Security 101 Fresno 2018
From California Technology Feestival Wiki
initial questions --
- One question were centered around phishing and protecting users from information.
- Another question was focused upon how to transferring information securely.
- Another question was asked how to manage cultural change with security changes.
https://roadmap.org: provides consultant time to small orgs
- Key item is readiness with questions to ask:
- do you have support, management of tech. decides practices, shared info, tech practices?
- some checklists: email safety, wireless network use, device security, gsuite config
- is there a culture of training/learning around tech?
- try to set tech baselines first, before security, then look at what are the biggest concerns
In an org, when you have many moving pieces, and don't have a lot of resources, where do you turn to?
- basic info sec framework:
- confidentiality, integrity, access
- no unauthorized access, make sure authorized can get in and data is correct
- how do we remove the terms from a military perspective?
- perhaps use terms that come from the end user perspective because of the the military perspective removes the humanity.
- don't use fear to motivate
- web cast for phishing covered: https://www.youtube.com/watch?v=g7TNgBH6tQI
- let people know ahead of time so there isn't an attachment of failure
- remove the shame
- how do we figure out how we should treat each of our sets of data
- do inventory of info:
- what do we have?
- who might want it?
- consequences of data being exposed.
- what are the resources of people who want it and org
- what are high risk scenarios?
- what steps can be taken?
- what are other ways of doing risk analysis
- use systems to keep track of app versions, scheduled tasks. quest kace?
- know b4: https://www.knowbe4.com/website
- provides security training (some free)
- a mention of using other methods besides email to transfer/share sensitive documents
- such as a central file repository
- encrypted email: lots of difficulties in making an end to end email encryption work
- asana is used to currently share files/communications in some places
- goes back to common set of questions
- is there redundancy
- is everyone on the same page
- at digital nest, the change manager supports and equips people for change
- other companies use an on boarding manager to train people
- another option is an on boarding/off boarding checklist
- security checklists
- template for AUP, byod, security practices manual
- in CA, phones must be subsidized by law if required to use for work