Digital Security 101 Fresno 2018

From California Technology Feestival Wiki
Jump to: navigation, search

initial questions --

  • One question were centered around phishing and protecting users from information.
  • Another question was focused upon how to transferring information securely.
  • Another question was asked how to manage cultural change with security changes.

https://roadmap.org: provides consultant time to small orgs

  • Key item is readiness with questions to ask:
    • do you have support, management of tech. decides practices, shared info, tech practices?
    • some checklists: email safety, wireless network use, device security, gsuite config
    • is there a culture of training/learning around tech?
    • try to set tech baselines first, before security, then look at what are the biggest concerns

In an org, when you have many moving pieces, and don't have a lot of resources, where do you turn to?

  • basic info sec framework:
    • confidentiality, integrity, access
    • no unauthorized access, make sure authorized can get in and data is correct
  • how do we remove the terms from a military perspective?
    • perhaps use terms that come from the end user perspective because of the the military perspective removes the humanity.
    • don't use fear to motivate
  • web cast for phishing covered: https://www.youtube.com/watch?v=g7TNgBH6tQI
    • let people know ahead of time so there isn't an attachment of failure
    • remove the shame
  • how do we figure out how we should treat each of our sets of data
    • do inventory of info:
    • what do we have?
    • who might want it?
    • consequences of data being exposed.
    • what are the resources of people who want it and org
  • what are high risk scenarios?
  • what steps can be taken?
  • what are other ways of doing risk analysis
  • use systems to keep track of app versions, scheduled tasks. quest kace?
  • know b4: https://www.knowbe4.com/website
  • provides security training (some free)
  • a mention of using other methods besides email to transfer/share sensitive documents
    • such as a central file repository
    • encrypted email: lots of difficulties in making an end to end email encryption work
    • asana is used to currently share files/communications in some places
    • goes back to common set of questions
    • is there redundancy
    • is everyone on the same page
    • at digital nest, the change manager supports and equips people for change
    • other companies use an on boarding manager to train people
    • another option is an on boarding/off boarding checklist
  • security checklists
    • https://eclgy.org/sec-check
    • template for AUP, byod, security practices manual
    • in CA, phones must be subsidized by law if required to use for work