Digital Security 101 Fresno 2018

From California Technology Festival Wiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

initial questions --

  • One question were centered around phishing and protecting users from information.
  • Another question was focused upon how to transferring information securely.
  • Another question was asked how to manage cultural change with security changes.

https://roadmap.org: provides consultant time to small orgs

  • Key item is readiness with questions to ask:
    • do you have support, management of tech. decides practices, shared info, tech practices?
    • some checklists: email safety, wireless network use, device security, gsuite config
    • is there a culture of training/learning around tech?
    • try to set tech baselines first, before security, then look at what are the biggest concerns

In an org, when you have many moving pieces, and don't have a lot of resources, where do you turn to?

  • basic info sec framework:
    • confidentiality, integrity, access
    • no unauthorized access, make sure authorized can get in and data is correct
  • how do we remove the terms from a military perspective?
    • perhaps use terms that come from the end user perspective because of the the military perspective removes the humanity.
    • don't use fear to motivate
  • web cast for phishing covered: https://www.youtube.com/watch?v=g7TNgBH6tQI
    • let people know ahead of time so there isn't an attachment of failure
    • remove the shame
  • how do we figure out how we should treat each of our sets of data
    • do inventory of info:
    • what do we have?
    • who might want it?
    • consequences of data being exposed.
    • what are the resources of people who want it and org
  • what are high risk scenarios?
  • what steps can be taken?
  • what are other ways of doing risk analysis
  • use systems to keep track of app versions, scheduled tasks. quest kace?
  • know b4: https://www.knowbe4.com/website
  • provides security training (some free)
  • a mention of using other methods besides email to transfer/share sensitive documents
    • such as a central file repository
    • encrypted email: lots of difficulties in making an end to end email encryption work
    • asana is used to currently share files/communications in some places
    • goes back to common set of questions
    • is there redundancy
    • is everyone on the same page
    • at digital nest, the change manager supports and equips people for change
    • other companies use an on boarding manager to train people
    • another option is an on boarding/off boarding checklist
  • security checklists
    • https://eclgy.org/sec-check
    • template for AUP, byod, security practices manual
    • in CA, phones must be subsidized by law if required to use for work
Retrieved from "https://catechfest.aspirationtech.org/index.php?title=Digital_Security_101_Fresno_2018&oldid=587"