当前位置:首页 > 报告详情

利用人员、流程和技术克服网络安全贫困线的成本效益策略.pdf

上传人: 学*** 编号:187768 2024-12-26 46页 45.95MB

1、Overcoming the CyberSecurity Poverty LineCost E?ective Strategies Using People,Process,and TecnologyRobert WagnerMr_MinionMr_Minioninfosec.exchangeAdvisory CISOAdvisory CISO/Managing DirectorCommunityHak4Kidz Co-FounderISSA Chicago BoardChicago CISO of the YearBurbSecBSides312Do me a favor?Take pict

2、uresPost to socialIntroductionSmall Businesses Keep Making the Same Mistakes Large Enterprises Made 20 Years AgoI Wrote This Talk BecauseCyber Security Poverty LineThe line below which an organization cannot be e?ectively protected-much less comply with-security regulations.Wendy Nather,2010MoneyExp

3、ertiseCapabilityIn?uencePrimary HurdlesUnderstanding the Impact on Small BusinessAttacks targeting Small-to-Medium Enterprises comprised46%of all attacks in 2021-Verizon Breach Report 2021Cyberattacks cost SMEs an average of$200,000 per?rm.and 60%of(SME)victimsgo out of business within 6 months.Hisc

4、ox InsuranceWhere Do We Start?Too Much Focus on TechnologyPeopleTalent is Hard to Find-Is it really,though?Consider Non-traditional approaches to hiringSpeaks in Business TermsExperienced in Incident ResponseUnderstands ComplianceCreates Realistice Risk and Vulnerability ObjectivesHeres What To Look

5、 ForVirtual CISOsHire a Few Strategic LeadsTarget of Empathy&MentorshipRun interference for Business PoliticsLead by ExampleCreate a Low Cost ArmyInternsTemp-to-HireEntry Level HiresNuture TalentStop Chasing UnicornsCreate a Culture of Mutual Mentorship and SharingTrain them so well that they could

6、leaveTreat them so well that they stayHelp Justify Their Training to the BusinessThey usually dont know the right languageEncourage Participation in the InfoSec CommunityLook for talent in existing employeesFrom Within and WithoutHow to Nurture TalentUse Neutral LanguageWords like self-reliant or le

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文探讨了中小企业在网络安全方面面临的挑战及应对策略。作者指出,中小企业常犯与大型企业二十年前相同的网络安全错误,这些错误可能导致企业破产。文章提出了成本效益策略,包括人员、流程和技术方面的方法。关键数据包括:46%的攻击针对中小型企业,2021年 Verizon 泄露报告指出,中小型企业平均每次遭受网络攻击的损失为200,000美元,60%的受害者企业在六个月内破产。 为了解决这些问题,文章建议中小企业采用非传统招聘方法,如雇佣虚拟CISO和战略领导;创建一个低成本的团队,如实习生、临时工和初级员工;培养人才并建立相互指导的文化;提供优质的员工培训;实施结构化面试和评分卡以减少招聘偏见;以及采用易于防御的内部威胁管理方法。 此外,文章还强调了制定有效的风险评估和合规性策略的重要性,并提倡使用“透明盒子”安全评估方法,以提供更具针对性的建议和补救措施。同时,建议对所有特权凭据活动进行日志记录和监控,实施多因素认证,并将共享账户/密码存储在安全平台中。最后,文章强调了自动化和安全远程访问的重要性,并推荐使用开源评估工具来帮助中小企业提高网络安全性。
"如何有效保护小型企业免受网络攻击?" "如何通过人员、流程和技术实现成本效益的安全策略?" "小型企业在网络安全方面应避免哪些大型企业20年前犯过的错误?"
客服
商务合作
小程序
服务号
折叠