View
0
Download
0
Category
Preview:
Citation preview
#CC16HallwayChat #ChannelCon16
IT Security Community Meeting
Security, Security, Security – AGAIN? It’s Everywhere!
3#CC16HallwayChat #ChannelCon16
http://www.comptia.org/antitrust
CompTIA has a policy of strict compliance with federal and state anti-trust laws.
You agree to avoid discussing certain topics that could result in an unreasonable restraint of trade when participating at any CompTIA events or activities.
CompTIA Anti-Trust Policy
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Member Communities & Councils
4
Industry Initiatives
ResearchCertifications Credentials
Education TrainingPublic Policy
Philanthropy
5#CC16HallwayChat #ChannelCon16
• Work together to improve ourselves, our businesses, and our industry
• Benefit to You• Networking
• Education
• Making a difference
• Your Role• Teach, and learn from, peers
• Participate and contribute
• Shape the future of the industry
Purpose of Communities
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 7
Premier Member Benefits
• Complimentary Event Registrations
• Community Voting Rights
• Research• Training• Education
• Geico• Hertz• FedEx
Icons are for placement only
Networking
Certification Discounts• 15%
Industry Insight
Business Tools & Templates• Contracts• Finance• Marketing• Human
Resources
Affinity Partners
Accelerate your business and professional success
• 50 free seats• 10% off additional seats
CyberSecure
Leadership Opportunities
• Ability to Serve in Community Leadership Position
8#CC16HallwayChat #ChannelCon16
o Welcome & Housekeepingo Executive Council Introductionso Initiatives Updateo CyberSecurity Standard
- Miles Jobgen
o IT Security Assessment Wizard- Nick Beaugeard
o Security Channel – View Today- Neal Bradbury
o Security Self Assessmento Working Groups
- Foundational Security, Comprehensive Security, Advanced Security
o Closing
Agenda
9#CC16HallwayChat #ChannelCon16
Chair – Chris Johnson Vice Chair – Ron Culler
10#CC16HallwayChat #ChannelCon16
Andrew Bagrin, CEO & Founder, My Digital Shield
Eric Torres, Channel Development Manager, Datto, Inc
Colin Knox, CEO, Passportal
Eric Pinto, Director of Business Development & Client Services, VAR Staffing
Jessica Schroder, Consultant
Mike Semel, Principal Consultant & CEO, Semel Consulting LLC
Charles Tholen, Owner & CEO, Cognoscape, LLC
Neal Bradbury, Sr. Director of Channel Development, Intronis
Larry Schweitzer, President, CMIT Solutions of East & West Nassau
Ex-Officio - Scott Barlow, Vice President of Global MSP, Sophos
IT Security Executive Council
11#CC16HallwayChat #ChannelCon16
Welcome our newest
Executive Council Member
STEPHEN SMITH
Director of Managed Services
EvenKeel MSP
12#CC16HallwayChat #ChannelCon16
Welcome & Housekeeping Executive Council Introductionso Initiatives Updateo CyberSecurity Standard
- Miles Jobgen
o IT Security Assessment Wizard- Nick Beaugeard
o Security Channel – View Today- Neal Bradbury
o Security Self Assessmento Working Groups
- Foundational Security, Comprehensive Security, Advanced Security
o Closing
Agenda
#CC16HallwayChat #ChannelCon16
Complete Initiatives• Try the IT Security Assessment Wizard
• Watch Security Tech Tools Videos
• Take a look at the Security Research Webinar (on-demand)
• Always connected, but all Wi-Fi is not GOOD Wi-Fi Webinar (on-demand)
• IT Security Community Code of Ethics
• Major Revision to Security Trustmark
14#CC16HallwayChat #ChannelCon16
Coming soon……
– Foundational
Perimeter Testing
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Three stages, what to offer
15
Three stages
• Data Backups• Desktop Antivirus• Email AV/AS• Basic access control• Software updates/patch
management• Wireless control• Physical access control
• Gateway UTM• Disaster recovery• Remote access/VPN• Basic awareness training• Awareness/Education• Verification of security testing• Policy• Wireless/BYOD• Asset control• System harderning
• Governance/Compliance• Incident response• Monitoring/SIEM• Pen Testing• Risk Assessment• WAP• Other
Foundational Security Comprehensive Security Advanced Security
Eric Torres, Colin KnoxMike Semel, Charles Tholen
Andrew Bagrin, Ron Culler
Cross stage participants - Chris, Neal, Larry, Eric P, Jessica, Stephen
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Introducing CompTIA Channel StandardsThe Definitive Best Business Practices Prescribed by Your Peers
Industry guidelines for implementing IT processes and procedures
Built by industry leaders, tech experts and CompTIA members
Accepted and applied by service providers everywhere
16
Stop by the Member Center to pick up the Standard or access and implement the CyberSecurity Standard today at comptia.org/standards
Nick Beaugeard
IT Security Assessment
18#CC16HallwayChat #ChannelCon16
Welcome & Housekeeping Executive Council Introductions Initiatives Update CyberSecurity Standard
Miles Jobgen
IT Security Assessment Wizardo Nick Beaugeard
o Security Channel – View Todayo Neal Bradbury
o Self Assessmento Foundational Security, Comprehensive Security, to Advanced Security Working Groups
o Closing
Agenda
19#CC16HallwayChat #ChannelCon16
20#CC16HallwayChat #ChannelCon16
Let’s start with some basics
51%
41%
8%
Grow significantly
Grow modestly
Flat/Shrink
Security Revenue Expectations
$75.4$81.0
$87.0$93.4
$100.3
2015 2016 2017 2018 2019
Gartner Market Projections
21#CC16HallwayChat #ChannelCon16
The channel response
22#CC16HallwayChat #ChannelCon16
Starting the discussion
When Customer Initiates
• 68% Change in IT operations
• 51% News of major breach
• 50% Change in management
• 45% Internal breach
• 32% Breach within peers
• 32% New knowledge
When Security Firm Initiates
• 64% Change in IT operations
• 59% New knowledge
• 54% News of major breach
• 46% New threats
• 43% Breach within peers
• 26% Cost of breaches
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Three stages, what to offer
23
Three stages
• Data Backups• Desktop Antivirus• Email AV/AS• Basic access control• Software updates/patch
management• Wireless control• Physical access control
• Gateway UTM• Disaster recovery• Remote access/VPN• Basic awareness training• Awareness/Education• Verification of security testing• Policy• Wireless/BYOD• Asset control• System harderning
• Governance/Compliance• Incident response• Monitoring/SIEM• Pen Testing• Risk Assessment• WAP• Other
Foundational Security Comprehensive Security Advanced Security
Eric Torres, Colin KnoxMike Semel, Charles Tholen
Andrew Bagrin, Ron Culler
Cross stage participants - Chris, Neal, Larry, Eric P, Jessica, Stephen
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Foundational SecurityFoundational security is a first good step to offering your customers security as a service. The goal is to provide a good base of protection without lots of effort to get started.
Although other components such as UTM would be considered as key role in providing adequate foundational cybersecurity, the complexity of most proper UTM’s require quite a bit of effort to effectively deploy.
24
Foundational Security checklist
Software Antivirus Host based protection for desktops/laptops and servers
Data backups Cloud data backups for restoration in case of data loss
Email AV/AS Standard antispam and antivirus for email on email system
Basic access control Separate authentication per user with limited access, only what's needed.
Software updates/patchmanagement
Enable automatic Windows security updates and have a schedule to patch all systems.
Wireless control Use WPA2 or higher, separate guest access
Physical access Restrict physical access to servers and where sensitive data is stored
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Comprehensive SecurityComprehensive security is the next step to provide a solid all around protection for any type of business. This is not vertical or customer specific focused, but is a comprehensive checklist of what can be used across the board for any type of business. Additional layers, procedures and technologies would be required for a complete solution in some specific verticals or that are specific to some businesses.
25
Comprehensive Security Checklist
BDR solution Backup and disaster recovery technology and business continuity plan
Gateway/Perimeter UTM Complete UTM to detect and prevent threats
Remote access/VPN Avoid port forwarding for remote access, instead use VPN access
Awareness/Education Simple awareness training (don’t trust/click/open) Can be automated
Verification of security Test current security setup. Vulnerability scans in/out. Review logs/reports
PoliciesCreate and enforce policies such as password, internet usage, access to resources
Wireless Usage policy and BYOD control
Asset control Catalog all software/hardware, manage updates and control
System hardening Disable all unused software, services and ports on all systems.
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Advanced SecurityYou may wish to offer additional security, such as governance/compliance, incident response, monitoring, penetration testing and risk assessment. However, these tend to be either vertical focused or service orientation focused, which means it might make more sense for you to partner with a provider that offer these type of advanced services instead of trying to build them yourself. In some cases you may even want to outsource some of the comprehensive items. Regardless of how you offer your customers security whether in house or outsourced, the most important thing is that every business has comprehensive protection.
26
Beyond Comprehensive Security Options
Governance/compliance Providing PCI/HIPAA or other consultation to certify compliance
Incident response Providing remote and/or on site remediation services to breaches
Monitoring SIEM log correlation and eyes in SOC on events
Pen Testing Manual penetration testing/auditing of network/systems
Risk assessment Full audit of company and business continuity, providing risk analysis and plan
27#CC16HallwayChat #ChannelCon16
Welcome & Housekeeping Executive Council Introductions Initiatives Update CyberSecurity Standard
Miles Jobgen
IT Security Assessment Wizardo Nick Beaugeard
o Security Channel – View Todayo Neal Bradbury
o Self Assessmento Foundational Security, Comprehensive Security, to Advanced Security Working Groups
o Closing
Agenda
28#CC16HallwayChat #ChannelCon16
Break out into the three groups
– Foundational
– Comprehensive
– Advanced
Up Next
#CC16HallwayChat #ChannelCon16
6-7:30 Technology Vendor Fair & Reception
• Great Hall, Conv Ctr 3rd Flr
Game Night Party (Presented by Future Leaders Community)
• Diplomat Ballroom 1, Conv Ctr 2nd Flr
Thank You
#CC16HallwayChat #ChannelCon16
Recommended