Cyber Hygiene: Why the Fundamentals Matter



In this webcast, as a part of National Cybersecurity Awareness Month, our experts will provide an overview of the concept of cyber hygiene, which bears an analogy to the concept of hygiene in the medical profession. Like the practice of washing hands to prevent infections, cyber hygiene addresses simple sets of actions that users can take to help reduce cybersecurity risks. Matt Butkovic, Randy Trzeciak, and Matt Trevors will discuss what some of those practices are, such as implementing password security protocols and determining which other practices an organization should implement. Finally, they discuss the special case of phishing—which is a form of attack that can bypass technical safeguards and exploit people’s weaknesses—and how changes in behavior, understanding, and technology might address this issue.

 

Good cyber hygiene is important because an organization's threat landscape changes daily, and new variants of attacks on computer systems appear by the hour. The sheer number of security vulnerabilities in hardware, software, and underlying protocols—and in the dynamic threat environment—make it nearly impossible for most organizations to keep pace.

 

Threats aren't only technological, either. Hackers and other bad actors are adept at social engineering to gain access to systems and the information they house. Social engineering attacks can be a sophisticated phishing campaign, a sob story delivered to a customer service representative over the phone, or even an individual on-site claiming to be fixing the HVAC but actually planting a wireless-enabled device. The IT department alone can't mitigate social engineering attacks. It's a responsibility shared by everyone, from the C-suite to the most junior staff members, and you might never get all personnel on board.

 

At the CERT® Division of the SEI, our approach to cyber hygiene involves identifying the commonalities among these cyber practices and aligning them with the resilience management practices in the CERT Resilience Management Model (CERT-RMM). Resilience management is the application of the methodologies of the CERT-RMM, which is a capability-focused maturity model. Resilience management can be expressed in terms of establishing organization-appropriate levels of protection and sustainment capabilities.

 

What Attendees Will Learn:

 

  • Key findings from the CERT Division of the SEI, and the CERT-RMM team, in identifying commonalities among cyber practices and aligning them to CERT-RMM practices
  • The CERT Division’s 11 cyber hygiene areas, comprising 41 CERT-RMM practices that are paramount to every organization’s success
  • What organizations can do to change behavior, understanding, and technology to implement good cyber hygiene 

Speaker and Presenter Information

Matthew Butkovic is the Technical Director (Acting) – Cyber Risk and Resilience Assurance in the CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University (CMU). Butkovic performs critical infrastructure protection research and develops methods, tools, and techniques for evaluating capabilities and managing risk. This includes addressing the challenges of complex supply chains. Butkovic teaches a graduate level cybersecurity policy courses at the CMU Heinz College. He is also an instructor, focused on organizational resilience and supply chain risk management, for the CMU Heinz School CISO and CRO Executive Certificate Programs.

 

Randy Trzeciak is the Director of the CERT National Insider Threat Center. The team’s mission is to assist organizations in improving their security posture and incident response capability by researching technical threat areas; developing and conducting information security assessments; and providing information, solutions and training for preventing, detecting, and responding to illicit activity. Randy is the Director of the Master’s of Science in Information Security Policy & Management Program in the Heinz College at Carnegie Mellon University.

 

Matt Trevors is a Technical Manager for Carnegie Mellon's Software Engineering Institute. Matt has more than 20 years of experience in information technology, information security, and secure software development strategies. Matt obtained him Master's in Computer Information Systems from Boston University and his Bachelor's in Computer Science from the University of New Brunswick. Matt also holds the CISM, CISSP, CISSP-ISSAP, and CCSP professional credentials.

Relevant Government Agencies

Air Force, Army, Navy & Marine Corps, Intelligence Agencies, DOD & Military, Office of the President (includes OMB), Dept of Agriculture, Dept of Commerce, Dept of Education, Dept of Energy, Dept of Health & Human Services, Dept of Homeland Security, Dept of Housing & Urban Development, Dept of the Interior, Dept of Justice, Dept of Labor, Dept of State, Dept of Transportation, Dept of Treasury, Dept of Veterans Affairs, EPA, GSA, USPS, SSA, NASA, Other Federal Agencies, Legislative Agencies (GAO, GPO, LOC, etc.), Judicial Branch Agencies, State Government, County Government, City Government, Municipal Government, CIA, FEMA, Office of Personnel Management, Coast Guard, National Institutes of Health, FAA, Census Bureau, USAID, National Guard Association, EEOC, Federal Government, State & Local Government, FDA, Foreign Governments/Agencies, NSA, FCC

Members who viewed this event also viewed:


Event Type
Webcast


This event has no exhibitor/sponsor opportunities


When
Wed, Oct 16, 2019, 2:00pm - 3:00pm ET


Cost
Complimentary:    $ 0.00


Website
Click here to visit event website


Organizer
CMU - SEI


Contact Event Organizer


Join the event conversation:
@SEInews


Return to search results