John P Zelsnack CISSP/CISM/CRISC/Securty+/ITILv3 Senior Technical Manager/Cyber Security Engineer General Dynamics - Advanced Information Systems



Similar documents
SECURITY CONSIDERATIONS FOR LAW FIRMS

SECURITY CAREERS. Defining Jobs, Compensation, Qualifications. by Jerry Brennan and Steve Walker

Information Security Officer (# 1773) Salary: Grade 25 ($81,808-$102,167) / Grade 27 ($90,595 to $113,141) Summary of Duties. Minimum Qualifications

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

INTRODUCTION TO PENETRATION TESTING

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

Report on CAP Cybersecurity November 5, 2015

CFIR - Finance IT 2015 Cyber security September 2015

HIPAA Security Training Manual

Cyber Security: An Introduction

HP Cyber Security Control Cyber Insight & Defence

Data Management Policies. Sage ERP Online

University of Central Florida Class Specification Administrative and Professional. Information Security Officer

INTRODUCTION TO NETWORK SECURITY. Nischit Vaidya, CISSP Instructor

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

HIPAA Requirements and Mobile Apps

Director, IT Security District Office Kern Community College District JOB DESCRIPTION

Policy for Protecting Customer Data

Information Security Technology?...Don t Rely on It A Case Study in Social Engineering

Image credits: Front cover: U.S. Army photo by Sgt. Brandon Little, Task Force XII PAO, MND-B Inside back cover: U.S Army photo by Staff Sgt.

NGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;

PII Compliance Guidelines

Security Defense Strategy Basics

Facilitated By: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

October Is National Cyber Security Awareness Month!

HIPAA Privacy & Security Rules

White Paper. Information Security -- Network Assessment

INFORMATION SECURITY FOR YOUR AGENCY

How To Perform An External Security Vulnerability Assessment Of An External Computer System

Working Practices for Protecting Electronic Information

Better secure IT equipment and systems

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

PCI DSS 3.0 : THE CHANGES AND HOW THEY WILL EFFECT YOUR BUSINESS

Common Cyber Threats. Common cyber threats include:

SecurityMetrics Vision whitepaper

Cyber-Security. FAS Annual Conference September 12, 2014

Pass-the-Hash. Solution Brief

Cybersecurity: What CFO s Need to Know

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Actions and Recommendations (A/R) Summary

Cyber Threats in Physical Security Understanding and Mitigating the Risk

Conducting Security System Site Surveys

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Physical Security: From Locks to Dox

Top Ten Keys to Gaining Enterprise Configuration Visibility TM WHITEPAPER

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

A Small Business Approach to Big Business Cyber Security. Brent Bettis, CISSP 23 September, 2014

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at

National Cyber Security Month 2015: Daily Security Awareness Tips

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Cybersecurity Policies and Best Practices: Protecting small firms, large firms, and professional services from malware and other cyber-threats

Question: 1 Which of the following should be the FIRST step in developing an information security plan?

INFORMATION SECURITY STRATEGIC PLAN

Unit 6 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

Security at San Onofre

CloudCheck Compliance Certification Program

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

PCI Data Security Standard 3.0

SERENA SOFTWARE Serena Service Manager Security

Terms of Reference for an IT Audit of

Selecting a Law Firm Cloud Provider: Questions to Ask and Ethical/Security Concerns

Cybersecurity. Are you prepared?

Transcription:

John P Zelsnack CISSP/CISM/CRISC/Securty+/ITILv3 Senior Technical Manager/Cyber Security Engineer General Dynamics - Advanced Information Systems

AGENDA Who Am I? Breaking it down Why Do We Care Questions

WHO AM I I have worked Information Assurance / Cyber Security field for the past 10 years with General Dynamics - Advanced Information Systems in Fairfax Virginia, supporting federal level cyber security activities for National Reconnaissance Office in Chantilly Virginia. A large focus of my responsibilities include: Creation of enterprise governance policies, definition of implementation methods and validation of adherence to / enforcement of policies. I manage a worldwide staff that specifically focuses on testing of security control implementation to satisfy cyber security requirements. I have a Bachelor s Degree from Strayer University in Network Security and a Master Degree from Capitol College in Information Assurance. I am a member in good standing with the multiple Information Security Certification organizations actively holding the following certifications Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Security+ Certified Professional (Security+) Information Technology Information Library (ITIL)

BREAKING IT DOWN What Cyber Security Is: Cyber security is the collection of technologies, services, processes and best practices designed to protect networks, computers, applications and data from attack, damage or unauthorized access. Also referred to as Computer Security, Information Security, Information Assurance It spans multiple Security disciplines to include Physical Security, Personnel Security, Personal Security, Network Security, Information Security, Communications Security, Operations Security and Security Awareness Physical Security: Protection of technology and data from unauthorized physical access. Includes guards, doors, locks, fences, cameras Personnel Security: Review and assessment of people to validate worthiness of access (both physical and virtual) to technology and data Personal Security: Protection of the personnel in an organization that are authorized to access the organization, its technology and data

BREAKING IT DOWN Network Security: Technology implemented to protect networks from unauthorized access Information Security: Protection of an organizations information (data) to include the technology that is used to store, process or transmit the information Communications Security: Protection of an organizations communication media, technology and content. Operations Security: Protection of the details regarding an organizations capabilities, methods or activities Security Awareness Ongoing education and training to ensure that personnel are reminded of and trained on Cyber Security principles

BREAKING IT DOWN What Cyber Security Is Not: Cyber security is not a collection of laws and regulations Cyber security is not a one time install of Anti-virus software Cyber security is not someone else's responsibility The common denominator across all disciplines comprising Cyber Security is Security It is important for everyone involved to understand what needs to be protected and why as well as where protection needs to be applied

WHY DO WE CARE Cyberspace: Cyberspace is that worldwide environment of computers and the infrastructure that connects them, more commonly referred to as the Internet The growth in number and prevalence of connected devices has created an environment where both people and organizations are constantly exposed to threats Devices are not just the computer sitting on your desk anymore Being connected is accepted, expected and inherently trusted

WHY DO WE CARE People are inherently the weak link in all aspects fo security We all trust that someone or something else is protecting our interests People tend to lack the due diligence to ensure that all aspects of our part of the cyberspace are adequately protected Connected to the internet = exposed and vulnerable So how do we make it better?? Education and awareness are key to ensure understanding of the issue and support for the resolutions we are here to help deifine.

QUESTIONS??

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information