Best Cyber Security
Practices for Counties
An introduction to cybersecurity framework
Facts: What we must know
• Cyber attacks present a tangible element of risk
• There is no such thing as a secure network
• The threat landscape is constantly changing
• The delivery mechanism’s are becoming more advanced
• Training and preparing for event response determines outcome
Initial Tasks: What can we do?
• Train
• Inventory
• Identify
• Develop
• Implement
• Test
Training
“We provided our staff the resources they needed to respond to
this.”
Training: There is no substitute for
competent staffing
• Training needs to be recurring
• There are several centers that provide free educational materials
• Participate in local and national groups
Inventory
“The only thing hooked up is our devices and applications”
Inventory: What does our system look
like
Hardware
Software
• What devices are on our network?
• What software applications are on
our systems?
• What devices perform tasks without
user intervention?
• What unauthorized devices are on
our network?
• What software applications have
been authorized for use?
Identify
“We were unaware that the information we were collecting is
protected”
Identify: Do you know where your
liability is?
Protected Information
Access Points
• Can you identify what data your
organization is collecting?
• Determine what network services
are necessary
• Can you readily identify the location
of the data?
• Determine network boarders
• Can you determine what laws and
regulations govern the data?
• Determine User Access
• Determine Standard Use Patterns
Development
“Our business strategy did not account for this type of event”
Development: We know what we need to
protect. Now what?
Policies & Procedures
• Create an Acceptable Use Policy
• Create the Security Response plan
• Create the Disaster Recovery Plan
• Create a User Awareness Plan
Implement
“The controls we had in place prevented the situation from
escalating”
Implement: Build your strategy
Access Control
User Control
Patch Management
Information Gathering
Data Protection
Secure Network
Boarders
Limit Administrative
Privilege
Lab Testing
Use Centralized Log
Servers
Backups
Limit Use of Network
Services
Account Auditing
Automatic Deployment
Audit Access Logs
Isolate Local Area
Networks
Account Enforcement
Monitoring
Auditing
Automate Notifications
Test
“During an exercise, we had identified a significant gap in our
operation protocol”
Test: Are the implemented controls
effective
Internal Tests
External Tests
• Simulate an event and measure
effectiveness
• Use companies that have certified
penetration testers.
• Modify the incident response plan
to fill the gaps
Question and Answers
Presented by:
Sean Higginbotham
Cascade County