SlideShare a Scribd company logo

Layered Approach - Information Security Recommendations

Download as PPT, PDF
Michael Kaishar, MSIA | CISSP, profile picture
Michael Kaishar, MSIA | CISSP

The document outlines a comprehensive approach to information security utilizing a layered strategy, emphasizing access controls, application security through Citrix, and robust electronic security measures. It highlights the importance of security awareness training for employees, covering topics such as password strength, malware protection, and social engineering awareness. Additionally, it provides recommendations for end-user security configurations to mitigate data theft risks and enhance network security.

TechnologyEducation
Related topics:
Information Security
1 of 8
Downloaded 52 times
1
2
3
4
5
6
7
8
01 INFORMATION SECURITY Using a Layered Approach Michael Kaishar, CISSP Information Security Consultant
Defense-in-Depth Layered Approach Access Control Lists and Permissions controlled by GPO All applications published by Citrix Portal with SSL certificate security OS Hardening & Patching, BIOS Password, and Disable USB Subnets, VLANs, IDS/IPS, IPSec Firewalls, VPN, IDS/IPS Badges, PINS, Security Cameras, Locks, etc… Electronic Security Policy and Security Awareness Training Michael Kaishar, CISSP / Information Security Consultant Policies, Procedures, & Security Awareness Physical Security Perimeter Internal Network Host Application Data
02 SECURITY AWARENESS TRAINING Web-Based Training provided by [Vendor of Choice] Michael Kaishar, CISSP / Information Security Consultant
Security Awareness Training Security Awareness Training empowers employees through a web-based delivery system supporting Information Security Policies and Acceptable Use of Electronic Communications Systems at [COMPANY]. The web-based, e-learning courses are designed to help meet compliance requirements. Security Awareness Training Course Topics Passwords: how to create a strong password and the techniques hackers use to crack them. Viruses & Hoaxes: malware concepts and protective controls each employee can take. Social Engineering: gathering of private information through conversations, and how to avoid crossing the line from helpful to harmful. Michael Kaishar, CISSP / Information Security Consultant
03 END-USER SECURITY RECOMMENDATIONS FOR TECHNICAL SECURITY Michael Kaishar, CISSP / Information Security Consultant
End-User Security Technical Recommendation End-User Client Security In order to mitigate the risk of data theft it is necessary to provide a secure ePC (Thin) client solution. ePC Security & Feature Configuration Recommendations RDP / ICA Connection Only Boot from Hard Drive (Disable CD/DVD/USB Booting) Enable BIOS Passwords Latest XP Service Pack. DISABLE ALL USB PORTS!! Michael Kaishar, CISSP / Information Security Consultant
04 Network Diagram RECOMMENDATION FOR A SECURE NETWORK Michael Kaishar, CISSP / Information Security Consultant
Network Security Recommendation Michael Kaishar, CISSP / Information Security Consultant

More Related Content

PDF
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
PPTX
Vulnerability Assessment Presentation
Lionel Medina
 
PDF
Vulnerability Management
asherad
 
PPTX
Challenges of Vulnerability Management
Rahul Neel Mani
 
PPTX
Vulnerability Assessment
primeteacher32
 
PDF
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
South Tyrol Free Software Conference
 
PPTX
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
PDF
Security operations center 5 security controls
AlienVault
 
Defense In Depth Using NIST 800-30
Kevin M. Moker, CFE, CISSP, ISSMP, CISM
 
Vulnerability Assessment Presentation
Lionel Medina
 
Vulnerability Management
asherad
 
Challenges of Vulnerability Management
Rahul Neel Mani
 
Vulnerability Assessment
primeteacher32
 
SFScon 21 - Matteo Falsetti - Cybersecurity Management in the Supply Chain
South Tyrol Free Software Conference
 
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
Security operations center 5 security controls
AlienVault
 

What's hot (20)

PPTX
Security architecture, engineering and operations
Piyush Jain
 
PDF
Understanding security operation.pptx
Piyush Jain
 
PPTX
NIST Critical Security Framework (CSF)
Priyanka Aash
 
PDF
Vulnerability threat and attack
newbie2019
 
PDF
Building A Security Operations Center
Siemplify
 
PDF
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
PDF
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Priyanka Aash
 
PPTX
Top 20 Security Controls for a More Secure Infrastructure
Infosec
 
PDF
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
PPTX
AlienVault Partner Update: So Many Security Products to Sell to My Customers…...
AlienVault
 
PDF
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
AlienVault
 
PPT
Top Tactics For Endpoint Security
Ben Rothke
 
PPTX
SOC Architecture Workshop - Part 1
Priyanka Aash
 
PPT
002.itsecurity bcp v1
Mohammad Ashfaqur Rahman
 
PDF
Identifying Code Risks in Software M&A
Matt Tortora
 
PDF
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
PPTX
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
PDF
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
EnterpriseGRC Solutions, Inc.
 
PDF
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
infoLock Technologies
 
PPTX
CyberSecurity Strategy For Defendable ROI
Siemplify
 
Security architecture, engineering and operations
Piyush Jain
 
Understanding security operation.pptx
Piyush Jain
 
NIST Critical Security Framework (CSF)
Priyanka Aash
 
Vulnerability threat and attack
newbie2019
 
Building A Security Operations Center
Siemplify
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty
 
Integrated Security Operations Center (ISOC) for Cybersecurity Collaboration
Priyanka Aash
 
Top 20 Security Controls for a More Secure Infrastructure
Infosec
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 
AlienVault Partner Update: So Many Security Products to Sell to My Customers…...
AlienVault
 
SIEM for Beginners: Everything You Wanted to Know About Log Management but We...
AlienVault
 
Top Tactics For Endpoint Security
Ben Rothke
 
SOC Architecture Workshop - Part 1
Priyanka Aash
 
002.itsecurity bcp v1
Mohammad Ashfaqur Rahman
 
Identifying Code Risks in Software M&A
Matt Tortora
 
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
EnterpriseGRC Solutions, Inc.
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
infoLock Technologies
 
CyberSecurity Strategy For Defendable ROI
Siemplify
 
Ad

Viewers also liked (8)

DOC
Implementing Two Factor Authentication Using Phone Factor
Michael Kaishar, MSIA | CISSP
 
PPT
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
PDF
Trustwave Cybersecurity Education Catalog
Trustwave
 
PPTX
ISO 27001 - information security user awareness training presentation -part 2
Tanmay Shinde
 
PPTX
ISO 27001 - information security user awareness training presentation - Part 1
Tanmay Shinde
 
PPT
Computer Malware
aztechtchr
 
PPTX
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
PPT
End User Security Awareness Presentation
Cristian Mihai
 
Implementing Two Factor Authentication Using Phone Factor
Michael Kaishar, MSIA | CISSP
 
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
Trustwave Cybersecurity Education Catalog
Trustwave
 
ISO 27001 - information security user awareness training presentation -part 2
Tanmay Shinde
 
ISO 27001 - information security user awareness training presentation - Part 1
Tanmay Shinde
 
Computer Malware
aztechtchr
 
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
End User Security Awareness Presentation
Cristian Mihai
 
Ad

Similar to Layered Approach - Information Security Recommendations (20)

PDF
Cissp certified information systems security professional - 27 th february ...
Access Business Management Conferencing International
 
PPTX
How to Build a Winning Cybersecurity Team
Global Knowledge Training
 
PPTX
What Cybersecurity Certifications Make You The Most Money Today.pptx
infosec train
 
DOCX
Certifications on Security - IS AUDIT
Shahzeb Pirzada
 
PPT
Information security management system Trg 2.ppt
SmppMondha
 
PDF
ScotSecure Cyber Security Summit 2025 Edinburgh
Ray Bugg
 
PDF
Cisco Endpoint Security for MSSPs
Cisco Russia
 
PPT
Cy Cops Company Presentation
ChaitanyaS
 
PDF
Crush Cloud Complexity, Simplify Security - Shield X
Prime Infoserv
 
PDF
EC-Council Certified Network Defender
ITpreneurs
 
PDF
Cyber security course in trivandrum 1.pdf
abinpjoya
 
PDF
Datasheet
Carlos urrea
 
PDF
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
 
PPTX
Surviving the lions den - how to sell SaaS services to security oriented cust...
Moshe Ferber
 
PDF
webapplication-security-assessment-casestudy
AbiramiManikandan5
 
PPTX
What is the significance of cybersecurity in cloud.pptx
Infosectrain3
 
PPTX
Cybersecurity in Singapore: Trends, Careers & Training Path
AkhilKumar529314
 
PPTX
What is the significance of cybersecurity in cloud.pptx
infosec train
 
PPTX
Microsoft Security Advice ISSA Slides.pptx
Mike Brannon
 
PPTX
Cybersecurity Solutions in Abu Dhabi | Bluechip Gulf
Bluechip Gulf
 
Cissp certified information systems security professional - 27 th february ...
Access Business Management Conferencing International
 
How to Build a Winning Cybersecurity Team
Global Knowledge Training
 
What Cybersecurity Certifications Make You The Most Money Today.pptx
infosec train
 
Certifications on Security - IS AUDIT
Shahzeb Pirzada
 
Information security management system Trg 2.ppt
SmppMondha
 
ScotSecure Cyber Security Summit 2025 Edinburgh
Ray Bugg
 
Cisco Endpoint Security for MSSPs
Cisco Russia
 
Cy Cops Company Presentation
ChaitanyaS
 
Crush Cloud Complexity, Simplify Security - Shield X
Prime Infoserv
 
EC-Council Certified Network Defender
ITpreneurs
 
Cyber security course in trivandrum 1.pdf
abinpjoya
 
Datasheet
Carlos urrea
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Moshe Ferber
 
webapplication-security-assessment-casestudy
AbiramiManikandan5
 
What is the significance of cybersecurity in cloud.pptx
Infosectrain3
 
Cybersecurity in Singapore: Trends, Careers & Training Path
AkhilKumar529314
 
What is the significance of cybersecurity in cloud.pptx
infosec train
 
Microsoft Security Advice ISSA Slides.pptx
Mike Brannon
 
Cybersecurity Solutions in Abu Dhabi | Bluechip Gulf
Bluechip Gulf
 

Recently uploaded (20)

PPTX
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Advanced IT Governance
University of Hertfordshire
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
[발표본] 너의 과제는 클라우드에 있어_KTDS_김동현_20250524.pdf
ssuserf8b8bd1
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Advanced IT Governance
University of Hertfordshire
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
[발표본] 너의 과제는 클라우드에 있어_KTDS_김동현_20250524.pdf
ssuserf8b8bd1
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Modernizing your data center with Dell and AMD
Principled Technologies
 

Layered Approach - Information Security Recommendations

  • 1. 01 INFORMATION SECURITY Using a Layered Approach Michael Kaishar, CISSP Information Security Consultant
  • 2. Defense-in-Depth Layered Approach Access Control Lists and Permissions controlled by GPO All applications published by Citrix Portal with SSL certificate security OS Hardening & Patching, BIOS Password, and Disable USB Subnets, VLANs, IDS/IPS, IPSec Firewalls, VPN, IDS/IPS Badges, PINS, Security Cameras, Locks, etc… Electronic Security Policy and Security Awareness Training Michael Kaishar, CISSP / Information Security Consultant Policies, Procedures, & Security Awareness Physical Security Perimeter Internal Network Host Application Data
  • 3. 02 SECURITY AWARENESS TRAINING Web-Based Training provided by [Vendor of Choice] Michael Kaishar, CISSP / Information Security Consultant
  • 4. Security Awareness Training Security Awareness Training empowers employees through a web-based delivery system supporting Information Security Policies and Acceptable Use of Electronic Communications Systems at [COMPANY]. The web-based, e-learning courses are designed to help meet compliance requirements. Security Awareness Training Course Topics Passwords: how to create a strong password and the techniques hackers use to crack them. Viruses & Hoaxes: malware concepts and protective controls each employee can take. Social Engineering: gathering of private information through conversations, and how to avoid crossing the line from helpful to harmful. Michael Kaishar, CISSP / Information Security Consultant
  • 5. 03 END-USER SECURITY RECOMMENDATIONS FOR TECHNICAL SECURITY Michael Kaishar, CISSP / Information Security Consultant
  • 6. End-User Security Technical Recommendation End-User Client Security In order to mitigate the risk of data theft it is necessary to provide a secure ePC (Thin) client solution. ePC Security & Feature Configuration Recommendations RDP / ICA Connection Only Boot from Hard Drive (Disable CD/DVD/USB Booting) Enable BIOS Passwords Latest XP Service Pack. DISABLE ALL USB PORTS!! Michael Kaishar, CISSP / Information Security Consultant
  • 7. 04 Network Diagram RECOMMENDATION FOR A SECURE NETWORK Michael Kaishar, CISSP / Information Security Consultant
  • 8. Network Security Recommendation Michael Kaishar, CISSP / Information Security Consultant