Overview:

Often times, technical personnel are mostly focused on keeping systems operating at peak performance because this is all that they have time for in their busy schedules. This is mostly because organizations have limited budgets to invest in more head count and technology resources for both system optimal performance and effective security controls

This makes it challenging for technical personal to have enough time to:

• Conduct research and Cost Benefit Analysis (CBA) on the best security technologies for their organizations
• Implement and maintain effective technical security controls

• Where cybercriminals are focusing their attention and how they are successful. Some examples:
  • Missing Application Patches (Java, Adobe, etc)
  • Weak Application Development Practices
  • Weak IT component configurations

• Overview of top technical safeguards that should be invested in. Some examples:
  • Data at rest encryption controls
  • Patch management controls that cover both OS and applications
  • Security Information Event Management systems
  • Mobile Device Management controls

• Some examples of how clients have transitioned to stronger controls, such as:
  • Prioritization of investments
  • Invested in technologies that remediated multiple problems first

• Operating System and Application Patch Management Controls
• Application Development Security Controls
• Identity Management Controls
• IT Component Configuration Controls
• Anti-Malware Controls
• Logging and Audit Trail Controls
• Encryption Controls
• Network Access Controls
• Disaster Recovery and Business Continuance Controls
• Technical Policies and Procedures

• IT Managers
• IT Staff
• Project Managers
• Leadership Staff
• HIPAA Security Officers