Cleaning Up Our Cyber Hygiene

Successful attacks almost always take advantage of conditions that could reasonably be described as 'poor cyber hygiene ' including the failure to patch known vulnerabilities, poor configuration management, and poor management of administrative privilege. In this session, we'll dig a little deeper into the idea. We'll discuss the importance of cyber hygiene as a root cause issue for attacks, and as a defensive strategy. We look at various attempts to define a specific set of practices to include, and how this might help establish a baseline for action. And suppose hygiene isn't enough, what then? 'Finally, we'll look at what might be done to turn cyber hygiene from a 'notion ' or a general exhortation to do better ( 'cheerleading ') into a large-scale program of improvement.

Randy Marchany
Randy is the Chief Information Security Officer of Virginia Tech and the Director of Virginia Tech's IT Security Laboratory and has 25 years experience as a systems administrator, IT auditor, and security specialist. He is a co-author of the original SANS Top 10 Internet Threats, the SANS Top 20 Internet Threats, the SANS Consensus Roadmap for Defeating DDoS Attacks, and the SANS Incident Response: Step-by-Step guides. Randy is currently a senior instructor for the SANS Institute and has taught a wide variety of courses over the years. Currently, he can be found teaching SEC440: Critical Security Controls: Planning, Implementing, and Auditing and SEC566: Implementing and Auditing the Critical Security Controls on a regular basis.

Russell Eubanks
As owner of Security Ever After and consultant for Enclave Security, Russell is responsible for assessing the cyber security of many diverse organizations and increasing their maturity while decreasing the probability of a breach. He wrote the first paper on how to implement the Critical Security Controls and serves on the editorial panel for the Critical Security Controls. As a current handler for the SANS Internet Storm Center and a former chief information security officer (CISO) of the Federal Reserve Bank of Atlanta, he's especially passionate about helping new or aspiring cyber leaders increase their influence. Russell is a SANS Certified Instructor and co-author of MGT521: Leading Cybersecurity Change: Building A Security-Based Culture and the SEC405: Business Finance Essentials course for SANS Technology Institute.

Tony Sager
Sager is a Senior Vice President and Chief Evangelist for CIS® (The Center for Internet Security, Inc.). He leads the development of the CIS Controls™, a worldwide consensus project to find and support technical best practices in cybersecurity.
Be the first to comment