presented by peter fortunato bnn s risk and business
play

Presented by Peter Fortunato BNNs Risk and Business Advisory Team - PowerPoint PPT Presentation

Presented by Peter Fortunato BNNs Risk and Business Advisory Team Peter Fortunato; CISM, CISA, CISSP Comptia Security+ ISACA CISA Certified Information Security Auditor CISM Certified Information Security


  1. Presented by Peter Fortunato

  2.  BNN’s Risk and Business Advisory Team ◦ Peter Fortunato; CISM, CISA, CISSP

  3.  Comptia ◦ Security+  ISACA ◦ CISA – Certified Information Security Auditor ◦ CISM – Certified Information Security Manager ◦ CRISC – Certified in Risk and Information Systems Control https://www.verizonenterprise.com/resources/reports/ rp_DBIR_2018_Report_execsummary_en_xg.pdf

  4.  (ISC) 2 ◦ SSCP – Systems Security Certified Practitioner ◦ CISSP – Certified Information Systems Security Professional https://www.verizonenterprise.com/resources/reports/ rp_DBIR_2018_Report_execsummary_en_xg.pdf

  5. A A system a administrator is co configuring a g acc ccounts on a a new ewly es established s ser erver. Wh Which ch o of the e follow ollowin ing ch char aract cteristic ics B BEST T dif ifferentia iates servic ice ac accou counts f from oth rom other ty types of of ac accou counts? A. They can often be restricted in privilege. B. ​They are meant for non-person entities. C. ​They require special permissions to OS files and folders. D. They remain disabled in operations. E. They do not allow passwords to be set.

  6. Whic ich of of th the follow ollowin ing if if used w wou ould ld BEST T reduce the he num number o of suc uccessful p phi hishing attacks ks? A. Two-factor authentication B. Application layer firewall C. Mantraps D. User training

  7. Prot otection on of Inform ormation on Assets The Proce ocess o of Auditi iting Informa mation S Systems ems Gove vernanc nance a and d Managemen ment of IT Informa mation S Systems ems Operations ns, Maint ntena nance and Service M Managemen ment Informat ation S n Syst stems Acqui quisition, n, Dev evelopme ment a and I Impleme mentation

  8. Which of of th the follow ollowin ing p prog rograms w wou ould ld a a sou ound in infor ormatio ion s secu curit ity p policy olicy M MOST lik T likely include de t to handl dle s suspe pected d in intr trusio ions? A. Response B. Correction C. Detection D. Monitoring

  9. Wh When en r rev eviewing t the I e IT T strategi gic p c planning process, a an n IS a aud uditor sho should e ens nsure t tha hat t the he plan: A. incorporates state of the art technology. B. addresses the required operational controls. C. articulates the IT mission and vision. D. specifies project management practices.

  10. Information Security Incident Information Management Security Governance Information Risk Management Information Security Program Development and Management

  11. All ll ris risk man management a activ ctivit itie ies a are re P PRIMARILY Y desig igned to to re reduce imp impact cts to to: A. a level defined by the security manager. B. an acceptable level based on organizational risk tolerance. C. a minimum level consistent with regulatory requirements. D. the minimum level possible.

  12. A mis missio ion-critica cal s system h has as b bee een i iden entified as h havi ving a an administrative ve s sys ystem a account with ith a attri ttributes th that p t pre revent t lock lockin ing a and c change of of priv rivile ileges a and n name ame. Which would be e the e BE BEST ST approach ch to prevent successful b brute f forcing o g of the e ac acco count? A. Prevent the system from being accessed remotely B. Create a strong random password C. Ask for a vendor patch D. Track usage of the account by audit trails

  13. Whic ich of of th the follow ollowin ing is is MOST b benefici cial to l to th the imp improv oveme ment of t of an ente terprise’s ris risk managem emen ent proc rocess? A. Key risk indicators (KRIs) B. External benchmarking C. The latest risk assessment D. A maturity model

  14. Whic ich of of th the follow ollowin ing f facto ctors s should b be analyzed t to hel elp m man anage gement s sel elect a an appr propr priate r risk r respo ponse? A. The impact on the control environment B. The likelihood of a given threat C. The costs and benefits of the controls D. The severity of the vulnerabilities

  15. Cert rtif ific ication Ye Years rs Exam C m Cos ost Pra ractic ice Book ooks Tota otal of of Questi tions ons Exp. p. Security+ 3 $330 $89 $50 $42 $420 SSCP 1 $330 $89 $45 $46 $464 CISSP 5 $650 $99 $70 $819 $81 CISA, CISM, CRISC 5 $575 - $185 - $105 - $865 65 - $760* $225* $135* $1,120 120 *ISACA Non-member price.

  16. https://www.csoonline.com/article/3116884/security/top-cyber-security- certifications-who-theyre-for-what-they-cost-and-which-you-need.html

  17.  Job Requirement  Desire for a Self-propelled Career  Personal Challenge / Satisfaction  Monetary Gain

  18.  Knowledge of Subject Matter  Experience  Ethics

  19. In my opinion, and by the standards of many employers, this is not true. The exams might not be as respected as other certification leaders, but they are comprehensive and you must study hard to pass. CompTIA Security+ certification covers network security, cryptography, identity management, compliance, operation security, threats, and host security, among other topics.

  20. https://www.globalknowledge.com/us-en/content/articles/top-paying-certifications

  21.  According to the 2018 Report: “IT IT W WILL ILL P PROB OBABLY B BE E YOU ON OU ONE E DAY” “Most cybercriminals are motivated by cold, hard cash. If there’s some way they can make money out of you, they will.” *Verizon 2018 Data Breach Investigation Report, 11 th Edition

  22.  For further information or questions feel free to reach out to:  Peter Fortunato, RBA Manager ◦ pfortunato@bnncpa.com ◦ (207) 791-7561

  23. https://www.accenture.c .com/t2017 20170926T072837Z 0926T072837Z__w__/us-en/_ /_acnm nmedi dia/PDF DF-  61/Acce ccenture-2017 2017-Cost stCybe berCrimeStudy udy.pdf pdf https: ps://www.veri rizon onenterp rpri rise.com com/re resou ourc rces/re report orts/rp rp_DBIR_2018_Report ort_execs csum  mary_en_ n_xg.pdf pdf http://www.nom omore oreransom om.org org/  https: ps://ur urlha haus us.abus buse.ch/ h/ho host/bl blue uesk sky-oz oz.ru ru  https://clou oudblog ogs.micro crosof oft.com om/micros crosof oftsecu cure re/2014/12/30/before ore-yo you-ena nabl ble-  thos ose-macr cros os/ http tps://www.nis ist. t.gov/blogs/ta takin ing-me measure/ea easy-ways ys-build ild-bet etter-pw pw0rd d  https: ps://www.washi shing ngtonp npost st.com/local/publ public-saf afety/ha hack-of of-balt ltim imores-911 911-  dispa spatch-system em-wa was-ra ransom omware re-at attack-ci city-officials-say/201 2018/ 8/03/ 03/28/ 28/e273e 273ef36 36- 32a 32a3-11e 11e8-8abc abc-22a 22a366b 366b72f2d 72f2d_story.h .html?noredirect=on&utm_term=. =.bd822425a 822425af42 42 https://www.enga gadge get.com/2018/ 2018/04/ 04/23/ 23/atlanta-spe spends nds-over er-2-mill llio ion-ra ransom omware re-  recov covery ry/ https: ps://nv nvlpubs pubs.ni nist.gov/ v/ni nist stpubs/ pubs/SpecialPubl ublications ns/NIS IST.SP.800-61r 61r2.p 2.pdf 

Recommend


More recommend