Episode 39: Paul Konikowski on Investing in Cybersecurity & Culture

Highlights From This Episode…Bring up security early in the process. IT is often treated as an afterthought in AV.Assess the impact of each device being comprised. Consider access for each device. Who? How? Why? Least resource or least route?Consider if network connectivity is really needed for each device.Perform role-playing to get better perspective of what a malicious actor could do.Assess if users can accidentally cause a security breach, such as plugging in unkown USB sticks.VLAN headers can be spoofed and should not be considered a security mechanism.Close unused ports on all devices.Enable device logging and monitor the logs for suspicious activity.Consider messaging direction per device and disable a device’s ability to send or receive messages if not needed.Being able to demonstrate internal security practices may reduce liability should an incident arise. *This is not legal advice 🙂Create a culture of security awareness in your organisation through policies, training and compliance testing.Perform internal and possibly public code reviews. Track data check-in and check-outs.Mentioned In This Episode…Harvard Online Course: Cybersecurity: Managing Risk In The Information AgeZoom  Hosted on Acast. See acast.com/privacy for more information.