MCG Cybersecurity Webinar Series - Risk Management

Cybersecurity Webinar Series5 Steps to Managing your Risks

“Size Doesn’t Matter”

Presenter• William J McBorrough, MSIA, CISSP, CISA, CRISC, CEH, CCSFP• Managing Principal, MCGlobalTech• 17 years Information Security Professional• 9 years Adjunct College Professor• Security and Risk Management “Expert”• Small Business Owner

The PROBLEM is Real• FACT: Cyber attacks on small business

are on the rise

• FACT: The impact to a small business is much greater than larger counterparts.

• FACT: Most small businesses aren’t prepared to face this reality.

The PROBLEM is Real

• Small Businesses are in denial when it comes to cyber risks. Common excuses are:

• “We’re too small.” • “We can’t afford it.”• “It’s too complicated.”• “Our IT guy is taking care of it.”

• But that’s not all, is it?• More pressing priorities• Competing demands on

time, resources and energy

Sources of Cyber Information

Security Vendors want to see their products.“If I’m selling hammers, I’m only interested inyour nails. I’m not concerned with the fact thatyour screws are all falling out” - WJM

News media reports are focused on sensational stories. Large brand names. Millions of affected users. A small business getting hacked is not sexy.

Risk Driven vs. Controls Focused

Security “Technology”

Risk Management “Business”

Case Study - Size Doesn’t Matter

Meet SamSolopreneur = Sam, Inc!

“Always on the Go!” “No office space.” “No Infrastrure” ”No Employees” ”No Security Program”

Risk Management Step 1

1. Identify Critical Asset

• Communication• (Calls, Email, Text, Social Media,etc)

• Data • (Contacts, emails, files, Photos, Videos,

etc)• Apps

• (Productivity, Financial, etc)

Risk Management Step 2

1. Identify Critical Assets2. Identify Threats

I. Gravity, Clumsy Fingers

II. Thieves, Faulty Memory

III. Shoulder surfers, Nosy people

IV. Software bugs

Risk Management Step 3

1. Identify Critical Assets2. Identify Threats3. Identify Vulnerabilities

I. Glass screen - Scratches, Cracks, Breaks

II. Small, portable - Easy to conceal, lose track of

III. Screen visible from above, sides

IV. Poor Software Development, Testing - Vendor

Risk Management Step 4

1. Identify Critical Assets2. Identify Threats3. Identify Vulnerabilities4. Assess Risks

I. HighII. HighIII. MediumIV. Low

Likelihood = Probability of threat exploiting VulnerabilityConsequences = Impact to businessRisk = Likelihood of Consequence

Risk Management Step 5

1. Identify Critical Assets2. Identify Threats3. Identify Vulnerabilities4. Assess Risks5. Manage Risk( Avoid, Mitigate, Transfer,

Accept)I. Mitigate - Purchase Case, Screen

CoverII. Mitigate, Transfer - Password,

Backup, Location Service/App, Insurance,

III. Mitigate - Privacy screen, BehaviorIV. Accept - Delay upgrades? Oh wellV. Avoid - Toss phone out the window

Now that you know…..

1. Have you identified your business critical assets?

2. Have to thought about the threats that may affect them and adversely impact your business?

3. Have you looked for where your assets might be susceptible to those threats?

4. Have you assessed the risk by considering the potential likelihood and impact to your business?

5. Have you made an informed, conscious decision in line with your business mission and needs about your risk?

Key Takeaways

Size doesn’t matter.

Your “IT Guy” can’t do this for you.

It doesn’t have to be expensive and complicated.

We can help.

QUESTIONS

About Us

MCGlobalTech– Mission Critical Global Technology Group (MCGlobalTech) is

a minority owned, small business founded by industry leaders to provide strategic advisory and security consulting services to public and private sector business managers to better align technology and security programs with organizational mission and business goals.

– The Principals at MCGlobalTech have been providing Information Security services to the Federal Government and the private sector for over 25 years

Our Values

At MCGlobalTech, we believe that strong values create long term relationships with our customers, employees, partners and the communities we serve. At the heart of everything we do, our corporate values are:– Providing customer satisfaction– Delivering innovative solutions – Empowering staff for success– Promoting Entrepreneurial spirit – Maintaining technical excellence MCGlobalTech

Staff

SkillsSuccess

What we offer

MCGlobalTech is able to provide our customers with innovative, mission-critical solutions in a broad variety of technologies. We consider the following our core competencies:– Information Assurance (Security Authorization)– Vulnerability Management– Security Risk Management– Security Engineering– Penetration Testing– Network Security

Contact Us

Mission Critical Global Technology Group1325 G Street, NW

Suite 500Washington, District of Columbia 20005

Phone: 202.355.9448Email: Info@mcglobaltech.com

William J. McBorrough

Sales DivisionCo-Founder/Managing Principal Corporate Headquarterswjm4@mcglobaltech.com

sales@mcglobaltech.com (202) 355-9448 x101

(202) 355-9448 x200(571) 249-4677 (cell)