1 / 33

Kevin Lo Becky Wiegand

From Basic to Advanced: Trends, Tools, and Tales to Ensure Basic Nonprofit Security. Kevin Lo Becky Wiegand. Agenda. Introductions - What level of experience do you have with security? - Truth or fiction? - TechSoup Global What Is Security? - Systems, data, network, physical

mahala
Download Presentation

Kevin Lo Becky Wiegand

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. From Basic to Advanced: Trends, Tools, and Tales to Ensure Basic Nonprofit Security Kevin LoBecky Wiegand

  2. Agenda Introductions - What level of experience do you have with security? - Truth or fiction? - TechSoup Global What Is Security? - Systems, data, network, physical - Cloud security Solutions and Policies Your experiences, Q&A

  3. We are working toward a time when every nonprofit and social benefit organization on the planet has the technology resources and knowledge they need to operate at their full potential

  4. Through innovative partnerships, TechSoup Global delivers value to NGOs and technology providers. • Other corporate relationships: • Google donates PCs for refurbishing and Redemtech, a leading commercial refurbisher, partners to bring affordable equipment to our Refurbished Computer Initiative program • CMC, outsourcer in India, provides deeply discounted technology development support • NGO Partnerships • Advocates, Associates, Affiliates, Distribution Partners

  5. TechSoup’s NGO Impact & Reach IMPACT REACH • 83,000organizations have received product donations • 400,000 unique monthly visitors • 190 countries of origin of visitors • 25%of overall traffic to TechSoup from outside U.S.(FY08 only) • 115,000 monthly TechSoup online forum visitor sessions(FY08 only) • $1.8 billionretail value of technology product donations distributed • $1.1 billionin potential savings for NGOs • 4 milliontechnology products distributed • 35product donor partners • 155,000documents downloaded

  6. Where is TechSoup Global Today? Australia Belgium Botswana Canada Chile France Germany Hong Kong Hungary India Ireland Luxembourg Mexico New Zealand Poland Russia (Pilot) South Africa Spain Taiwan United Kingdom United States Currently operating in 21 Countries on 6 Continents

  7. Why Does Security Matter? Photo via Flickr user: Will Lion, Creative Commons

  8. What Is Security? • Security is more than just • fear of the tech unknown • “insurance” policy • loss aversion • There is a difference between real and perceived security • Three main interrelated tenets of security • Systems > Basic • Data > Intermediate • Network > Advanced Photo via Flickr user: itpromagazine, Creative Commons

  9. Security Is Important for Nonprofits • Supporter privacy • Donor and funder data • Advocacy and activist info • Smaller infrastructure, easier target? • Lower capacity for backup, staff time, and financial investment into prevention and data recovery

  10. Systems Security Do your systems behave the way they should, and are they protected from deliberate or inadvertent user error? • eg. someone opening an attachment that can potentially damage your PCs

  11. How Do You Keep Your Data? Photo via Flickr user: Ian-S, Creative Commons

  12. Data Security • Who gets to see your data, at what time, and from where? • eg. on-premise data, hosted data • Data protection compliance

  13. Is This Your Network? Photo via Flickr user: steve_price82, Creative Commons

  14. Network Security • Do you know which programs, users, and devices have access your network? • eg. wireless security • Web site security

  15. Physical Security • How easy is it to “walk away” or physically affect your systems, data, and network? • Locking down devices • Proper disposal of data and hardware • Proper recycling • DoD data destruction standards

  16. Overlapping realms • Security has a constantly changing landscape • Zero-day threats • Multi-vector • Know what your missing link may be • your users? • your devices?

  17. Security In a Cloudy World Photo via Flickr user: MichaelMarlatt, Creative Commons

  18. Security In a Cloud Computing World • Internet security (eBay, Amazon) • Software as a Service (SaaS) • Platform as a Service (PaaS) • Infrastructure as a Service (Iaas) • Some of these services may provide a major step up in security for smaller orgs • Some services may provide greater risk for larger orgs

  19. Photo via Flickr user: Relief2007, Creative Commons

  20. Mitigating Security Risks • Combination of policies and solutions • Inherent tension between security and usability

  21. Securing Your Systems – Policies • Office culture and adoption • Peer to peer vs client-network systems

  22. Securing Your Systems – Solutions • Anti-virus/anti-spyware software • Windows Update • Endpoint protection • Visit Security Corner: www.techsoup.org/security

  23. Securing Your Data – Policies • Data access policies should be aligned with business processes, but also tech savvy • eg. data access by volunteers vs staff • 2x2x2 backup rule • Data Loss Prevention (DLP) • Data Encryption • Wiping your disks before disposal, even if data may not be considered sensitive

  24. Securing Your Data – Solutions • Encryption • TrueCrypt • Backup • Windows Backup • Backup Exec • Online Backups • Disk Wiping • Darik’s Boot and Nuke • Blancco Photo via Flickr user Philipioo, Creative Commons

  25. Securing Your Network - Policies • How responsible can you expect your staff to be for your network? • Wireless/wired access • Remote access

  26. Securing Your Network - Solutions • Wireless encryption and authentication • Remote access – what are you trying to achieve? • OpenVPN • DD-WRT • Cisco networking • Windows Server

  27. Analyzing costs and benefits • Are security costs different from other IT expenditures? • Costs factor in only when it’s often too late – make it a part of routine IT management

  28. Physical Security – Policies • Written employee policy regarding equipment usage and care expectations • External drives, “jump” or USB drive, and other portable data usage • Require use of laptop locks or regular inventory and check-in of portable equipment • Ensure regular backup so data won’t be lost if the equipment is lost or damaged

  29. Physical Security - Solutions • Laptop locks • Manage equipment inventory • Automated regular backup • Secure and changing passwords Photo via Flickr user: Carlson Library, Creative Commons

  30. Cloud Security - Policies • Manage user permissions carefully • Regular backup of critical data in an in-house or other online backup location • Careful and restricted “sharing” of docs and data with sensitive org or supporter info

  31. Cloud Security - Solutions • Cisco debuted new cloud computing security apps on April 21, 2009. More to come? • Currently, ensuring that 2x2x2 is being done on cloud data is essential. • www.cloudsecurity.org

  32. Conclusion/Takeaways • Three minimal things you should do: • Systems > Turn on automatic updates • Data > Backup your data regularly • Network > Authenticate your wireless network • Physical > Don’t make it easy for thieves • Cloud > Benefits are there but don’t put all eggs in one basket • Understand the responsibilities and consequences

  33. Contact:Kevin at klo@techsoup.org or Becky at bwiegand@techsoup.org

More Related