CYA by Using CIA -- Correctly For a Change | SANS@MIC Talk

Channel:
United States SANS Institute
Subscribers:
64,000
Published on ● Video Link: https://www.youtube.com/watch?v=BmSZFHQg2zA


Duration: 53:45
471 views
8

Everyone in cyber security has heard of the CIA triad. In fact, addressing Confidentiality, Integrity, and Availability as a triad of three equal parts is part of every cyber security book and class. But how many of us really have the resources to address all three of these in equal measure? Perhaps an even better question is, "Should you address these three in equal measure?" In most organizations, the answer is a resounding "NO!" Instead, we should use CIA as a method of prioritization for our security programs. But wait - it gets even more confusing! Should every department of your company address the elements of CIA the same? This time the answer is "Absolutely Not!"

In this talk, Keith Palmgren explains how to apply CIA to your company, as well as to the individual departments of your company. Doing so will not only allow you to CYA (Cover Your Assets) but also make far better use of the limited resources available in your security program while doing so.

Speaker Bio

Keith Palmgren is an IT Security professional and certified instructor at SANS Institute. He has over 30 years of experience specializing in the IT Security field. He began his career with the U.S. Air Force working with cryptographic keys & codes management. He also worked in, what was at the time, the newly-formed Air Force computer security department. Following the Air Force, Keith worked as an MIS director for a small company before joining AT&T/Lucent as a Senior Security Architect working on engagements with the DoD and the National Security Agency. Later, as Security Consulting Practice Manager for both Sprint and Netigy, Keith built and ran the security consulting practice. He was responsible for all security consulting world-wide and for leading dozens of security professionals on many consulting engagements across all business spectrums. For the last several years, Keith has run his own company, NetIP, Inc. He divides his time between consulting, training, and freelance writing projects. Currently, Keith is a Certified Instructor for the SANS Institute. In his career, Keith has trained over 10,000 IT professionals and authored more than 20 IT security training courses a Including the SANS SEC301 course. Keith currently holds eleven computer security certifications (CISSP, GSEC, GCIH, GCED, GISF, CEH, Security+, Network+, A+, CTT+).



Other Videos By SANS Institute


2020-06-22Cyber Security Career Development: Personal Branding
2020-06-19The Only Constant is Change: Tracking Adversary Trends | STAR Webcast
2020-06-18Maldocs: A Bit of Blue, A Bit of Red | SANS@MIC Talk
2020-06-18Catch and Release: Phishing Techniques for the Good Guys | SANS@MIC Talk
2020-06-16Arcane Web and Mobile Application Vulnerabilities | SANS@MIC Talk
2020-06-16A Walk Through Logs Hell | SANS@MIC Talk
2020-06-12Shellcode Analysis 101 | SANS@MIC Talk
2020-06-09SANS Live Online Interactive Remote Lab and Range Demo – SEC599: Defeating Advanced Adversaries
2020-06-09SANS Live Online Interactive Local Lab Demo – FOR508: Advanced Incident Response
2020-06-09SANS Live Online Interactive Live Lab Environment Demo: Slack, Local and Remote Lab Demonstrations
2020-06-09CYA by Using CIA -- Correctly For a Change | SANS@MIC Talk
2020-06-09Remote Forensic Investigations in the Context of COVID-19 | SANS@MIC Talk
2020-06-05Waiting for a cyber range exercise is not enough | SANS@MIC Talk
2020-06-03Case Study: Airbus
2020-06-02WinSCP: Yeah you know me! | SANS@MIC Talk
2020-05-28Prioritizing OT Security Efforts: The Five Tactical Things to Accomplish | SANS@MIC Talk
2020-05-28Introduction to Docker for security work | SANS@MIC Talk
2020-05-27Threat Hunting and the Rise of Targeted eCrime Intrusions | STAR Webcast
2020-05-21Moving Past Just Googling It: Harvesting and Using OSINT | SANS@MIC Talk
2020-05-20Find_Evil - Threat Hunting | SANS@MIC Talk
2020-05-18Tricking modern endpoint security products | SANS@MIC Talk


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training