Cleaning Up Our Cyber Hygiene

Successful attacks almost always take advantage of conditions that could reasonably be described as poor cyber hygiene including the failure to patch known vulnerabilities, poor configuration management, and poor management of administrative privilege. In this session, well dig a little deeper into the idea. Well discuss the importance of cyber hygiene as a root cause issue for attacks, and as a defensive strategy. We look at various attempts to define a specific set of practices to include, and how this might help establish a baseline for action. And suppose hygiene isnt enough, what then? Finally, well look at what might be done to turn cyber hygiene from a notion or a general exhortation to do better (cheerleading) into a large-scale program of improvement. Speaker Bios Russell Eubanks From factory job to owner of Security Ever After and consultant for Enclave Security, Russell Eubanks' career trajectory has been anything but traditional. Years ago, while working a factory job, Russell realized he wanted more and started investigating options. He learned about his company's tuition reimbursement program and promptly signed up for computer classes at his local community college. He worked in the factory until early morning then attended classes during the day. Russell is a certified instructor for SANS, teaching MGT415: A Practical Introduction to Cyber Security Risk Management; MGT514: Security Strategic Planning, Policy, Leadership; and SEC566: Implementing and Auditing the Critical Security Controls - In-Depth and MGT 521: Driving Cybersecurity Change - Establishing a Culture of Protect, Detect and Respond. Randy Marchany Randy is the Chief Information Security Officer of Virginia Tech and the Director of Virginia Tech's IT Security Laboratory. He is a co-author of the original SANS Top 10 Internet Threats, the SANS Top 20 Internet Threats, the SANS Consensus Roadmap for Defeating DDoS Attacks, and the SANS Incident Response: Step-by-Step guides. He is a mem