Scribd Logo
Carica

Benvenuto in Scribd!

  • Cybersecurity Strategy For Virtual Nexus, LLCv2

    Caricato da

    Gouthum "Karate" Karadi
    69 visualizzazioni12 pagine
    Cybersecurity Strategy - Virtual Nexus

    Titolo originale

    Cybersecurity Strategy for Virtual Nexus, LLCv2

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Cybersecurity Strategy - Virtual Nexus

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    69 visualizzazioni12 pagine

    Cybersecurity Strategy For Virtual Nexus, LLCv2

    Caricato da

    Gouthum "Karate" Karadi
    Cybersecurity Strategy - Virtual Nexus

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 12

    CYBERSECURITY

    STRATEGY
    VIRTUAL NEXUS, LLC
    How to securely do business anytime and anywhere.

    Abstract
    This strategy document shows how Virtual Nexus will help your organization increase its
    cybersecurity.

    Gouthum Karadi
    Karadi@virtualnex.us

    1

    Table of Contents
    Introduction ........................................................................................................................................ 3
    Vision ................................................................................................................................................... 3
    Our personnel provide the best service by: ................................................................................................. 3
    OpenVAS Open Source Scanning and Reporting Architecture ................................................................. 3
    Strategies for Keeping your Business Secure ..................................................................................... 4
    Auditing ........................................................................................................................................................ 4
    Standards ................................................................................................................................................. 4
    Sample List of Governing Authorities ........................................................................................................... 4
    NIST .......................................................................................................................................................... 4
    CIS ............................................................................................................................................................ 4
    PCI-DSS ..................................................................................................................................................... 4
    OWASP ..................................................................................................................................................... 4
    Analyze ......................................................................................................................................................... 5
    Reporting ...................................................................................................................................................... 5
    Sample OpenVAS Report .......................................................................................................................... 5
    Recommendations ....................................................................................................................................... 6
    Sample Remediation of Known CVE ......................................................................................................... 6
    Summary ............................................................................................................................................. 7
    APPENDIX A - SLIDES ........................................................................................................................... 8



    2

    Introduction
    Virtual Nexus (VN) provides computer eForensics auditing for small, medium and enterprise
    businesses operating mobile and in the cloud. We bring extensive skills and the top industry
    certifications. Our vision is to train firms to operate safely and securely in the cloud in order to
    do business anywhere and anytime in the safest possible manner.

    Vision
    To help firms do business anywhere anytime by leveraging the scale and security of the cloud
    with the latest in mobile devices through auditing, analyzing, reporting and recommending
    security postures appropriate to their specific use case.

    Our personnel provide the best service by:

    1. Staying certified in the latest in information security from organization such as ISC2, EC-
    Council, Amazon, Apple and Microsoft.
    2. Using industry standard open source scanning and reporting methodologies
    3. Providing best practice guidance from OWASP, NIST, CIS, PCI-DSS, Amazon, and
    Microsoft for secure operations.


    OpenVAS Open Source Scanning and Reporting Architecture

    3

    Strategies for Keeping your Business Secure
    Virtual Nexus follows a four phase process. We audit, analyze, report and recommend the best
    ways to remediate, mitigate and operate securely and safely. This includes public and private
    clouds, regulated and unregulated industries as well as mobile users. To our process you are
    always on the untrusted network.

    Auditing
    In Phase I we discover and define the customer environment through auditing. This includes
    but may not be limited to:

    1. Business sector and segment
    2. Data Classification
    3. Hardware and Software
    4. Information Controls
    5. Employee policies

    Standards
    Our audits use National Institute of Standards and Technology (NIST) guidelines for controls,
    operations and updates. We scan using the OWASP Top Ten, and top Common Vulnerabilities
    and Exposures (CVE). Where appropriate the Center for Internet Security (CIS) standards may
    also be used.

    Sample List of Governing Authorities
    NIST
    • 800-53 – Controls
    • 800-145/6 Cloud Computing
    • 800-40 Software Patching

    CIS
    • CSC 1: Inventory of Authorized and Unauthorized Devices.
    • CSC 2: Inventory of Authorized and Unauthorized Software.
    • CSC 3: Secure Configurations for Hardware and Software on Mobile Devices, Laptops,
    Workstations and Servers.
    • CSC 4: Continuous Vulnerability Assessment and Remediation
    • CSC 5: Controlled Use of Administrative Privileges.

    PCI-DSS
    • Version 3.1

    OWASP
    • OWASP Top Ten 2013

    4

    Analyze
    In Phase II we analyze our findings for gaps between industry best practices for your
    organization based upon the controls chosen and discovery.

    Reporting
    In Phase III we report the findings in a written presentation.

    Sample OpenVAS Report


    5

    Recommendations
    In Phase IV Virtual Nexus gives an oral presentation on how to secure your business with a high-
    level plan.

    The plan includes:

    1. Remediating gaps
    2. Mitigating or retaining risk
    3. Ongoing operations


    Sample Remediation of Known CVE

    6

    Summary
    Virtual Nexus, LLC has performed analysis on the largest online auctioneer, the world’s largest
    public employee retirement fund and many other organizations including health care and
    mobile solutions. Our four phase process gives your organization the guidance on how to go
    from your current state of security to an operational level of increased cybersecurity,
    awareness, and safety. Retain one of our partners for implementation while keeping us for
    ongoing services to continually update your cyber defense posture.

    7
    APPENDIX A - SLIDES

    10

    11

    12

    Potrebbero piacerti anche