Demetrios Roubos, Timothy Fairlie Ed Chapel addressed SRG audience
Stockton University Rider University Michael Reekie, NJEDge.net
The Security Resource Group(SRG) was formed by the membership with a mutual understanding that the security goes beyond the perimeter of your network. The group focuses on uniting the people, processes, standards and technologies that defend against threats to the members.
We are uniting people, through monthly webinars, quarterly meetings, and a security summit at our annual conference. We collaborate on workflows and cybersecurity processes to prevent losses, efficiently utilize resources, and determine wisely where to invest in the infrastructure. We utilize abd promote national standards to employ local policies specific to membership. We recommend technologies that provide data-driven metrics to observe indicators. We are providing a pathway for the formation of a security governing body for the members.
As a proactive community focused on fortifying the ingress and egress to our networks, systems and applications, the group is dedicated to providing a platform-agnostic approach to sharing security resources. We have met four times in the last six months, with three fruitful in-person sessions. As a group we have discussed organizational concerns, openly shared strengths and weaknesses, and have joined together to strengthen the core security for the membership.The top three membership concerns are data protection, management ownership of security, and best practices and resources.
The SRG will utilize an ITIL framework for services and security management to align the efforts of security practitioners within the membership to the critical business services. The efforts of the SRG will strengthen the security posture and fortify information and services for all members.
Data Protection: Data loss, theft, breach detection and response
Management Ownership of Security: No ability of implement policy and lack of business focus on security
Best practices, policies & Resources: Change control, Password management, Remote access, two-factor Authentication
Network Protection/Analysis: Network Segmentation, DDos protection, Defense beyond the Perimeter, Defense as a community
Outside Partenerships: Hosted Services, Security staff, penetration testing
End user device protection: Ransomware, Malware, clicking links
Incident Response: How do you know it happened and what is the step if you know
End user awareness: End user education and training