• SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

Call us today! 844-OCD-TECH

Find our Location
OCD TechOCD Tech
  • SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

Cyber Challenges Outline – Briefing Your CEO, a Cheat-Sheet

April 12, 2017 Posted by W. Jackson Schultz, CISA Cybersecurity, disaster recovery

Introduction

The cybersecurity landscape is constantly changing, and while new risks are emerging which affect corporations from a variety of industries, many of the long-standing threats continue to take priority. New malicious individuals are targeting our institutions, but their methods do not necessarily differ from what we’ve seen in previous years.  The ongoing transition to Internet of Things (IoT) environments (networked devices throughout homes and workplaces) is live, and that only means more integrated systems have the potential to be compromised. The list below is comprised of items that could lead to the loss of confidentiality, integrity and availability of sensitive data and critical business processes. Here is a cheat sheet you can use to brief your CEO about the current and emerging cyber landscape.

Current Threats, Risks, Buzzwords and Items Worth Noting

Malware

Malicious software used to gather information, slow down machines, affect business processes.

Ransomware

Ransomware is a specific type of malicious software which executes a process when end-users visit a hijacked or infected site, or when malicious links are clicked on. This particular kind of malware will encrypt the files on a machine, and will offer to provide the decryption key for a fee.  If the ransom remains unpaid during the course of a set time-frame, often times, the malware will delete all files on the machine.

Phishing

Hackers will send malicious emails to end-users with the intent of impersonating a familiar contact. These emails commonly contain malware.

Distributed Denial of Service (DDoS)

DDoS attacks happen when an attacker floods servers with traffic and brings them offline. This is often done by a malicious individual utilizing a network of botnets, or inter-connected computers configured to forward transmission to a set location.

Insider Threat

The insider threat is a buzzword, which is related to an employee or insider of an organization. This employee can be acting with purposeful or accidental malice. A common threat avenue is when an insider either brings malware onto a network or attempts to ex-filtrate sensitive data. Employees can also visit infected websites on the internet or plug in an external storage device found on the ground, due to lack of security awareness training.

Business Continuity/Disaster Recovery Planning

Understanding and devising a plan to ensure that should an outage occur, failover is in place and no disruption to critical systems will affect business processes is key to an organization’s survival. Companies should be sure that they have established set recovery point objectives (RPO) which define the maximum amount of data loss tolerated, and recovery time objectives (RTO), which is the maximum amount of downtime allowed for information systems.  Defining these will help quantify disaster tolerance.

Incident Response

Composing an incident response plan and training staff on steps to response is crucial. Incidents happen, and without a plan, recovery could be chaotic or impossible. Tabletop walkthroughs of plans are a great way to familiarize employees on what is defined as an incident, and what steps should be taken for remediation.

Vendor Management

Recognizing which vendors are important to an organization’s survival and which vendors maintain your sensitive data is an important pillar of a strong information security strategy. The performance of a vendor risk assessment should be practiced, and companies should compose and follow a vendor management policy.

Share
0
Avatar photo

About W. Jackson Schultz, CISA

Jackson is a senior auditor with OCD Tech. Currently, Jackson performs IT audit control testing for OCD Tech clients.

You also might be interested in

OCDTECH.BLOG.PENETRATIONTESTING

Bulletproof Your Defenses: Penetration Testing  

Feb 27, 2024

While awareness campaigns are essential, they’re not enough. True security[...]

NCSAM – Week 2 – Cyber from the Break Room to the Board Room

Oct 12, 2016

Week 2: October 10-14, 2016 – Topic: Cyber from the[...]

OCD Tech Sponsor at NDIA New England 4th Annual Cyber Event

OCD Tech Sponsor at NDIA New England 4th Annual Cyber Event

Oct 16, 2019

OCD Tech was pleased to have been a sponsor at[...]

Find us on

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Send Message
OCD Tech logo Audit. Security. Assurance.

IT Audit | Cybersecurity | IT Assurance | IT Security Consultants – OCD Tech is a technology consulting firm serving the IT security and consulting needs of businesses in Boston (MA), Braintree (MA) and across New England. We primarily serve Fortune 500 companies including auto dealers, financial institutions, higher education, government contractors, and not-for-profit organizations with SOC 2 reporting, CMMC readiness, IT Security Audits, Penetration Testing and Vulnerability Assessments. We also provide dark web monitoring, DFARS compliance, and IT general controls review.

Contact Info

  • OCD Tech
  • 25 BHOP, Suite 407, Braintree MA, 02184
  • 844-623-8324
  • https://ocd-tech.com

Follow Us

Videos

Check Out the Latest Videos From OCD Tech!

Services

SOC Reporting Services
– SOC 2 ® Readiness Assessment
– SOC 2 ®
– SOC 3 ®
– SOC for Cybersecurity ®

IT Advisory Services
– IT Vulnerability Assessment
– Penetration Testing
– Privileged Access Management
– Social Engineering
– WISP
– General IT Controls Review

IT Government Compliance Services
– CMMC
– DFARS Compliance
– FTC Safeguards vCISO

Industries

  • Financial Services
  • Government
  • Enterprise
  • Auto Dealerships

© 2025 — OCD Tech: IT Audit - Cybersecurity - IT Assurance

  • OCD Tech
  • About Us
  • Contact Us
Prev Next