Cyber Hygiene: Why the Fundamentals Matter
October 2019 • Webinar
Matthew J. Butkovic, Randall F. Trzeciak, Matthew Trevors
In this webcast, as a part of National Cybersecurity Awareness Month, our experts provided an overview of the concept of cyber hygiene, which addresses simple sets of actions that users can take to help reduce cybersecurity risks.
Software Engineering Institute
In this webcast, as a part of National Cybersecurity Awareness Month, our experts provided an overview of the concept of cyber hygiene, which bears an analogy to the concept of hygiene in the medical profession. Like the practice of washing hands to prevent infections, cyber hygiene addresses simple sets of actions that users can take to help reduce cybersecurity risks. Matt Butkovic, Randy Trzeciak, and Matt Trevors discussed what some of those practices are, such as implementing password security protocols and determining which other practices an organization should implement. Finally, they discuss the special case of phishing—which is a form of attack that can bypass technical safeguards and exploit people’s weaknesses—and how changes in behavior, understanding, and technology might address this issue.
Good cyber hygiene is important because an organization's threat landscape changes daily, and new variants of attacks on computer systems appear by the hour. The sheer number of security vulnerabilities in hardware, software, and underlying protocols—and in the dynamic threat environment—make it nearly impossible for most organizations to keep pace.
About the Speaker
Matthew J. Butkovic
Butkovic has more than 15 years of managerial and technical experience in information technology (particularly information systems security, process design and audit) across the banking and manufacturing sectors. Prior to joining CERT in 2010, Butkovic was leading information security and business continuity efforts for a Fortune 500 manufacturing organization.
Butkovic is a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA).
Randall F. Trzeciak
Randy Trzeciak is a senior member of the technical staff with CERT at the Software Engineering Institute (SEI), Carnegie Mellon University. He is a member of a team focusing on insider threat research, ...
Randy Trzeciak is a senior member of the technical staff with CERT at the Software Engineering Institute (SEI), Carnegie Mellon University. He is a member of a team focusing on insider threat research, including insider threat studies being conducted with the U.S. Secret Service National Threat Assessment Center, the U.S. Department of Defense Personnel Security Research Center, and Carnegie Mellon’s CyLab. Trzeciak also is an adjunct professor at Carnegie Mellon’s H. John Heinz III School of Public Policy and Management. Prior to his position at CERT, Trzeciak managed the Management Information Systems team in the Information Technology Department at the SEI. Prior to working at the SEI, Trzeciak was a software engineer at the Carnegie Mellon Research Institute. He was a lead developer and database administrator at Computing Services at Carnegie Mellon. Trzeciak also worked for Software Technology, Inc. in Alexandria, Virginia. He holds an MS in Management from the University of Maryland and a BS in Management Information Systems and a BA in Business Administration from Geneva College.