Addressing Evolving Threats & Responses in a MITA 3.0 World Robert Myles, CISSP, CISM

Size: px
Start display at page:

Download "Addressing Evolving Threats & Responses in a MITA 3.0 World Robert Myles, CISSP, CISM"

Transcription

1 Addressing Evolving Threats & Responses in a MITA 3.0 World Robert Myles, CISSP, CISM National Practice Manager, State & Local Government 1

2 Founded in 1982 IPO in 1989 Approximately 21,500 Employees Operations in 48 Countries #379 on the 2013 Fortune Percent of Fortune 500 Companies are Customers $6.9 Billion Revenue in FY2013; Approximately 52% Outside of the U.S. More Than 1,900 Global Patents Invests 14% of Annual Revenue in R&D* Operates one of the world s largest storage clouds 100 PB and growing at 5 PB per quarter * R&D Investments is Non GAAP

3 Robert Myles, CISSP, CISM USCG Retired Recovering CISO with 15 years in Health Care, Academic Medical Centers & Financial services Public Health/Public Safety Practice Manager, National responsibility for State, Local Government 23 Years in Information Security 27 years in Health Care 30 years in IT CISSP (2001), CISM (2004) Committees: NASCIO, NACO, IJIS, MS ISAC, THSA, HIMSS P&S CyberSecurity Taskforce 3

4 Today s Healthcare Challenges Healthcare an industry facing multiple, interrelated challenges Regulatory Pressures Mobility & Consumerization of Healthcare HIE Expansion EMR/EHR Adoption Cyber Threats in Healthcare Exponential Storage Growth and Data Consolidation 4

5 5

6 Technology Trends DATA GROWTH CONSUMERIZATION Mobile Social IT IFICATION KEY TRENDS CLOUD VIRTUALIZATION THREAT LANDSCAPE 6

7 Always On and Everywhere Digital World Enhances or Replaces Much of the Physical World What are the challenges? Consumer space has eclipsed the enterprise technology environment and outpaced the large enterprise ability to manage the security perimeter and mobile environment. Presentation Identifier Goes Here 7

8 Technology Trends DATA GROWTH CONSUMERIZATION Mobile Social IT IFICATION KEY TRENDS CLOUD VIRTUALIZATION THREAT LANDSCAPE 8

9 Mass scale Targeted Attack Campaign attacks 10 days in April/May 2012 Over 20 companies hit KEY Attacker Subject MD5 Target Server Mailer Sender IP Date

10 Technology Trends DATA GROWTH CONSUMERIZATION Mobile Social IT IFICATION KEY TRENDS CLOUD VIRTUALIZATION THREAT LANDSCAPE 10

11 Information Explosion 2.7 zetabytes Store it Back it up Discover it Report it

12 Social Media 12 12

13 Changes In Working Style 80%1 65%2 52% 3 New apps deployed in the cloud Enterprises allow mobile access to their network Workers use three or more devices Sources: 1. IDC Predictions 2012: Competing for 2020, Frank Gens, IDC, December The Impact of Mobile Devices on Information Security: A Survey of IT Professionals, Check Point, January Info Workers Using Mobile And Personal Devices For Work Will Transform Personal Tech Markets, Frank E. Gillett, Forrester Research, February 22,

14 State and Local Government Mobility NASCIO 2012 Survey 79% of state and local CIOs have mobility documented in their strategic plans Government Technology Survey 58% of state and local CIOs anticipate increased mobility spending in 2012 Lone Star State Launches Mobile Website Roughly 70% of new visitors are new users Golden State Creates Template for Launching Ready Made Mobile Applications Californians accessing the internet by mobile phones has doubled (from 19% to 40%) in 3 years The Result: Massive Influx of sensitive public data entering the mobile environment m.ca.gov 14

15 Just One Problem BYOD BYOD Full Control Info/App Access Only Managed Unmanaged Current State M Corp PCs 300M Smartphones 15M Tablets M Corp PCs 293M Personal PCs 1017M Smartphones 326M Tablets Desired State App Centric Device Centric Organization owned Personally owned Devices Data Sources: Gartner, & IDC 15

16 Characteristics of a Brave New World Relentless Threats Targeted Threats Internet Security Threat Report 2013 :: Volume 18 16

17 Targeted Attacks in 2012 Internet Security Threat Report 2013 :: Volume 18 17

18 Threat Landscape Who is behind malware attacks right now Hackers Cyber Criminals Cyber Spies Hactivists 18

19 Specialization of Skill In The Attack Chain Reconnaissance: Know your Targets Incursion: Gain Access Discovery: Create a Map to the Asset Capture: Take Control of the Asset Exfiltration: Steal or Destroy Asset

20 Targeted Attacks by Company Size 50% 2, % 1 to 2,500 Employees 2,501+ 2% 3% 5% 9% 1,501 to 2,500 1,001 to 1, to 1, to % 31% 1 to % in 2011 Greatest growth in 2012 is at companies with <250 employees Internet Security Threat Report 2013 :: Volume 18 20

21 Most Dangerous New Threat Vectors Exploiting personal information on profile pages Lead to a malware hosted site from a legitimate social website 97% of the time Malicious code spreading by sending direct messages and status updates 315 mobile vulnerabilities discovered in 2011 (up 93%) Mobile malware collects personal data, tracks locations, sends text messages 96% of lost phones result in data breach 21

22 Spear Phishing Watering Hole Attack Send an to a person of interest Infect a website and lie in wait for them Targeted Attacks predominantly start as spear phishing attacks In 2012, Watering Hole Attacks emerged (popularized by the Elderwood Gang) Internet Security Threat Report 2013 :: Volume 18 22

23 Effectiveness of Watering Hole Attacks Watering Hole Attack in 2012 Infected 500 Companies All Within 24 Hours Watering Hole attacks are targeted at specific groups Can capture a large number of victims in a very short time Internet Security Threat Report 2013 :: Volume 18 23

24 Cyber Security Spend US Federal Government spend: 18% of IT budget ($76B) Source: OMB Oversight Report 2012 Banks and Financial sector: 15% of IT budget Source: IDC Intelligent Economy and State of Security Report 2011 Most States spend approximately 1.5% of their overall IT budget on cyber security as compared to Private Sector who spends on average approximately 15% of the IT budget. 24

25 Public Sector Landscape STATE Department of Revenue 3.2 million records exposed. Approximately $25M to remediate STATE 280,000 people affected after hacker breaks into server due to configuration error. Approximately $10M to remediate STATE $1.7M payout after hard drive is stolen containing Medicaid beneficiary information STATE Misplaced USB drive containing PHI for 280,000 Medicaid recipients. Fines Pending COMPANY $1.2M settlement for HIPAA Violations Failure to protect PHI data 344,579 Individuals Breach Cause Web based 17% Phishing 22% SQL injection 28% Theft of data 28% Criminal Insider 33% Viruses, 50% 0% 20% 40% 60% States have the responsibility of protecting their constituent s identities and their information 25

26 The strategies of the past will not support the infrastructure of today and for the future FERPA GLBA SOX FISMA IRS 1075 HIPAA Privacy HIPAA Security PCI ARRA/HITECH PPACA HIPAA Omnibus Rule 26

27 Where is your Data? 27

28 Enterprise Information Centric Model Policy Compliance Identity Remediation Reporting Classification Threats Encryption Ownership Discovery 28

29 MMIS Risk Management Drivers MITA 3.0 Business, Information, & Technical Architecture S&P integrated across the enterprise HIPAA guided Policies State S&P Federal S&P Private Industry Requirements Meaningful Use Use cases RBAC to data level Secure data privacy, authentication and non repudiation Automate compliance Global threat w/ IDS/IPS Data management 29

30 Deploying a MITA Aligned MMIS Framework HIPAA Administrative Safeguards 1. Security Management Process 2. Assigned Security Responsibility 3. Workforce Security 4. Information Access Management 5. Security Awareness and Training HIPAA Technical Safeguard Requirements 1. Access Control 2. Audit Controls 3. Integrity HIPAA Physical Safeguard Requirements 1. Facility Access Controls 6. Security Incident Procedures 7. Contingency Plan 8. Evaluation 9. Business Associate Contracts and Other Arrangements 4. Person or Entity Authentication 5. Transmission Security 3. Workstation Security 2. Workstation Use 4. Device and Media Controls 30

31 Use case mappings Data management to optimize recoverability and minimize cost RBAC to the Data level Data use compliance and enforcement Automate compliance management & Continuous Monitoring Global threat intelligence applied to perimeter security Secure data privacy, authentication and nonrepudiation 31

32 Control Compliance Suite (Policy, Technical Standards and Vulnerability Modules) TECHNICAL CONTROLS Compliance Suite (Standards Manager) Compliance Suite (Vulnerability Manager) POLICY PROCEDURAL CONTROLS REPORT REMEDIATE Compliance Suite (Policy Manager) Compliance Suite (Response Assessment Manager) Compliance Suite (Infrastructure) Service Desk DATA CONTROLS Data Loss Prevention e Discovery EVIDENCE 3 rd PARTY EVIDENCE Compliance Suite (Infrastructure) ASSETS CONTROLS 32

33 Roles Based Access (PKI, FDR) 1 Know who is accessing 2 3 your systems Ensure both users and organizations are trusted Prevent password sharing & fraudulent access Digital Certificates (PKI) User Authentication Product Family Two Factor Authentication Fraud Detection Rules Eng. Behavior Eng. PKI service issues certificates for strong authentication, encryption and digital signing Shared cloud based two factor authentication solution offering multiple credential choices RISK SCORE Risk Based authentication and software based fraud detection Government Providers Payers HIEs 33

34 Data Loss Prevention & ediscovery (endpoint, storage and network) CD/DVD USB Devices Webmail Laptops DLP Policy Monitoring & Prevention Discovery & Protection Instant Message FTP File Servers Web servers SharePoint / Lotus Notes / Exchange Databases 34

35 Encryption (endpoint, server, e mail, transmission) Key manaegment Theft or loss and user shares Hard-drive or removal 35

36 The Needs On premise of IT Operational Threat Protection Teams Endpoints Servers Gateway Complete Endpoint Protection Data Loss Prevention Inventory & Patch Management Advanced Server Security Audit Compliance Multi platform Support Robust Mail & Web Security Messaging Data Loss Prevention Network Access Control Endpoints Servers Gateway Policy Management Centralized Control End to end Visibility Process Automation Enterprise Infrastructure 36

37 Off Premise Threat Protection Access Control Information Protection O 3 Cloud Visibility Control Security Compliance Private Cloud To embrace the cloud with confidence 37

38 High Availability: Addressing the Shift in Mission Critical Environments Simplify migration from physical Virtualize Without Compromise Ensure High Availability Enable the Private Cloud environments to x86 and new storage platforms in virtual environments Offer the mission critical availability and DR that enterprises are used to on x86 and virtualized infrastructure Manage Storage and I/O Optimization for new storage platforms and virtualized environment 38

39 How to address Regulatory Mandates Develop and Enforce IT Policies Symantec Control Compliance Suite, Symantec Data Loss Prevention, Symantec Network Access Control Authenticate Identities to Systems User Authentication and Managed PKI Protect confidential Information PGPGP Data Loss Prevention, NetBackup / Backup Exec, Enterprise Vault, Veritas Volume Replicator Manage the Infrastructure Protect the Infrastructure IT Management Suite including Mobile Device Management from Symantec Symantec Protection Suite, Symantec Web Gateway, Symantec Message Gateway, Symantec Security Information Manager, Symantec Critical Systems Protection 39

40 Stay Informed symantec.com/threatreport Security Response Website Twitter.com/threatintel 40

41 Thank you! Robert Myles, CISSP, CISM National Practice Manager, State & Local Copyright 2011 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 41

42

43 Industry Recognition Security Leadership Storage and Availability Management Leadership Archiving (#1 market position¹¹, Leader in Gartner Magic Quadrant 12 ) E Discovery (#1 market position 13, Leader in Gartner Magic Quadrant for E Discovery Software 14 ) Core Storage Management Software (#1 market position 11 ) Storage Resource Management (Leader in Gartner Magic Quadrant for SRM Software 15 ) File System Software (#1 market position 16 ) Backup and Recovery (#1 market position 11, Leader in Gartner Magic Quadrant for Backup and Recovery 17 ) Consumer Endpoint Security (#1 market position 1 ) Endpoint Security (#1 market position 2, Leader in Gartner Magic Quadrant 3 ) Messaging Security (#1 market position 4, Leader in Gartner Magic Quadrant leader 5 ) Data Loss Prevention (#1 market position 6, Leader in Gartner Magic Quadrant 7 ) Security Management (Leader in Gartner Magic Quadrant 8 ) SSL Certificates (#1 market position 9 ) Client Management Tools (Leader in Gartner Magic Quadrant 10 ) 43

Implemen'ng an Enterprise Framework for Secure Health Data Exchange

Implemen'ng an Enterprise Framework for Secure Health Data Exchange Implemen'ng an Enterprise Framework for Secure Health Data Exchange Gregory Franklin, Assistant Secretary, California Technology Agency Jim Rose, Deputy CIO, Indiana Office of Technology Robert Myles,

More information

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth Modern Cyber Threats how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure Axel Wirth Healthcare Solutions Architect Distinguished Systems Engineer AAMI 2013 Conference

More information

Best Practices for a BYOD World

Best Practices for a BYOD World Face Today s Threats Head-On: Best Practices for a BYOD World Chris Vernon CISSP, VTSP Security Specialist Agenda Mobile Threats Overview 2013 State of Mobility Survey Canada BYOD Best Practices 2 Mobile

More information

Transforming SMB Security Stephen Banbury

Transforming SMB Security Stephen Banbury Transforming SMB Security Stephen Banbury VP, Global SMB Channel & Alliances Compelling Trends for Change Symantec as a Leader in Security Winning Together 2 NOT SO LONG AGO SMB Attitudes Towards Business

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention symantec.com One of the interesting things we ve found is that a lot of the activity you d expect to be malicious

More information

Chief Security Strategist Symantec Public Sector

Chief Security Strategist Symantec Public Sector Chief Security Strategist Symantec Public Sector Advanced Persistent Threat Further things to understand about the APT Compromised Game Networks Lulzec Anonymous/YamaTough WikiLeaks 101 Global Intelligence

More information

Prevent Security Breaches by Protecting Information Proactively

Prevent Security Breaches by Protecting Information Proactively Prevent Security Breaches by Protecting Information Proactively John Reichard, Senior Systems Engineer New York, NY November 17 th, 2011 1 Agenda 1 Causes of a Data Breaches 2 Breaches are Preventable

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP

Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP Principal Systems Engineer Symantec LAMC Agenda 1 What DLP is and its purpose 2 Challenges

More information

#ITtrends #ITTRENDS SYMANTEC VISION 2012 1

#ITtrends #ITTRENDS SYMANTEC VISION 2012 1 #ITtrends 1 Strategies for Security and Management in a Mobile and Virtual World Anil Chakravarthy Senior Vice President, Enterprise Security Group 2 MASSIVE INCREASE IN SOPHISTICATED ATTACKS 403 million

More information

Countering Insider Threats Jeremy Ho

Countering Insider Threats Jeremy Ho Countering Insider Threats Jeremy Ho Strategic Sales Group (ASEAN) 1 CONFIDENTIAL Key Challenges Impacting Organization Today REGULATORY COMPLIANCE Rising Data Volumes Changing Requirements Prioritization

More information

Protecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11

Protecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11 Protecting What Matters Most Terry Ray Chief Product Strategist Trending Technologies Session 11 Cyber attacks are bad and getting Significant economic Stock price fell by 14% Impacted profits by 46% Total

More information

Maintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com

Maintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance

More information

Risk and threats everywhere, all the time

Risk and threats everywhere, all the time Risk and threats everywhere, all the time Hackers Cloud Remote Offices/ Workers Authentication & Encryption Mobile Devices Virtualization Malicious & Well-meaning Users Cyber Threats Social Media Compliance

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance

Mobile Security Checklist. An Easy, Achievable Plan for Security and Compliance Mobile Security Checklist An Easy, Achievable Plan for Security and Compliance Introduction Are mobile devices the weak link in your security defenses? Today, organizations are pouring millions of dollars

More information

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing Driving Productivity Without Compromising Protection Brian Duckering Mobile Trend Marketing Mobile Device Explosion Paves Way for BYOD 39% 69% 340% 2,170% 2010 177M corp PCs 2015 246M corp PCs 2010 173

More information

If you can't beat them - secure them

If you can't beat them - secure them If you can't beat them - secure them v1.0 October 2012 Accenture, its logo, and High Performance delivered are trademarks of Accenture. Preface: Mobile adoption New apps deployed in the cloud Allow access

More information

Is Your Vendor CJIS-Certified?

Is Your Vendor CJIS-Certified? A Thought Leadership Profile Symantec SHUTTERSTOCK.COM Is Your Vendor CJIS-Certified? How to identify a vendor partner that can help your agency comply with new federal security standards for accessing

More information

Symantec Enterprise Vault.cloud Giovanni Alberici

Symantec Enterprise Vault.cloud Giovanni Alberici Symantec Enterprise Vault.cloud Giovanni Alberici Global Product Marketing Manager 1 Agenda 1 2 3 4 Symantec s cloud strategy Overview of Symantec.cloud Symantec Enterprise Vault.cloud Symantec.cloud portfolio

More information

Perspectives on Cybersecurity in Healthcare June 2015

Perspectives on Cybersecurity in Healthcare June 2015 SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright

More information

Protecting What Matters Most. Bartosz Kryński Senior Consultant, Clico

Protecting What Matters Most. Bartosz Kryński Senior Consultant, Clico Protecting What Matters Most Bartosz Kryński Senior Consultant, Clico Cyber attacks are bad and getting Leaked films and scripts Employee lawsuit Media field day There are two kinds of big companies in

More information

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Beyond passwords: Protect the mobile enterprise with smarter security solutions IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive

More information

Medicaid MITA: Innovative COTS solutions for IT Risk Management

Medicaid MITA: Innovative COTS solutions for IT Risk Management Medicaid MITA: Innovative COTS solutions for IT Risk Management White Paper: COTS Solutions for MITA 2.0 Medicaid MITA: Innovative COTS solutions for IT Risk Management Contents Introduction to MITA &

More information

Symantec Endpoint Security Management Solutions Presentation and Demo for:

Symantec Endpoint Security Management Solutions Presentation and Demo for: Symantec Endpoint Security Management Solutions Presentation and Demo for: University System of Georgia Board of Regents Information Technology Services Executive Summary Business Requirements To migrate

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

Separating Security and Information Management into Two Industry-Leading Technology Companies

Separating Security and Information Management into Two Industry-Leading Technology Companies Separating Security and Information Management into Two Industry-Leading Technology Companies October 9, 04 Forward Looking Statements This presentation contains statements regarding our strategic direction

More information

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and

More information

IBM Security Strategy

IBM Security Strategy IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration

More information

Data Security: Fight Insider Threats & Protect Your Sensitive Data

Data Security: Fight Insider Threats & Protect Your Sensitive Data Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand

More information

The Trusted Front Door to the Cloud

The Trusted Front Door to the Cloud The Trusted Front Door to the Cloud Jeff Burstein Director, Product Management, User Authentication 1 The Great Commoditization of IT has Begun Economic Drivers Pay as you go (or else) CAPEX to OPEX Simplification

More information

The Cloud App Visibility Blindspot

The Cloud App Visibility Blindspot The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before

More information

IT Self Service and BYOD Markku A Suistola

IT Self Service and BYOD Markku A Suistola IT Self Service and BYOD Markku A Suistola Principal Presales Consultant Why IT Service need to evolve? David Coyle, research vice president at Gartner, 2010**: "IT self-service is a great concept, enabling

More information

plantemoran.com What School Personnel Administrators Need to know

plantemoran.com What School Personnel Administrators Need to know plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of

More information

IBM Security Intelligence Strategy

IBM Security Intelligence Strategy IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational

More information

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and

More information

The ForeScout Difference

The ForeScout Difference The ForeScout Difference Mobile Device Management (MDM) can help IT security managers secure mobile and the sensitive corporate data that is frequently stored on such. However, ForeScout delivers a complete

More information

How Attackers are Targeting Your Mobile Devices. Wade Williamson

How Attackers are Targeting Your Mobile Devices. Wade Williamson How Attackers are Targeting Your Mobile Devices Wade Williamson Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best

More information

Cyber and Mobile Landscape, Challenges, & Best Practices

Cyber and Mobile Landscape, Challenges, & Best Practices Cyber and Mobile Landscape, Challenges, & Best Practices while increasing efficiencies through automation Cheri McGuire VP, Global Govt. Affairs & Cybersecurity Policy Cyber and Mobility Challenges and

More information

OVERVIEW. Enterprise Security Solutions

OVERVIEW. Enterprise Security Solutions Enterprise Security Solutions OVERVIEW For more than 25 years, Trend Micro has innovated constantly to keep our customers ahead of an everevolving IT threat landscape. It s how we got to be the world s

More information

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data

More information

Data Breach Lessons Learned. June 11, 2015

Data Breach Lessons Learned. June 11, 2015 Data Breach Lessons Learned June 11, 2015 Introduction John Adams, CISM, CISA, CISSP Associate Director Security & Privacy 410.707.2829 john.adams@protiviti.com Powerful Insights. Proven Delivery. Kevin

More information

Guideline on Safe BYOD Management

Guideline on Safe BYOD Management CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version

More information

Symantec DLP Overview. Jonathan Jesse ITS Partners

Symantec DLP Overview. Jonathan Jesse ITS Partners Symantec DLP Overview Jonathan Jesse ITS Partners Today s Agenda What are the challenges? What is Data Loss Prevention (DLP)? How does DLP address key challenges? Why Symantec DLP and how does it work?

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Information Security for the Rest of Us

Information Security for the Rest of Us Secure Your Way Forward. AuditWest.com Information Security for the Rest of Us Practical Advice for Small Businesses Brian Morkert President and Chief Consultant 1 Introduction President Audit West IT

More information

ITAR Compliance Best Practices Guide

ITAR Compliance Best Practices Guide ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations

More information

ALERT LOGIC FOR HIPAA COMPLIANCE

ALERT LOGIC FOR HIPAA COMPLIANCE SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare

More information

Reducing the cost and complexity of endpoint management

Reducing the cost and complexity of endpoint management IBM Software Thought Leadership White Paper October 2014 Reducing the cost and complexity of endpoint management Discover how midsized organizations can improve endpoint security, patch compliance and

More information

Your Email is outsourced to the Cloud and Mobile, Are You protecting it with Encryption? Wolf Schreiner

Your Email is outsourced to the Cloud and Mobile, Are You protecting it with Encryption? Wolf Schreiner Your Email is outsourced to the Cloud and Mobile, Are You protecting it with Encryption? Wolf Schreiner Senior Regional Product Manager Encryption, EMEA Safe Harbor Disclaimer This presentation contains

More information

ForeScout MDM Enterprise

ForeScout MDM Enterprise Highlights Features Automated real-time detection of mobile Seamless enrollment & installation of MDM agents on unmanaged Policy-based blocking of unauthorized Identify corporate vs. personal Identify

More information

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review The security threat landscape is constantly changing and it is important to periodically review a business

More information

INFORMATION PROTECTION

INFORMATION PROTECTION INFORMATION PROTECTION Johan Celis Principal Security Consultant Symantec Benelux SYMANTEC ENTERPRISE SECURITY STRATEGY Users Data Cyber Security Services Monitoring, Incident Response, Simulation, Adversary

More information

6 Things To Think About Before Implementing BYOD

6 Things To Think About Before Implementing BYOD 6 Things To Think About Before Implementing BYOD Kimber Spradlin, CISA, CISSP 2012 IBM Corporation Mobile Devices: Unique Management & Security Challenges Mobile devices are shared more often Mobile devices

More information

Why Email Encryption is Essential to the Safety of Your Business

Why Email Encryption is Essential to the Safety of Your Business Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief RSA Solution Brief RSA Managing Data Loss the Lifecycle of Prevention Encryption Suite Keys with Uncover your risk, establish control. RSA Key Manager RSA Solution Brief 1 Executive Summary RSA Data Loss

More information

Plan of Attack 5 Step Plan

Plan of Attack 5 Step Plan Plan of Attack 5 Step Plan Naming those Digital Assets Practicing Digital Doomsday Training + Policies and Procedures Technology Tuning Security in the Supply Chain Next Steps Sample Plan 0 to 30 Days

More information

Symantec Enterprise Vault for Lotus Domino

Symantec Enterprise Vault for Lotus Domino Symantec Enterprise Vault for Lotus Domino Store, Manage and Discover Critical Business Information Overview Industry-leading email archiving for Lotus Domino With the recognition that email has become

More information

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance

Evolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats

More information

AB 1149 Compliance: Data Security Best Practices

AB 1149 Compliance: Data Security Best Practices AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Information Security It s Everyone s Responsibility

Information Security It s Everyone s Responsibility Information Security It s Everyone s Responsibility Developed By The University of Texas at Dallas (ISO) Purpose of Training As an employee, you are often the first line of defense protecting valuable

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

WHITEPAPER. Data Security for Office 365 Balancing control & usability

WHITEPAPER. Data Security for Office 365 Balancing control & usability WHITEPAPER Data Security for Office 365 Balancing control & usability Contents Executive Summary... 2 Top Security Issues for Office 365... 4 Compelled Disclosures... 4 Unauthorized Sharing... 4 External

More information

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing

More information

On and off premises technologies Which is best for you?

On and off premises technologies Which is best for you? On and off premises technologies Which is best for you? We don t mind what you buy, as long as it is YELLOW! Warren Sealey and Paul-Christian Garpe On Premises or in the cloud? 1 Agenda Why Symantec? Email

More information

Privilege Gone Wild: The State of Privileged Account Management in 2015

Privilege Gone Wild: The State of Privileged Account Management in 2015 Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

State of Security Survey GLOBAL FINDINGS

State of Security Survey GLOBAL FINDINGS 2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding

More information

Email Security.cloud Configuring DLP on to your email flow and applying security to your hosted email deployment

Email Security.cloud Configuring DLP on to your email flow and applying security to your hosted email deployment Email Security.cloud Configuring DLP on to your email flow and applying security to your hosted email deployment Phil Walters Principal Learning Consultant, Technical Field Enablement Email Security.cloud

More information

Endpoint protection for physical and virtual desktops

Endpoint protection for physical and virtual desktops datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become

More information

Stay ahead of insiderthreats with predictive,intelligent security

Stay ahead of insiderthreats with predictive,intelligent security Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent

More information

McAfee Acquires NitroSecurity

McAfee Acquires NitroSecurity McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security

More information

Balancing Cloud-Based Email Benefits With Security. White Paper

Balancing Cloud-Based Email Benefits With Security. White Paper Balancing Cloud-Based Email Benefits With Security White Paper Balancing Cloud-Based Email Benefits With Security Balancing Cloud-Based Email Benefits With Security CONTENTS Trouble Spots in Cloud Email

More information

Symantec Federal Solutions

Symantec Federal Solutions Symantec Federal Solutions Table of Contents 1. Introduction a. Symantec Public Sector b. The Federal Government IT Landscape and Challenges c. Symantec Government IT Solutions 3. Mobile 4. Data Center

More information

What s Lurking in Your Network & The Business Impact of Data Breaches. Colby Clark Director of Incident Management FishNet Security

What s Lurking in Your Network & The Business Impact of Data Breaches. Colby Clark Director of Incident Management FishNet Security What s Lurking in Your Network & The Business Impact of Data Breaches Colby Clark Director of Incident Management FishNet Security Who am I? Colby Clark is the Director of Incident Management at Fishnet

More information

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance 3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security

More information

and Security in the Era of Cloud

and Security in the Era of Cloud Re-imagine i Enterprise Mobility and Security in the Era of Cloud Brendan Hannigan General Manager, IBM Security Systems Leverage Cloud as a growth engine for business Exploit Mobile to build customer

More information

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA

IT TRENDS AND FUTURE CONSIDERATIONS. Paul Rainbow CPA, CISA, CIA, CISSP, CTGA IT TRENDS AND FUTURE CONSIDERATIONS Paul Rainbow CPA, CISA, CIA, CISSP, CTGA AGENDA BYOD Cloud Computing PCI Fraud Internet Banking Questions The Mobile Explosion Mobile traffic data in 2011 was nearly

More information

Proven LANDesk Solutions

Proven LANDesk Solutions LANDesk Solutions Descriptions Proven LANDesk Solutions IT departments face pressure to reduce costs, reduce risk, and increase productivity in the midst of growing IT complexity. More than 4,300 organizations

More information

White Paper. Identifying Network Security and Compliance Challenges in Healthcare Organizations

White Paper. Identifying Network Security and Compliance Challenges in Healthcare Organizations Identifying Network Security and Compliance Challenges in Healthcare Organizations Contents Introduction....................................................................... 3 Increased Demand For Access............................................................

More information

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst

Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst ESG Solution Showcase Data- centric Security: A New Information Security Perimeter Date: March 2015 Author: Jon Oltsik, Senior Principal Analyst Abstract: Information security practices are in the midst

More information

Reducing the Cost and Complexity of Web Vulnerability Management

Reducing the Cost and Complexity of Web Vulnerability Management WHITE PAPER: REDUCING THE COST AND COMPLEXITY OF WEB..... VULNERABILITY.............. MANAGEMENT..................... Reducing the Cost and Complexity of Web Vulnerability Management Who should read this

More information

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev Symantec Enterprise Security: Strategy and Roadmap Galin Grozev Senior Technology Consultant Symantec Bulgaria Enterprise Threat Landscape Attackers Moving Faster Digital extortion on the rise Malware

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information

What keep the CIO up at Night Managing Security Nightmares

What keep the CIO up at Night Managing Security Nightmares What keep the CIO up at Night Managing Security Nightmares Tajul Muhammad Taha and Law SC Copyright 2011 Trend Micro Inc. What is CIOs real NIGHTMARES? Security Threats Advance Persistence Threats (APT)

More information

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies

More information

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons

More information

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.

More information

Investor Presentation

Investor Presentation Investor Presentation November 2015 Forward Looking Statements This presentation contains statements regarding the pending sale of our information management business to The Carlyle Group, which may be

More information

IT Security & Compliance. On Time. On Budget. On Demand.

IT Security & Compliance. On Time. On Budget. On Demand. IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount

More information

Security and Privacy

Security and Privacy Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices

More information

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There

More information

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS SECURITY PLATFORM FOR HEALTHCARE PROVIDERS Our next-generation security platform prevents successful cyberattacks for hundreds of hospitals, clinics and healthcare networks across the globe. Palo Alto

More information

Cybersecurity. Are you prepared?

Cybersecurity. Are you prepared? Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data

More information

Cyber Security An Exercise in Predicting the Future

Cyber Security An Exercise in Predicting the Future Cyber Security An Exercise in Predicting the Future Paul Douglas, August 25, 2014 AUDIT & ACCOUNTING + CONSULTING + TAX SERVICES + TECHNOLOGY I www.pncpa.com I www.pntech.net What is Cyber Security? Measures

More information