Products. years of security

Size: px
Start display at page:

Download "Products. years of security"

Transcription

1 Perspective: 20 Contents Introduction...1 Information security... 2 Access management... 4 Biometrics...7 Digital forensics Network &. platform security...14 Wireless The future...18 years of security There is a wealth of insight, reminiscence and brilliant looks into the future here. However, as in everything, time introduces both macro and micro changes. For example, instant messaging is a comparatively new concept and Web 2.0 barely has been born. Cloud computing, which arguably has been around under different monikers for decades, is so young that most people don t yet fully understand what it is, what it can do for us or what its risks are. We would be hard-pressed to have a discussion on these and a few other topics that stretch back 20 years. Twenty years in our business is an eternity. And if we couple 20 years of information assurance with 20 years of information technology, the stew thickens and becomes even tastier. For example, even the name of what we do has changed materially several times. What started out as computer security has evolved through network security, enterprise security and information security to get where it is today. SC Magazine has tracked this evolution for the past 20 years and for a lot of that time I have been writing in these pages. I have had a chance to combine 30 years of consulting, 40 years of writing, and 10 years in academia into an experience that has been enriched by writing here. We have seen these products evolve. We ve seen market segments, methodologies and security requirements ebb and flow. The contributors to this special section are a mix of experts, visionaries, long-time market-watchers, CEOs, educators, researchers and CISOs. But they all have one thing in common: They have been on this rollercoaster with you and me, and their perspectives on where we came from, where we are and where we are going outstrips anything I have ever seen in a single publication. I could not have assembled this feature without the help of Judy Traub, our intrepid editorial assistant. I had planned to give her an extra month to help pull together the pieces for our upcoming December innovators issue. Alas, the best laid plans and all that. Judy dove in and pulled resources from her vast store and suddenly we had a first-rate feature for our product section. So, enjoy this walk or, sometimes, run down memory lane and perhaps we ll do this again in another 20 years. Peter Stephenson, technology editor 1 SC November 2009

2 INFORMATION SECURITY The practice of information security by Tom Peltier Thirty-two years ago, I began a frustrating, scary, exciting and rewarding career in computer security. The first conference I attended on computer security in 1978, addressed such issues as policy development, disaster recovery planning, data center physical security and the new technology of access control systems (ACF2, RACF and TopSecret). The environment we were working with was typically a computer laboratory with a big mainframe system. In 1981, everything changed with the introduction of the first affordable portable computer system. No longer would the business units be tethered to the whims of the information technology departments. Anyone could go to their local Nerds r Us store and get the hardware and software they needed to create their independent information processing environment. This move to a decentralized base forced computer security professionals to change focus and begin to stress the need to secure information whereever it was found, regardless of the format. The job title became information system security officer (ISSO). With the emergence of the client-server infrastructure, the ISSO function began to move out of the IT departments. As the technology leaped forward, the ISSO struggled to implement basic security mechanisms. However, with this decentralization, we saw the responsibility for information protection switch from IT and back to the business units. A greater emphasis was placed on creating corporate policy and having the business units implement their own supporting standards and procedures. Security awareness training came into its own during this period. The local business units were often charged with assigning a local security coordinator who would be responsible for implementation of the local program. In 1991, the industry took a big step forward in obtaining legitimacy by implementing the certified information system security professional (CISSP) exam certification. Industry experts established a common body of knowledge that would provide for testing to establish competency of the individual. For almost 20 years now, the CISSP certification has provided businesses with an assurance that the holder of the certification meets an industry-accepted level of knowledge. The key factor in the success of any information security program has been the level of acceptance of the management and users. The focus on managing risk seems to have aided in this acceptance. Instead of implementing controls and countermeasure by decree, the new emphasis on risk identification and management includes all parties with a vested interest. We are beginning to see many organizations move away from information security and are now working on enterprise risk management. At CSI 2009 in October, the 36th edition of the Computer Security Institute s annual conference, a risk management summit discussed that very topic. In 30 years, the industry has evolved from computer security to information security to information protection and now, perhaps, to enterprise risk management. What we are called is not as important as ensuring that the services we provide are continued and accepted. Tom Peltier has been an information security professional for over 30 years. During this time, he has shared his experiences with fellow professionals and has been awarded the 1993 Computer Security Institute s (CSI) Lifetime Achievement Award. He has had six books published on policy development and risk assessment. Revolution or evolution? by Michael Corby The vision from 1989 Computer systems as we know them were in their infancy in the waning moments of the 1980s and the early years of the 1990s. Systems were still largely segregated by manufacturer. IBM shops had no DEC equipment anywhere, and vice versa. HP systems were found in manufacturing plants and the world of CAD/CAE was dominated by standalone graphical units that were the engineering versions of the memory typewriter. Security was being promulgated in the form of model architectures and the Rainbow Series, computer security standards published by the U.S. government Within the next 10 years, we were enveloped in the dot-com boom. Technology permeated every aspect of our lives. What were we envisioning from the information security domain? In many instances, what we were looking to do was revolutionary. We saw that virus code and other malware were gaining in popularity and Scott McNealy from Sun Microsystems warned that there is no longer any digital privacy. Sometimes we have seen a revolution, sometimes we have seen a slower crawl forward. Human resources and staffing In 1989, security professionals were either writing crypto code November 2009 SC 2

3 for the military or were hanging backup tapes in a data center. Today, we are blessed with more than a dozen ways of measuring the security competence of our staff. Verdict: Revolution Network architecture In 1989, open systems were beginning to babble to each other. Communications was over-leased lines or internal networks. Nobody ever used dial-up public communications for sensitive data (if you knew what data was actually sensitive). Secure network architecture is now available on the shelf at the office supply store. Verdict: Revolution Systems development The good old five-phase approach (or six-, depending on your school of thought) to designing systems was de rigueur in Application teams went through stages of scope, design, programming, unit testing (and system testing) and implementation. Once all this was done, someone may have asked: What about backup and recovery? The method is the same, only some of the questions have changed. Verdict: Evolution Monitoring and forensics In 1989, logs were generated and maybe printed. Tracing events were rare, but also largely unnecessary. Today, compliance laws and industry regulations have tightened the need for monitoring and active event investigations. Verdict: Revolution Summary In these and other areas, we have made substantial progress in information security over the past 20 years. There is more to come. Here s my prediction: Over the next 20 years, security will be embedded in all information management technology. Data segregation will be the usual architecture and trace logs, and factual responses to the query, How did that happen?, will be commonplace. Hackers and malware will exist, but will be just an annoyance. Hmmm. Didn t I say that in 1989? Michael Corby has over 40 years of experience in IT strategy, operations, development and security. He is a founder of (ISC)², the organization that established the CISSP credential. 20 years of governance by Howard Schmidt Governance, according to Wikipedia, relates to decisions that define expectations, grant power or verify performance. It is a word that has had much use and has been interpreted in different ways over the years. But, when it comes to information security, governance is a relatively recent, but important, addition to the modern vocabulary. In the past, information security was primarily about technology and the tools needed to resolve IT related problems rather than deliver security solutions to support and enable the business. It was a backroom function and rarely was it discussed in the boardroom. But, necessarily and very appropriately, things have changed. High profile accidental or intentional attacks against IT, combined with a series of natural disasters, helped to put IT security governance in the spotlight. It was quickly recognized as a key component in dealing with issues such as data privacy, loss prevention and protecting business and brand integrity. Company executives in B2C and B2B businesses alike, saw good governance in IT security as a way to protect customers, employees, suppliers and partners. Governments also took positive action by introducing new legislation to raise awareness and ensure a benchmark level of regulatory compliance to defined standards of governance. The best known of these initiatives include the Sarbanes-Oxley Act in the United States and the EU Data Privacy Act. This focus on information security governance was reflected in a new breed of executives bearing titles such as chief information security officer (CISO), chief risk officer (CRO) and chief privacy officer (CPO). These senior positions provide a clear line of responsibility and corporate structure for IT security governance. Furthermore, IT security governance has also become part of the corporate culture and mindset as companies promote the real value of compliance and good governance. Regulatory compliance combined with a strong commitment to governance, significantly enhances the IT security function and underpins the success and integrity of any business. One thing is very clear: Strong governance has to be driven from the top down and, with growing awareness and ownership in the boardroom, the future for IT governance looks positive. Howard Schmidt is president and CEO, Information Security Forum. Formerly, he was vice-chair, President s Critical Infrastructure Protection Board; VP-CISO, ebay; CSO, Microsoft; professor of research, Idaho State University; and adjunct professor, GA Tech, GTISC. 3 SC November 2009

4 Information security policy development by Rebecca Herold In 1991, as an IT internal auditor, I performed the very first enterprise-wide information security audit for my organization, a multinational financial and insurance organization with approximately 20,000 employees. After this comprehensive four-month project, I was asked to implement all the recommendations I made within the audit, primarily, the creation of the information protection function/department within the organization. The first thing I did in the new department was create information protection policies based on all the risks I identified from the audit. At the time, there were very few information security policies available. I created my organization s policies largely based on the results of my audit basically a risk assessment (though that term was not used much then). I was happy to find that a year or so after BS7799 [a British standard] was first published in 1995, that I had hit on virtually all of the topics it listed, along with the topics listed in the first publication of COBIT, best practices issued by the ISACA and ITGI in One of the earliest pioneers to provide guidance for developing information security policies was Charles Cresson Wood, who has published many books and articles covering the topic. As far back as 1981, with his Policies for Deterring Computer Abuse and the just released version 11 of his Information Security Policies Made Easy, which was first published in 1991 and is now used by over 50 percent of Fortune 500 companies. Until the introduction of BS7799 and COBIT in the mid-1990s, the National Institute of Standards and Technology (NIST) was largely the most referenced public source for information security policy guidance, starting as early as their June 1974 Guidelines for Automatic Data Processing Physical Security and Risk Management. Most organizations did not really put a lot of effort into information security policy development in the 1980s, or even well into the 1990s. The person assigned the responsibility for creating information security policies back then was often an IT administrator who had some extra time on their hands. And then the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA) were enacted in the last half of the 1990s, loudly followed by the Sarbanes-Oxley Act (SOX) of 2002, putting policy development importance squarely in the cross-hairs of executive suites. The importance of not only information security policies, but also privacy policies, was elevated to higher levels within most organizations. Information security policy development necessarily evolved from being a largely cookbook type of exercise (viewed as a necessity to help keep security settings consistent and to keep employees from doing bad things with computers) to now being realized as an exercise that must be based on business risk and compliance in order to be effective for business. The need for documented risk- and compliance-based information security policies is here to stay. Rebecca Herold, CIPP, CISSP, CISM, FLMI, The Privacy Professor, has over two decades of information security, privacy and compliance experience. She s been named as a Computerworld Best Privacy Adviser multiple times and also as a Top 59 Influencer in IT Security by IT Security magazine. She is currently leading the NIST Smart Grid standards committee privacy impact assessment. ACCESS MANAGEMENT Access management evolves over 20 years by Tomas Olovsson Access management has not always been what it has become today. In the early days of computers, it was more or less identical with physical access to the premises. Projects were entered in batches into large mainframes by operators, and end-users seldom got in contact with the computers. It was not until the mid-60s when time-sharing systems, such as IBM TSS-360 and DEC TOPS-10/20, were born that access control and separation between users became important and systems required passwords to let users in. The next important step in the evolution was taken in the 70s with the Unix/Multics multi-user system. Unix introduced the concept of allowing users to give away their access rights permanently to a program (the -s flag). This made it possible for other users to execute applications and access data, which would have been inaccessible with the users normal access rights. Applications could now make decisions about what data end-users could access, not just the operating systems. This provided great new functionality, but with the cost of increased complexity and security problems would, of course, commence. Then, not much happened in this area for 20 years. It is true that other systems borrowed or invented similar mechanisms. Access control lists (ACLs) were introduced, but nothing really new arrived on the scene. Access management was for many years November 2009 SC 4

5 just a matter of properly distributing usernames and passwords between a few, sometimes not even communicating, servers. However, during the last 10 to 15 years, internal networks and the internet have developed extremely fast. Applications and systems have become connected in ways never seen before. Suddenly, there was a need to synchronize accounts on not just a handful of systems, but to tens, hundreds and even to thousands of applications within an organization. New authentication mechanisms were also introduced everything from token devices, smart cards and certificates to biometric identification methods. Single sign-on became important and role-based access control (RBAC) with detailed auditing and logging was suddenly necessary, even required by law. And today, one of the latest buzzwords in this area is security in the cloud, with people and applications spread out all over the globe. Now, we have yet another access management challenge in front of us. Tomas Olovsson is co-founder and CTO of AppGate Network Security, and associate professor at Chalmers University of Technology in Sweden, with research focus on network security. Encryption: 20 years ago by Bruce Schneier These days, we live in a world of cryptographic abundance, but the 1980s were different. Encryption products were rare, obscure, eclectic, confusing, poor or more likely all of the above. Through a combination of export restrictions, patriotic pleas, threats and secret agreements, the National Security Agency (NSA) effectively controlled the encryption market, ensuring that it was never mainstream. Research, on the other hand, was blossoming. The Annual International Cryptology Conference (CRYPTO) started in 1981, Eurocrypt in Mathematics conferences accepted cryptography papers and more appeared in engineering journals. Many of the results now seem basic, but back then we were only just starting to understand algorithms and protocols, public-key cryptography and cryptanalysis. There were a few books: notably by Konheim (1981), Denning (1982), Patterson (1987), Davies and Price (1989), and, of course, David Kahn s The Codebreakers (1967). When I wrote Applied Cryptography, in 1992, everything publicly written about cryptography fit onto a single shelf. I wrote the book that I wished existed an accessible introduction to the field. Seventeen years and a couple of hundred thousand copies later, I regularly meet people whose interest in cryptography was sparked by that book. The changes came fast in the 1990s. Cryptography export controls were relaxed and eventually repealed. The FBI tried, and failed, to force vendors to install backdoors in their products so they could eavesdrop more easily. Research continued to boom as the graduate students of the 1980s got graduate students of their own. There were more ideas, more conferences, more products. And, most of all, finally, there was demand: the World Wide Web, electronic commerce, corporate networks. Now, we all use cryptography daily. It s on our operating systems, our web browsers, our phones and our programs. There are so many cryptography conferences that no one can attend them all. I can t fit my current cryptography library onto three massive bookshelves, and I don t have anywhere close to everything published. At the same time, we ve learned that security needs more than cryptography. Security is a chain, and it s only as secure as the weakest link. Compared to applications, operating systems and network security, not to mention human factors, cryptography is already the strongest link in any security chain. We might have beaten the NSA in the battle for cryptography, but the war for privacy and security continues. Bruce Schneier s new book, Cryptography Engineering, will be published in spring You can read his other writings at An historical perspective on password management by Eugene Schultz In the mid-1980s, no issue was bigger than password security, and for good reason most break-ins into systems at that time involved exploiting weak, default and/or null passwords. Other kinds of attacks were almost unheard of then (social engineering attacks excepted). Policies often required strong passwords, but with the exception of minimum password length settings in operating systems, no technology for enforcement existed. System and security administrators were at the mercy of users, who were constantly urged to select strong passwords, but seldom did. In the late 1980s, several significant password management technologies surfaced. Password filters prevented users from entering passwords that did not meet password goodness criteria. Password crackers enabled system administrators to monitor cracked, weak or default passwords, so that account owners could then be required to change them. Thus, enforcing password policy provisions using technology became possible. Lamentably, however, few organizations used password filters, 5 SC November 2009

6 and worse yet, password crackers have been used more often and more effectively by attackers than anyone else. The 1990s marked the emergence of remote vulnerability scanners. Although most of the tests carried out by these tools probed for vulnerabilities in operating systems and system services, some of them also tested for weak passwords in well-known accounts. Unfortunately, these tools did not test password strength in other accounts. They therefore have made little difference on password management. Every Windows operating system since Windows NT (July 1993) has password filtering based on combinations of letters, numbers and special symbols. However, research studies have shown that passwords filtered according to these criteria are not significantly harder to crack than unfiltered ones. The relatively recent advent of rainbow tables, millions of pre-computed candidate passwords for password crackers to try, has revolutionized password management. System and security administrators can now crack a large percentage of passwords in minutes and force users to select better ones. Many organizations do not employ this technology, however, leaving their systems open to traditional simple password attacks. Exploiting weak passwords has been a major threat vector since passwords were first used. Free technology that allows enforcement of password policy is widely available. So why are there still so many weak passwords? You can lead a horse to water, but you cannot force it to drink. Dr. Eugene Schultz is the CTO at Emagined Security, an information security consultancy based in San Carlos, Calif. He is the author/co-author of five books, and has also written over 120 published papers. On the last 20 years of vulnerability management by Rebecca Bace When I think of how things have changed (and remained the same) over the last 20 years in the security trenches, it s tempting to come up with a tote sheet for the decades. On the positive side, the degree to which our modern lives are staged on IT networks is a testament to the ability of the security community to present at least a facade of acceptable risk to the masses. Even as I note that we don t have sufficient acumen to protect what we ve put online, I also without apology assert that the transparency that vulnerability management solutions brought to the practice of system security (added to IDS s ability to spot problems in the making) had a positive influence on security and the online world. On the negative side, there s a lot left to do in both the realms of IT and security management at large. We need to better understand how to harden systems in ways that are reliable and cost-efficient. We need to acknowledge that complex systems are inherently imperfect and include monitoring and control mechanisms to spot when imperfections are being exploited to the detriment of information owners. We need to understand how to flex models of expected behavior to accommodate local norms, while assuring that users can safely function online. None of these measures will come as easily as we think they should. That does not mean that they aren t critical to our modern world. Perhaps, taking a look at the Japanese auto industry of the 1970s would be useful to us it s time to focus on improving the quality of IT systems and the management processes associated with their care and feeding. In the best of worlds, this will give us the market edge that finances the next quantum leap in both IT and security. Rebecca Bace is a security strategist with more than 25 years spent in a variety of roles. She currently focuses on taking early stage firms to market. Big changes in vulnerability assessment by Ron Gula During the past 20 years, there have been very big changes in the vulnerability scanning industry. Keep in mind that 20 years ago, vulnerability scanning was really made famous when Dan Farmer released the SATAN tool. Even though he released a script named repent to turn SATAN into SANTA, the initial reaction to this type of tool from most managers was one of shock. Twenty years later, we have a thriving and growing vulnerability scanner industry with many competing vendors and technologies. It started out with a focus on which scanner could enumerate the most vulnerabilities in the least amount of time. Often, these scanners were run by consultants or auditors who were not embedded in IT. As threats became more sophisticated, enumerating badness was not good enough. Instead, scanners had to evolve to work within an IT infrastructure and perform robust patch management and configuration auditing. This allowed security auditing tools to speak the language of an IT administrator while still simulating the hacker threat. As this usage of the network scanner changed, the type of testing performed by organizations evolved to capture this. I remember helping some early magazine tests for Nessus and filling out forms that asked: How many Windows patches do you check? Waiting until the last day to submit this form made a user s scanner appear as if they d checked off more than some- November 2009 SC 6

7 one else. The industry has come a long way since then. Because of cheap bandwidth, as well as the increase in speed of network vulnerability scanners, the ability to offer scanning as a subscription service also evolved. For a low cost, organizations could procure a one-time monthly or yearly scan of their perimeter. This allowed the IT administrator at an organization to obtain risk information without having to run their own auditing infrastructure. For organizations involved in webbased e-commerce, this was a very good combination. And right now, on the verge of 2010, most scanning vendors are looking at how the world of virtualization and cloud computing will change the need for scanning. New combinations of software-as-a-service, passive network monitoring, continuous scanning, and scanning embedded within the cloud are well equipped to offer various forms of auditing virtual sprawl and cloud-based applications. Ron Gula is CEO of Tenable Network Security. The evolution of penetration testing by Matt Hines As one of the oldest IT vulnerability assessment methodologies invented, yet one of the most rapidly evolving IT security practices today, penetration testing remains a process that continues to mature in direct parallel with the systems and applications which it has, and will be used to assess. Over the course of the 1970s and 80s, pen testing was an internal practice, used primarily within military and academic research centers to validate security mechanisms and to corroborate the presence of hypothetical flaws, both in production and R&D computing environments. In the early 1990s, as the seeds for the forthcoming internet and IT revolutions were being sewn, penetration tests began to see expanded use in gauging the overall security of many products and services, dovetailing with the arrival of the earliest purpose-built hacking tools and dedicated professional services. However, even with large and specialized consulting firms marketing pen testing audits to their customers, the process was still almost entirely manual, consisting of undocumented and unrepeatable methodologies that relied on the individual experience and skill sets of practicing experts. Despite being nearly three decades old, penetration testing realized perhaps its most significant advancement with the turn of the century and the arrival of more sophisticated, financially motivated cyberattacks, gaining greater adoption to help manage matters of IT-driven risk. This era also saw the emergence of the earliest commercial automated penetration testing solutions, which have evolved significantly over the last decade and represent one of the most important elements of the practice s continued development. As today s cybercrime epidemic, specifically electronic data theft, continues to proliferate at a furious pace, penetration testing has finally truly found widespread recognition outside the realm of specialized organizations and consultants. It is now a central element of proactive IT risk management through the use of both services and an array of rapidly maturing technologies. As concepts of IT risk management and security measurement evolve out of their own nascence, driven in part by regulatory compliance, penetration testing will only become a more pervasive, critical component of those strategies, based on its ability to isolate vulnerabilities directly exposed to real-world attacks. Before joining Core Security Technologies as marketing manager in 2008, Matt Hines covered the IT industry for over a decade as a reporter and blogger for publications including InfoWorld, eweek, CNET News.com and Dow Jones Newswires, with a specific focus on the security space since BIOMETRIC The search for the better biometric mousetrap by David Lease It seems as though we are always looking for the better mousetrap nitrogen-enriched gasoline; all-in-one laundry sheets for the washer and dryer; combination soap, shampoo and shave cream; and other products that make our lives somehow better. This constant search for the next best solution is true in biometric security technologies as well. When I started working on identification technologies in the mid-1980s, we already had a pretty big database of fingerprint cards that were cataloged and organized like library cards. If you had crime scene prints and wanted to identify a suspect through an existing set of prints, we d manually search through hundreds of fingerprint cards comparing attributes of submitted prints to prints already on file. Over the years, we worked to find ways to make fingerprint-matching faster and more reliable. Today, fingerprints are digitized and the comparison is automated, but it s still nothing like what s on TV or in the movies. Unfortunately, most biometrics are useful only for authentica- 7 SC November 2009

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Getting a Secure Intranet

Getting a Secure Intranet 61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like

More information

AlienVault for Regulatory Compliance

AlienVault for Regulatory Compliance AlienVault for Regulatory Compliance Overview of Regulatory Compliance in Information Security As computers and networks have become more important in society they and the information they contain have

More information

Stay ahead of insiderthreats with predictive,intelligent security

Stay ahead of insiderthreats with predictive,intelligent security Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

Beyond the Hype: Advanced Persistent Threats

Beyond the Hype: Advanced Persistent Threats Advanced Persistent Threats and Real-Time Threat Management The Essentials Series Beyond the Hype: Advanced Persistent Threats sponsored by Dan Sullivan Introduction to Realtime Publishers by Don Jones,

More information

Full-Speed Ahead: The Demand for Security Certification by James R. Wade

Full-Speed Ahead: The Demand for Security Certification by James R. Wade Full-Speed Ahead: The Demand for Security Certification by James R. Wade It s no secret that technology is creating a more connected world every day. But as new technologies are released and adopted, the

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue

Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437. Specialist Security Training Catalogue Threat Intelligence Pty Ltd info@threatintelligence.com 1300 809 437 Specialist Security Training Catalogue Did you know that the faster you detect a security breach, the lesser the impact to the organisation?

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

NATIONAL CYBER SECURITY AWARENESS MONTH

NATIONAL CYBER SECURITY AWARENESS MONTH NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

More information

IT Compliance Volume II

IT Compliance Volume II The Essentials Series IT Compliance Volume II sponsored by by Rebecca Herold Addressing Web-Based Access and Authentication Challenges by Rebecca Herold, CISSP, CISM, CISA, FLMI February 2007 Incidents

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

About MicroSolved, Inc. Company Profile, Experience, Capabilities and Differentiators

About MicroSolved, Inc. Company Profile, Experience, Capabilities and Differentiators About MicroSolved, Inc. Company Profile, Experience, Capabilities and Differentiators Profile MicroSolved, Inc. is an Ohio corporation with a Dun and Bradstreet number of 022904119. Since 1992, MSI has

More information

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

What IT Auditors Need to Know About Secure Shell. SSH Communications Security What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic

More information

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government Briefing W. Frisch 1 Outline Digital Identity Management Identity Theft Management

More information

CHAPTER 10: COMPUTER SECURITY AND RISKS

CHAPTER 10: COMPUTER SECURITY AND RISKS CHAPTER 10: COMPUTER SECURITY AND RISKS Multiple Choice: 1. In a survey of more than 500 companies and government agencies, percent detected computer security breaches. A. 20 B. 75 C. 85 D. 99 Answer:

More information

Bellevue University Cybersecurity Programs & Courses

Bellevue University Cybersecurity Programs & Courses Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320

More information

About Our 2015 WTA Cyber Security Speakers and Sessions

About Our 2015 WTA Cyber Security Speakers and Sessions About Our 2015 WTA Cyber Security Speakers and Sessions The constant threat of cyber security attacks is the number one concern for most businesses today. Weaknesses in networks and data security can expose

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Information Security Policy

Information Security Policy Information Security Policy Steve R. Hutchens, CISSP EDS, Global Leader, Homeland Security Agenda Security Architecture Threats and Vulnerabilities Design Considerations Information Security Policy Current

More information

Module 1: Facilitated e-learning

Module 1: Facilitated e-learning Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

THE SECURITY OF HOSTED EXCHANGE FOR SMBs THE SECURITY OF HOSTED EXCHANGE FOR SMBs In the interest of security and cost-efficiency, many businesses are turning to hosted Microsoft Exchange for the scalability, ease of use and accessibility available

More information

Biometrics in Physical Access Control Issues, Status and Trends White Paper

Biometrics in Physical Access Control Issues, Status and Trends White Paper Biometrics in Physical Access Control Issues, Status and Trends White Paper Authored and Presented by: Bill Spence, Recognition Systems, Inc. SIA Biometrics Industry Group Vice-Chair & SIA Biometrics Industry

More information

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software.

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software. Mapping Your Path to the Cloud A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software. Table of Contents Why the Cloud? Mapping Your Path to the Cloud...4

More information

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?

More information

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age

Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.

More information

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html

More information

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Beyond passwords: Protect the mobile enterprise with smarter security solutions IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive

More information

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and

More information

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

INFORMATION SECURITY FOR YOUR AGENCY

INFORMATION SECURITY FOR YOUR AGENCY INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection

More information

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing

More information

Custom Systems Corp.

Custom Systems Corp. ABOUT Company Overview No company builds a 40-year reputation for excellence overnight. We began life in 1973, providing payroll and accounts payable services. Since then CSC has grown and expanded, anticipating

More information

Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION

Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION TWO-FACTOR AUTHENTICATION A RECENT SURVEY SHOWS THAT 90% OF ALL COMPANIES HAD BEEN BREACHED IN THE LAST 12 MONTHS. THIS PARED WITH THE FACT THAT

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services Over the past decade, the demands on government agencies to share information across the federal, state and local levels

More information

Pretty Good Privacy (PGP)

Pretty Good Privacy (PGP) Pretty Good Privacy (PGP) Contents...1 Abstract...2 Introduction...3 The importance of the cryptography...4 The idea about how (PGP) works...5 Legal issues surrounding (PGP)...6 The implementation and

More information

How TraitWare TM Can Secure and Simplify the Healthcare Industry

How TraitWare TM Can Secure and Simplify the Healthcare Industry How TraitWare TM Can Secure and Simplify the Healthcare Industry January 2015 Secure and Simplify Your Digital Life. Overview of HIPPA Authentication Standards When Title II of the Health Insurance Portability

More information

This is a preview - click here to buy the full publication

This is a preview - click here to buy the full publication TECHNICAL REPORT IEC/TR 62443-3-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems

More information

Data Security. So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc.

Data Security. So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc. Data Security So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc. Table of Contents: 1. Introduction 3 2. Cybersecurity: The loopholes in the system

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

plantemoran.com What School Personnel Administrators Need to know

plantemoran.com What School Personnel Administrators Need to know plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of

More information

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Top Five Ways to Protect Your Network. A MainNerve Whitepaper A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION Whitepaper MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION A SURVEY SHOWS THAT 90% OF ALL COMPANIES HAD BEEN BREACHED IN THE LAST 12 MONTHS. THIS PAIRED WITH THE FACT THAT THREATS

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Security in an Increasingly Threatened World. SMS: A better way of doing Two Factor Authentication (2FA)

Security in an Increasingly Threatened World. SMS: A better way of doing Two Factor Authentication (2FA) Security in an Increasingly Threatened World SMS: A better way of doing Two Factor Authentication (2FA) January 2015 The Proliferation of The App World The revolution of the smart phone forever affected

More information

Identity Theft Prevention Committee Updates and Discussions: 3/15. Team,

Identity Theft Prevention Committee Updates and Discussions: 3/15. Team, Identity Theft Prevention Committee Updates and Discussions: 3/15 Team, We will be meeting on Monday, March 19 th to move forward with the Identity Theft Prevention Program. Please bring the packet that

More information

Compliance in the Corporate World

Compliance in the Corporate World Compliance in the Corporate World How Fax Server Technology Minimizes Compliance Risks Fax and Document Distribution Group November 2009 Abstract Maintaining regulatory compliance is a major business issue

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

Remote Access Securing Your Employees Out of the Office

Remote Access Securing Your Employees Out of the Office Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

Implementing Transparent Security for Desktop Encryption Users

Implementing Transparent Security for Desktop Encryption Users Implementing Transparent Security for Desktop Encryption Users Solutions to automate email encryption with external parties Get this White Paper Entrust Inc. All All Rights Reserved. 1 1 Contents Introduction...

More information

Hospitality Cloud+Plus. How Technology Can Benefit Your Hotel LIMOTTA IT. LIMOTTAIT.com/hospitality 888 884 6278

Hospitality Cloud+Plus. How Technology Can Benefit Your Hotel LIMOTTA IT. LIMOTTAIT.com/hospitality 888 884 6278 Hospitality Cloud+Plus How Technology Can Benefit Your Hotel LIMOTTA IT LIMOTTAIT.com/hospitality 888 884 6278 Content + + About Us PCI Compliance + Virtualization + + + Unified Technology Single Sign

More information

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold The Essentials Series PCI Compliance sponsored by by Rebecca Herold Using PCI DSS Compliant Log Management to Identify Attacks from Outside the Enterprise...1 Outside Attacks Impact Business...1 PCI DSS

More information

Securing Endpoints without a Security Expert

Securing Endpoints without a Security Expert How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series

More information

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous

More information

Why cloud backup? Top 10 reasons

Why cloud backup? Top 10 reasons Why cloud backup? Top 10 reasons HP Autonomy solutions Table of contents 3 Achieve disaster recovery with secure offsite cloud backup 4 Free yourself from manual and complex tape backup tasks 4 Get predictable

More information

Retention & Destruction

Retention & Destruction Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of

More information

A Decision Maker s Guide to Securing an IT Infrastructure

A Decision Maker s Guide to Securing an IT Infrastructure A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose

More information

CYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE

CYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE CYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE WHITE PAPER www.cibecs.com 2 Table of ontents 01 02 03 04 05 EXECUTIVE SUMMARY: CYBER SECURITY MANAGING YOUR ATTACK SURFACE DATA VULNERABILITY 1 THE ENDPOINT

More information

Information Security Basic Concepts

Information Security Basic Concepts Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,

More information

Security Issues with Distributed Web Applications

Security Issues with Distributed Web Applications Security Issues with Distributed Web Applications Device Connectivity We are entering the era of Device Connectivity, which is the fourth wave of evolution for Internet-enabled applications. The first

More information

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15. NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

INTRODUCING isheriff CLOUD SECURITY

INTRODUCING isheriff CLOUD SECURITY INTRODUCING isheriff CLOUD SECURITY isheriff s cloud-based, multi-layered, threat protection service is the simplest and most cost effective way to protect your organization s data and devices from cyber-threats.

More information

Certification for Information System Security Professional (CISSP)

Certification for Information System Security Professional (CISSP) Certification for Information System Security Professional (CISSP) The Art of Service Copyright Notice of rights All rights reserved. No part of this book may be reproduced or transmitted in any form by

More information

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 1 Introduction As small and mid-sized companies rely more heavily on their computer networks to

More information

Developing National Frameworks & Engaging the Private Sector

Developing National Frameworks & Engaging the Private Sector www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012

More information

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is 1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the

More information

White paper Security Solutions Advanced Theft Protection (ATP) Notebooks

White paper Security Solutions Advanced Theft Protection (ATP) Notebooks White paper Security Solutions Advanced Theft Protection (ATP) Notebooks Contents Introduction 2 Approaching the Challenge 4 Fujitsu s Offering Advanced Theft Protection (ATP) 5 Fujitsu is taken the lead

More information

Enterprise Data Protection

Enterprise Data Protection PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION

More information

Securing Critical Information Assets: A Business Case for Managed Security Services

Securing Critical Information Assets: A Business Case for Managed Security Services White Paper Securing Critical Information Assets: A Business Case for Managed Security Services Business solutions through information technology Entire contents 2004 by CGI Group Inc. All rights reserved.

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

whitepaper Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance

whitepaper Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance Table of Contents 3 10 Essential Steps 3 Understand the Requirements 4 Implement IT Controls that Affect your

More information

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers 2012. Your Interactive Guide to the Digital World Chapter 11 Manage Computing Securely, Safely and Ethically Discovering Computers 2012 Your Interactive Guide to the Digital World Objectives Overview Define the term, computer security risks, and briefly

More information

Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools

Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools White Paper Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools Introduction The modern workforce is on the hunt for tools that help them get stuff done. When the technology

More information

The Next Generation of Security Leaders

The Next Generation of Security Leaders The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish

More information

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

Information Technology Audit & Forensic Techniques. CMA Amit Kumar Information Technology Audit & Forensic Techniques CMA Amit Kumar 1 Amit Kumar & Co. (Cost Accountants) A perfect blend of Tax, Audit & Advisory services Information Technology Audit & Forensic Techniques

More information

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE

More information

Secure Remote Control Security Features for Enterprise Remote Access and Control

Secure Remote Control Security Features for Enterprise Remote Access and Control Secure Remote Control Security Features for Enterprise Remote Access and Control Good communication is vital to any company, large or small. Many departments within companies are utilizing different platforms

More information

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches

More information

High Speed Internet - User Guide. Welcome to. your world.

High Speed Internet - User Guide. Welcome to. your world. High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a

More information

MAXIMUM PROTECTION, MINIMUM DOWNTIME

MAXIMUM PROTECTION, MINIMUM DOWNTIME MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is

More information

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011

IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 IT Risk and Security Cloud Computing Mike Thomas Erie Insurance May 2011 Cloud Basics Cloud Basics The interesting thing about cloud computing is that we've redefined cloud computing to include everything

More information

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

How Do People Use Security in the Home

How Do People Use Security in the Home How Do People Use Security in the Home Kaarlo Lahtela Helsinki University of Technology Kaarlo.Lahtela@hut.fi Abstract This paper investigates home security. How much people know about security and how

More information

The Twelve Most Common Threats to HIPAA Compliance When Providing Remote Access to Systems and Data March 2010

The Twelve Most Common Threats to HIPAA Compliance When Providing Remote Access to Systems and Data March 2010 The Twelve Most Common Threats to HIPAA Compliance When Providing Remote Access to Systems and Data March 2010 www.tridia.com Copyright 2005-2010 Tridia Corporation Backdrop On August 12, 1998, the Department

More information

Statistical Analysis of Internet Security Threats. Daniel G. James

Statistical Analysis of Internet Security Threats. Daniel G. James Statistical Analysis of Internet Security Threats Daniel G. James ABSTRACT The purpose of this paper is to analyze the statistics surrounding the most common security threats faced by Internet users. There

More information

Three significant risks of FTP use and how to overcome them

Three significant risks of FTP use and how to overcome them Three significant risks of FTP use and how to overcome them Management, security and automation Contents: 1 Make sure your file transfer infrastructure keeps pace with your business strategy 1 The nature

More information