The Evolving Security Landscape. Andreas M Antonopoulos Senior Vice President & Founding Partner
|
|
- Owen Hunter
- 8 years ago
- Views:
Transcription
1 The Evolving Security Landscape Andreas M Antonopoulos Senior Vice President & Founding Partner
2 Agenda About Nemertes Security and Compliance Trends Technology Overview and Business Drivers Conclusion and Recommendations
3 Nemertes: Bridging the Gap Between Business & IT Quantifies the business impact of emerging technologies Conducts in-depth interviews with IT professionals Advises businesses on critical issues such as: Unified Communications Social Computing Data Centers & Cloud Computing Security Next-generation WANs Cost models, RFPs, Architectures, Strategies
4 Security and Compliance Trends
5 Security and Compliance Outlook Phishing/Identity Theft Website Defacement Website defacement Viruses XSS and SQL Injection Worms/Trojans DOS Polymorphic Attacks/ Malware RISE OF THE BOTNETS/ DDOS Hacking for Fun and Fame Silent BOTNETS Organized Cybercrime Cyber Warfare HIPAA, GLBA, Sarbanes Oxley PCI-DSS Breach Notification HITECH National Breach Disclosure Amended FRCP
6 De-Perimeterization Is that a word? No, but it s happening anyway! You used to have The Internet Connection and The Firewall We are rapidly moving to ubiquitous connectivity and mobility The Internet is everywhere! There is no INSIDE and OUTSIDE in your network
7 The Changing End-User Landscape Employee personal use of technology influences IT decisions for 46% of organizations About 67% of organizations have a formal telework policy iphone already target of attacks against known vulnerabilities Mobile devices are a significant data loss risk The line between personal and work computing is blurring
8 Security by Location Most security today is LOCATION-CENTRIC O C C Servers and desktops are becoming virtual Firewalls, VLANs, ACLs, IP Addresses Locations Location should not be the foundation of your security policy!
9 Compliance on the Rise If Enron gave us Sarbanes- Oxley, what will 100xEnron give us? Legislation to pass a national breach disclosure law HITECH Act adds more teeth to HIPAA PCI-DSS is driving security behavior Compliance drives security spending for 37% of organizations Compliance requirements will get more prescriptive with sharper teeth
10 Data-Centric Security Data-centric means INSPECTING and PROTECTING the data Regardless of where it is Anti-malware inwards, data leakage outwards Content inspection Encryption Fingerprinting Digital certificates Security meta-data ALL DATA SUBJECT TO SEARCH
11 Technology Overview and Business Drivers
12 Technology Architecture & Evolution Management Application and Endpoint Identity Layer Data Encryption and Inspection Network Security Virrtualized d Securiity Application pp Securityy Application Policy Identity Mgt PKI Incident and Event Mgt Network Mgt
13 Cyber Crime A coordinated approach to cyber crime: People h Education about phishing, malware and detection of social engineering Process h Password management, user account deprovisioning, privileged user management, alert notification process and incident response Technology h Web application firewall, endpoint protection (AV, anti-malware), scanning, IDS/IDP, firewall, VPN, NAC, encryption/key management, multifactor authentication and physical security
14 Anti-Malware Anti-malware delivery is evolving with four delivery modes: endpoint, appliance, cloud and hybrid Anti-malware Worms, viruses and trojans are stealthier than ever, vastly more numerous and proliferate mainly via web pages h Botnets, buffer overflow, cross-site scripting, SQL injections, invisble iframes White/Black listing is becoming obsolete. A good web page can turn bad and then back to good before the next scan
15 Identity Management Identity is the foundation of trust Three key identity management areas h User management, Authentication management, Authorization management Most organizations have a scattered collection of directories and controls. Evolving standards SAML Secure Assertion Markup Language Single Sign-on (SSO) XACML extensible Access Control Markup Language least privilege OAuth Open Authentication sharing data between clouds
16 Regulatory Compliance Compliance is typically a component of governance, risk management and compliance (GRC) The most onerous compliance requirement is privacy protection: h HIPAA (1996) and HITECH (2009), FERPA (1974), PCI-DSS (2002), GLBA (1999) and breach disclosure laws such as CA SB1386 (2002) Compliance requires adoption, implementation, verification and auditing of security best practice Look for security products that include compliance templates to ease the selection of controls and procedures
17 Data Loss Prevention Multiple approaches to Data Loss Prevention (DLP): Advantage Disadvantage Endpoint Local knowledge and Requires install on every offline protection machine and susceptible to malware Appliance Global knowledge, No protection for offline dedicated performance and hardened device machines and no local USB support Cloud No hardware/software investment and support for mobile and teleworkers No local protection and leaks are caught in the cloud rather than inside the firewall
18 e-discovery The ground rules for e-discovery are the Federal Rules of Civil Procedure (FRCP), amended in h produce and permit the party making the request, to inspect, copy, test, or sample any designated documents or electronically stored information- (including writings, drawings, graphs, charts, photographs, sounds recordings, images, and other data in any medium from which information can be obtained, - translated, if necessary, by the respondent into reasonably usable form. Warning! Voic is discoverable ramifications for unified messaging g The scope of electronically stored information (ESI) requires use of e-discovery tools to locate, categorize, copy and manage retention Safe Harbor provision protects inadvertent deletion
19 Virtualization Security Virtualization reduces defense in depth requiring virtualization security such as virtual FW, virtual IDS and virtual anti-malware Adoption of virtualization security is low with less than 10% of organizations deploying today New Virtualization Security Compliance will drive Defense in Depth virtualization security adoption h Requires prescriptive guidance All major security vendors will have VirtSec products in 2010 Physical Legacy Systems SaaSS PaaS IaaS Virtualized Storage Virtualized Network Physical Network Infrastructure Strong perimeter Defense
20 Cloud Security Cloud computing adoption is < 1% of organizations h Security and compliance issues Top concerns of cloud computing: h Service provider lock-in h Compliance risks h Isolation failure h Undetected breaches h Data location Cloud requires VirtSec plus identity management, encryption, data leak prevention and control over data location
21 Enabling Technologies Technology Insider Threat Risks Addressed d Business Drivers Malware Data Leakage Compliance Agility Mobility Network Security Content Inspection Encryption Security Information And Event Management OS Security Identity And Authentication Application Security Virtualized Security Security As A Service
22 Conclusion and Recommendations
23 What Should You Be Doing? Urgent: Act Now Technology has become mainstream. R&D for predecessor technology has dried up. Competitors will gain advantage. Short-Term Plans Technology is becoming mainstream. Business benefit too large to ignore. Implement within 1 year. Long-Term Plans Technology can provide some benefits. Some may be too new for business adoption. Implement in 1-3 years Specific Needs Technology is relevant for certain companies. Implementation is case-bycase, depending on industry or size.
24 Security Roadmap Move Security Up the Stack Implement Identity Infrastructure Implement DLP Implement Encryption Review employee security training Urgent: Act Now
25 Security Roadmap Assess compliance issues Evaluate e-discovery preparedness Centralize and protect logs Implement SIM/SEM Outsource Specialized Functions Short-Term Plans
26 Security Roadmap Evaluate OS choices Harden OS Implement Application Security Implement Virtualized Security Prepare for de-perimeterization Prepare for continuous mobility Long-Term Plans
27 Conclusions and Recommendations Perimeters are melting away Ubiquitous data and people need ubiquitous security Threats from organized crime and giant botnets Identity-centric and data-centric security is the future Defense-in-depth h Network security h Endpoint security h OS security h Application security h Security information and event management
28 Thank You Andreas M Antonopoulos SVP & Founding Partner andreas@nemertes.com
Business Risk Assessment - A Primer
The Evolving Security Landscape: Technology Overview and Business Drivers Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Technology Overview and
More informationThe Evolving Threat Landscape: Protecting Your Mobile and Virtual Environment from Emerging Security Threats
The Evolving Threat Landscape: Protecting Your Mobile and Virtual Environment from Emerging Security Threats John Burke Principal Research Analyst Nemertes Research www.nemertes.com Agenda About Nemertes
More informationBringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com
Bringing Cloud Security Down to Earth Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Cloud Dynamics and Adoption Assessing Risk of Cloud Services
More information全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks
全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks Agenda Challenges and PCI DSS 3.0 Updates Personal Information Protection Act Strategy to Protect against leak of Confidential Personal and Corporate
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationThe Security Scenario 2005: The Future of Information Security
The Security Scenario 2005: The Future of Information Security Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with Gartner s official approval.
More informationProtecting the un-protectable Addressing Virtualisation Security Challenges
Protecting the un-protectable Addressing Virtualisation Security Challenges Paul Hogan, Technical Director, Ward Solutions November 11, 2010 Top Cloud Security Challenges Secure Virtualisation Need secure
More informationDeveloping Secure Software in the Age of Advanced Persistent Threats
Developing Secure Software in the Age of Advanced Persistent Threats ERIC BAIZE EMC Corporation DAVE MARTIN EMC Corporation Session ID: ASEC-201 Session Classification: Intermediate Our Job: Keep our Employer
More informationFortinet Solutions for Compliance Requirements
s for Compliance Requirements Sarbanes Oxley (SOX / SARBOX) Section / Reference Technical Control Requirement SOX references ISO 17799 for Firewall FortiGate implementation specifics IDS / IPS Centralized
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationBuilding a Security Services Business Case. Robin Gareiss Executive Vice President & Founding Partner www.nemertes.com
Building a Security Services Business Case Robin Gareiss Executive Vice President & Founding Partner www.nemertes.com Agenda About Nemertes The Security Services Landscape and Drivers Best Practices for
More informationSecurely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationSecuring SaaS Applications: A Cloud Security Perspective for Application Providers
P a g e 2 Securing SaaS Applications: A Cloud Security Perspective for Application Providers Software as a Service [SaaS] is rapidly emerging as the dominant delivery model for meeting the needs of enterprise
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationThe Trusted Front Door to the Cloud
The Trusted Front Door to the Cloud Jeff Burstein Director, Product Management, User Authentication 1 The Great Commoditization of IT has Begun Economic Drivers Pay as you go (or else) CAPEX to OPEX Simplification
More informationCourse Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationDeveloping the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009
Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in
More informationSecure Cloud Computing
Secure Cloud Computing Agenda Current Security Threat Landscape Over View: Cloud Security Overall Objective of Cloud Security Cloud Security Challenges/Concerns Cloud Security Requirements Strategy for
More informationPermeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions
Permeo Technologies WHITE PAPER HIPAA Compliancy and Secure Remote Access: Challenges and Solutions 1 Introduction The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has had an
More informationJort Kollerie SonicWALL
Jort Kollerie Cloud 85% of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years. 68% of spend in private cloud solutions. - Bain and Dell 3 Confidential
More informationCompTIA Security+ (Exam SY0-410)
CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate
More informationEvolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance
Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats
More informationCloud Security: Getting It Right
Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon
More informationTRENDS IN THE THREAT LANDSCAPE
TRENDS IN THE THREAT LANDSCAPE Guy Eilon, SEE Regional Manager April 2013 geilon@websense.com TRITON STOPS MORE THREATS. WE CAN PROVE IT. 2013 Websense, Inc. Page 1 CHANGING CUSTOMERS NEEDS 90% of companies
More informationThe Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention
Whitepaper The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention May 2007 Copyright Sentrigo Ltd. 2007, All Rights Reserved The Challenge: Securing the Database Much of the effort
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationSecurity & Cloud Services IAN KAYNE
Security & Cloud Services IAN KAYNE CloudComponents CLOUD SERVICES Dynamically scalable infrastructure, services and software based on broad network accessibility NETWORK ACCESS INTERNAL ESTATE CloudComponents
More informationHow To Protect Your Cloud Computing Resources From Attack
Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview
More informationIdentity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015
Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud
More informationNetwork/Cyber Security
Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationSecurity Solution Architecture for VDI
Solution Architecture for VDI A reference implementation of VMware BENEFITS Validated solution architecture provides unprecedented end-to-end security dashboard for virtual desktop infrastructure (VDI)
More informationGuidelines for Website Security and Security Counter Measures for e-e Governance Project
and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationTotal Cloud Protection
Total Cloud Protection Data Center and Cloud Security Security for Your Unique Cloud Infrastructure A Trend Micro White Paper August 2011 I. INTRODUCTION Many businesses are looking to the cloud for increased
More informationEvaluating IaaS security risks
E-Guide This expert tip examines the risks organizations need to be aware of when evaluating IaaS solutions, and highlights the key architectural and process components of access management services that
More informationRE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC
RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationDefending Against Cyber Attacks with SessionLevel Network Security
Defending Against Cyber Attacks with SessionLevel Network Security May 2010 PAGE 1 PAGE 1 Executive Summary Threat actors are determinedly focused on the theft / exfiltration of protected or sensitive
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationSecuring the Physical, Virtual, Cloud Continuum
Securing the Physical, Virtual, Cloud Continuum By Ted Ritter, CISSP Senior Research Analyst Executive Summary The data center is undergoing a radical shift, from virtualization towards internal cloud
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationCompliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards
Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards Paul de Graaff Chief Strategy Officer Vanguard Integrity Professionals March 11, 2014 Session
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationAppGuard. Defeats Malware
AppGuard Defeats Malware and phishing attacks, drive-by-downloads, zero-day attacks, watering hole attacks, weaponized documents, ransomware, and other undetectable advanced threats by preventing exploits
More informationInformation & Asset Protection with SIEM and DLP
Information & Asset Protection with SIEM and DLP Keeping the Good Stuff in and the Bad Stuff Out Professional Services: Doug Crich Practice Leader Infrastructure Protection Solutions What s driving the
More informationCloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationWHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6
WHITE PAPER FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6 Ensuring compliance for PCI DSS 6.5 and 6.6 Page 2 Overview Web applications and the elements surrounding them
More informationCyber Security and Critical Information Infrastructure
Cyber Security and Critical Information Infrastructure Dr. Gulshan Rai Director General Indian Computer Emergency Response Team (CERT- In) grai [at] cert-in.org.in The Complexity of Today s Network Changes
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationDetailed Description about course module wise:
Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference
More informationSecure & Unified Identity
Secure & Unified Identity for End Users & Privileged Users Copyright 2015 Centrify Corporation. All Rights Reserved. 1 Identity at Center of Cyber Attacks PRIVILEGED USERS END USERS Copyright 2015 Centrify
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationHow To Protect Yourself From A Hacker Attack
Cybersecurity Demystified: Information Technology Security Trends Joe Oleksak, Plante Moran Agenda Data Security Trends Example Attacks Industry Examples An Answer 1 Who Are The Victims? Targets - victims
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationDeep Security. Προστατεύοντας Server Farm. Σωτήρης Δ. Σαράντος. Available Aug 30, 2011. Σύμβουλος Δικτυακών Λύσεων. Copyright 2011 Trend Micro Inc.
Deep Security Προστατεύοντας Server Farm Available Aug 30, 2011 Σωτήρης Δ. Σαράντος Σύμβουλος Δικτυακών Λύσεων Copyright 2011 Trend Micro Inc. Legacy Security Hinders Datacenter Consolidation Physical
More informationAPIs The Next Hacker Target Or a Business and Security Opportunity?
APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone
More informationCEH Version8 Course Outline
CEH Version8 Course Outline Module 01: Introduction to Ethical Hacking Information Security Overview Information Security Threats and Attack Vectors Hacking Concepts Hacking Phases Types of Attacks Information
More informationPresentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy
Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes
More informationCertified Cyber Security Analyst VS-1160
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationTrend Micro Data Protection
Trend Micro Data Protection Solutions for privacy, disclosure and encryption A Trend Micro White Paper I. INTRODUCTION Enterprises are faced with addressing several common compliance requirements across
More informationSecure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services
Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationCloud Computing: Risks and Auditing
IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG
More informationEnterprise Computing Solutions
Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company
More information2012 Data Breach Investigations Report
2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting & Information
More informationNext Gen Firewall and UTM Buyers Guide
Next Gen Firewall and UTM Buyers Guide Implementing and managing a network protected by point solutions is far from simple. But complete protection doesn t have to be complicated. This buyers guide explains
More informationSecuring Smart City Platforms IoT, M2M, Cloud and Big Data
SESSION ID: SSC-W10 Securing Smart City Platforms IoT, M2M, Cloud and Big Data Ibrahim Al Mallouhi Vice President - Operations Emirates Integrated Telecommunication Company (du) Roshan Daluwakgoda Senior
More informationThe monsters under the bed are real... 2004 World Tour
Web Hacking LIVE! The monsters under the bed are real... 2004 World Tour Agenda Wichita ISSA August 6 th, 2004 The Application Security Dilemma How Bad is it, Really? Overview of Application Architectures
More informationCybercrime and Regulatory Priorities for Cybersecurity
NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L
More informationModular Network Security. Tyler Carter, McAfee Network Security
Modular Network Security Tyler Carter, McAfee Network Security Surviving Today s IT Challenges DDos BOTS PCI SOX / J-SOX Data Exfiltration Shady RAT Malware Microsoft Patches Web Attacks No Single Solution
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationThe Information Security Problem
Chapter 10 Objectives Describe the major concepts and terminology of EC security. Understand phishing and its relationship to financial crimes. Describe the information assurance security principles. Identify
More informationNETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
More informationProcess Solutions. Staying Ahead of Today s Cyber Threats. White Paper
Process Solutions White Paper Staying Ahead of Today s Cyber Threats Executive Summary In an age where ubiquitous flash drives can become precision-guided munitions and a serious security breach is a single,
More informationClouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst
Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment
More informationThe Security Organization p. 1 Anecdote p. 2. Introduction
Preface p. xxiii Introduction p. xxv The Security Organization p. 1 Anecdote p. 2 Introduction p. 2 Where to Put the Security Team p. 2 Where Should Security Sit? Below the IT Director Report p. 3 Where
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationNew Risks in the New World of Emerging Technologies
New Risks in the New World of Emerging Technologies Victor Chu Client Technical Professional Identity, Security, and Compliance Management Software Group IBM Malaysia Risk it s NOT a four simple letter
More informationDISTRIBUTED SYSTEMS SECURITY
DISTRIBUTED SYSTEMS SECURITY Issues, Processes and Solutions Abhijit Belapurkar, Yahoo! Software Development India Pvt. Ltd., India Anirban Chakrabarti, Infosys Technologies Ltd., India Harigopal Ponnapalli,
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationThe Onslaught of Cyber Security Threats and What that Means to You
The Onslaught of Cyber Security Threats and What that Means to You No End in Sight for Cyber Crime Growth Number of mobile devices affected IBM Number of accounts hacked CNN Money Number of malware samples
More informationSecureAge SecureDs Data Breach Prevention Solution
SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal
More informationBalancing Security Investment Against Today's Threat Environment
Balancing Security Investment Against Today's Threat Environment Niel Pandya Data Security, Senior Manager, Oracle ASEAN The following is intended to outline our general product direction.
More informationBraindumps.700-295.50.QA
Braindumps.700-295.50.QA Number: 700-295 Passing Score: 800 Time Limit: 120 min File Version: 6.0 http://www.gratisexam.com/ Comprehensive, easy and to the point study material made it possible for me
More informationSecurity in Hybrid Clouds
Security in Hybrid Clouds Executive Summary... 3 Commonly Accepted Security Practices and Philosophies... 4 Defense- in- Depth... 4 Principal of Least Privileges... 4 Hybrid Cloud Security Issues and Threats...
More informationAutomated Protection on UCS with Trend Micro Deep Security
Copyright 2014 Trend Micro Inc. Automated Protection on UCS with Trend Micro Deep Security Chris Van Den Abbeele Senior presales Engineer Agenda 1. Industrialization of Cyber threats The boomerang of Project
More information