CYBERSECURITY NEXUS CSX. 15 October 2014 ISACA Winchester Chapter

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "CYBERSECURITY NEXUS CSX. 15 October 2014 ISACA Winchester Chapter"

Transcription

1 CYBERSECURITY NEXUS CSX 15 October 2014 ISACA Winchester Chapter

2 INTRODUCTION Career International Brewer, various roles ( ) KPMG, IT Risk Service Line Leader ( ) Betfair, Head of Governance, Risk & Assurance ( ) Vodafone, Technology Risk, Compliance and Assurance Leader (2014..) ISACA involvement past and present RiskIT TF, COBIT 5 TF, Cloud Computing TF, Framework Committee Chair COBIT 5 for Risk TF Chair, COBIT Growth Strategy TF International Vice President, SAC Member, Knowledge Board Chair Steven

3 ABOUT ISACA Trust in, and value from, information systems Global association serving 115,000 IT security, assurance, governance and risk professionals Established in 1969 Members in 180 countries 200+ chapters Established the COBIT framework Offers the CISA, CISM, CGEIT and CRISC certifications

4 AGENDA CSX is helping shape the future of cybersecurity through cutting-edge thought leadership, as well as training and certification programs. It gives cybersecurity professionals a smarter way to keep organizations and their information more secure. With CSX, business leaders and cyber professionals can obtain the knowledge, tools, guidance and connections to be at the forefront of a vital and rapidly changing industry. Because Cybersecurity Nexus is at the centre of everything that s coming next... The evolving security landscape the driver for change How do I respond Cybersecurity Nexus Questions

5 THE EVOLVING SECURITY LANDSCAPE THE DRIVER FOR CHANGE

6 12 JANUARY THE WORLD CHANGED Source: 12 January Google honourably disclosed to the world that it had been a victim of modern malware. It was soon discovered that Google was one of more than 20 companies successfully targeted by a well organized and coordinated effort to gain access to sensitive systems and information Companies targeted were within a range of industries, including the financial, technology and chemical sectors

7 HEARTBLEED The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, , instant messaging (IM) and some virtual private networks (VPNs) The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users Source: Watch the video here on Heartbleed: https://www.youtube.com/watch?v=8oi_lahhgje

8 SHELLSHOCK Shellshock is the name given to a security vulnerability in the Bash "shell," or command-line user interface, first made public on 24 September 2014 Like other shells, Bash translates the text-based commands that power users type into command-line interfaces such as Terminal in Apple OS X or Command Prompt in Microsoft Windows into languages that computers can understand. Bash is the default shell in OS X and many varieties of Linux, but, except for specialized software, does not run in Windows Shellshock is a quirk in Bash that could let an attacker remotely replace environment variables in Bash with functions, or actual commands, which the computer would carry out without verification The computers and devices most vulnerable to Shellshock are those that "listen" to the Internet for commands from other computers. For example, a Web server, which constantly gets document requests from Web clients Source:

9 BECOMING ALL TOO COMMON... addresses and other contact information stored at the European Central Bank (ECB) have been stolen, the organization confirmed on Thursday Security that protects a database serving its public website has been breached, it said in a statement published on its website, meaning users registering for information on conferences and visits at the ECB have been compromised It stated that no "internal systems or market-sensitive" information had been part of the data theft and was physically separate from the compromised data "The theft came to light after an anonymous was sent to the ECB seeking financial compensation for the data. While most of the data were encrypted, parts of the database included addresses, some street addresses and phone numbers that were not encrypted," the central bank said Users whose information might be part of the beach are in the process of being contacted, the ECB said, and advised that all passwords on the system have been changed as a precaution The bank is just the latest in a long line of companies and public bodies that have experienced a breach. In May, ebay admitted that hackers had attacked its network and accessed some 145 million user records. It now faces an investigation in the US and UK Source:

10 ADVANCED PERSISTENT THREATS ADVANCED, STEALTHY AND CHAMELEON-LIKE in its adaptability, APTs were once thought to be limited to attacks on government networks APTs can happen to any enterprise Repeated pursuit of objectives, adaptation and persistence differentiate APTs from a typical attack Primarily, the purpose of the majority of APTs is to extract information from systems this could be critical research, enterprise intellectual property or government information, among other things APT DEFINITION An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives Source:

11 BECOMING ALL TOO COMMON... The Pitty Tiger APT has been targeting telcos, defence companies and at least one government in a cyber-espionage campaign that relies on spear phishing and malware prying on vulnerabilities in Microsoft Office In a new whitepaper, security experts at Airbus Defence & Space Cybersecurity Unit detail how the APT has been undetected since at least 2011 and say that its operators have been reliant on an assortment of different malware, including some developed exclusively by the threat actor Instead of looking to exploit any zero-day vulnerability, the group relies extensively on spear phishing, malware and vulnerabilities existing on older versions of Microsoft Office as well as the Heartbleed bug, which continues to affect some 300,000 open-source web servers worldwide The campaign apparently starts with a phishing , with one example promising a holiday along with a Microsoft Office Word attachment. Airbus admits that this is amateur with the attached Word file infecting the computer with malware, while others relied on an older vulnerability, which effected MS Office versions 2003 through to 2010, SQL Server and other popular enterprise software applications The report's authors are in little doubt that the group behind the APT is not state-sponsored, despite China being the likely origin of the group. They lack the experience and financial support that one would expect from state-sponsored attackers. We suppose this group is opportunistic and sells its services to probable competitors of their targets in the private sector. Source:

12 ISACA APT SURVEY JULY % say APTs pose a credible threat to national security or economic stability 1 in 5 have experienced an APT attack 63% believe it is only a matter of time before their business is targeted The majority of survey takers up to 60% believed that they have the ability to identify, respond to and stop a successful APT attack Up to 82% of survey takers have not updated their agreements with vendors who provide protection against APT 67% reported that they haven t held any APT awareness training programs for their employees

13 ISACA STUDENT SURVEY APRIL 2014 The majority of ISACA s student members (88%) plan to work in a field requiring cybersecurity knowledge 57% said their University did not offer cybersecurity courses Fewer than half say they will have adequate skills for the job 74% you plan to pursue a cybersecurity related certificate or certification

14 HOW DO I RESPOND

15 YOU NEED TO BE ON THE OFFENSIVE Traditional prevention and detection is not enough you need to move from defensive to offensive Governments cannot prevent intrusions Data loss is inevitable Attacks will continue Companies often breached for years New approaches required Source:

16 IF YOU HAVE IP YOU ARE A TARGET! Assume you are breached Prepare for the inevitable Start planning Define your Win Delay the Threat from reaching its goal Minimize the loss Improvise as you go along Are your approaches outdated? If so review and revise! Source:

17 WHAT DO I DO? Build a team Establish key relationships Inventory Existing Technologies Standardize the Investigation Process Training and Governance Establish Critical Capabilities Source:

18 CYBERSECURITY NEXUS

19

20 WHAT IS IT? With CSX, business leaders and cyber professionals can obtain the knowledge, tools, guidance and connections to be at the forefront of a vital and rapidly changing industry Secure recognition for your expertise. Our globally accepted certifications help advance skills and careers Join a global community of more than 115,000 professionals, innovators and thought leaders Professional and Student membership Enhance your cybersecurity knowledge and skills at our global conferences, workshops and training events Find the latest research and expert thinking on standards, best practices, emerging trends and beyond

21 WHAT IS IT? Cybersecurity Fundamentals knowledge certificate available now knowledge based exam for those with 0 to 3 years experience CISM Foundational level covers five domains: Cybersecurity concepts Cybersecurity architecture principles Security of networks, systems, applications and data Incident response Security of evolving technology Online exam. Results are shared immediately, and those who pass receive a certificate The content aligns with the US NICE framework and the Skills Framework for the Information Age (SFIA) and was developed by a team of cybersecurity professionals from around the world. The team is involved in all areas of development through content contribution and subject matter expert reviews

22 WHAT IS IT? Professional membership Membership for IT Audit, Security, Governance and Risk Professionals Student membership ISACA student members join a community of students from more than 300 universities worldwide. ISACA student members major in a variety of areas including: Information systems, Business administration, Accounting, Information technology, Engineering and Computer science Student membership provides the knowledge and tools to develop your professional identity. You'll make connections with people who work in your target field, plus those who hire for the positions you seek ISACA has consistently maintained a standard that will continue to be a lever for anyone that wants to meet the challenges of the changing world of IT. It is the best professional membership I have in terms of value for money. Hands down the best association I have ever been involved in very affordable, valuable information. ISACA magazine (the ISACA Journal) and webinars are my most valuable sources of information.

23 WHAT IS IT? Conferences Euro CACS / ISRM + Global CyberLympics Finals North America ISRM, Latin CACS / ISRM Webinars Self-Defense Strategies to Thwart Cloud Intruders: Keep Your Data Safe in the Cloud Breaches: A Risk-Based Approach to Identification, Impact Estimation and Effective Remediation Virtual Conferences Full-day educational events, presented online. The virtual event consists of an exhibit hall, conference hall, networking lounge and resource center Workshops Archived Mobile Security: Overcoming Obstacles, Reducing Risk 9 December Cloud Security Cybersecurity Fundamentals Workshop ISACA was the exclusive host sponsor of the Global CyberLympics World Finals, held in conjunction with the first day of the EuroCACS/ISRM 2014 Global CyberLympics is an international online cybersecurity competition dedicated to finding the top computer network defense teams. Global CyberLympics tests the skills of information security and assurance professionals in teams of 4 to 6 people in areas including: Ethical hacking Computer network defense Computer forensics

24 WHAT IS IT? Articles from ISACA Journal Cybersecurity Blog Posts The CSX Newsroom White Papers & Publications European Cybersecurity Implementation Series Cybersecurity Fundamentals Study Guide** Cybersecurity: What the Board of Directors Needs to Ask Implementing the NIST Cybersecurity Framework* Responding to Targeted Cyberattacks* Transforming Cybersecurity* Advanced Persistent Threats: How To Manage the Risk To Your Business* Advanced Persistent Threat Awareness Study Results *PDF is free to members; non-members may purchase PDF **Available for purchase

25 RECAP AVAILABLE NOW Cybersecurity Fundamentals Certificate and study guide Implementing the NIST Cybersecurity Framework Using COBIT 5 European Cybersecurity Implementation Series Transforming Cybersecurity Using COBIT 5 Responding to Targeted Cyberattacks Advanced Persistent Threats: Managing the Risks to Your Business 2014 APT Awareness Study Cybersecurity webinars and conference tracks (six-part webinar series) Cybersecurity Knowledge Center community COMING SOON Cybersecurity practitioner-level certification (first exam: 2015) Cybersecurity training courses (November 2014) SCADA guidance Digital forensics guidance

26 CAREER PATH 0-3 years: Cybersecurity Fundamentals Certificate No experience required, must pass knowledge-based exam 3-5 years: Cybersecurity practitioner-level certification Coming in mid years: Certified Information Security Manager certification 25,000+ professionals certified since inception

27 Among the resources also coming from ISACA this month are: Two free webinars: Why Implement the NICE Cybersecurity Workforce Framework? Data-centric Audit and Protection: Reducing Risk and Improving Security Posture A cybersecurity Twitter chat on 22 October with ISACA International President Rob Stround) and International Vice President Ramsés Gallego Two cybersecurity training courses: Implementing the NIST Cybersecurity Framework Using COBIT 5 COBIT 5 for Security Assessors Cybersecurity Teaching Materials Cybersecurity Student Handbook Center/Blog/Lists/Posts/Post.aspx?utm_campaign=ISACA+Main&cid=sm_ &utm_content= &utm_source =googleplus&utm_medium=social&appeal=sm&id=450

28 EUROPEAN CYBERSECURITY IMPLEMENTATION SERIES Cybersecurity is emerging to address increases in cybercrime and, in some instances, cyberwarfare Factors contributing to the need for improved cybersecurity include: ubiquitous broadband, IT-centric business and society, and social stratification of IT skills. To address cybercrime, many governments and institutions launched cybersecurity initiatives, ranging from guidance, through standardisation, to comprehensive legislation and regulation ISACA has released the European Cybersecurity Implementation Series primarily to provide practical implementation guidance that is aligned with European requirements and good practice Available now! Series.aspx

29 EUROPEAN CYBERSECURITY IMPLEMENTATION SERIES European Cybersecurity Implementation: Overview a high-level overview of implementing cybersecurity in line with existing laws, standards and other guidance European Cybersecurity Implementation: Assurance this paper focuses on assurance in cybersecurity. In Europe, cybersecurity assurance is an integral part of the internal system of controls that was introduced by EU directive, and implemented subsequently as statutes in the member states European Cybersecurity Implementation: Resilience this paper focuses on resilience in cybersecurity. In the EU and associated countries, the concepts of resilience and cybersecurity are rapidly converging European Cybersecurity Implementation: Risk Guidance this paper focuses on risk guidance in a cybersecurity context, and drills down into the risk management aspects of European cybersecurity European Cybersecurity Audit/Assurance Program this audit/assurance program provides management with an impartial and independent assessment relating to the effectiveness of cybersecurity and related governance, management and assurance

30 TRANSFORMING CYBERSECURITY USING COBIT 5 Eight Key Principles: 1. Understand the potential impact of cybercrime and warfare on your enterprise. 2. Understand end users, their cultural values and their behavior patterns. 3. Clearly state the business case for cybersecurity and the risk appetite of the enterprise. 4. Establish cybersecurity governance. 5. Manage cybersecurity using principles and enablers. (The principles and enablers found in COBIT 5 will help your organization ensure end-to-end governance that meets stakeholder needs, covers the enterprise to end and provides a holistic approach, among other benefits. The processes, controls, activities and key performance indicators associated with each enabler will provide the enterprise with a comprehensive picture of cybersecurity.) 6. Know the cybersecurity assurance universe and objectives. 7. Provide reasonable assurance over cybersecurity. (This includes monitoring, internal reviews, audits and, as needed, investigative and forensic analysis.) 8. Establish and evolve systemic cybersecurity.

31 THANK YOU For more information:

KEY TRENDS AND DRIVERS OF SECURITY

KEY TRENDS AND DRIVERS OF SECURITY CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures

More information

CYBERSECURITY: ISSUES AND ISACA S RESPONSE

CYBERSECURITY: ISSUES AND ISACA S RESPONSE CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services

More information

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.

Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls

More information

CYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA

CYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA CYBERSECURITY NEXUS ROBERT E STROUD INTERNATIONAL PRESIDENT, ISACA RAMSÉS GALLEGO INTERNATIONAL VICE PRESIDENT, ISACA Robert Stroud International President, ISACA VP Strategy & Innovation, CA Technologies

More information

THE CYBERSECURITY SKILL GAP: WHAT EMPLOYERS WANT YOU TO KNOW

THE CYBERSECURITY SKILL GAP: WHAT EMPLOYERS WANT YOU TO KNOW www.isaca.org/cyber THE CYBERSECURITY SKILL GAP: WHAT EMPLOYERS WANT YOU TO KNOW ROBERT E STROUD CGEIT CRISC INTERNATIONAL PRESIDENT ISACA & VP STRATEGY & INNOVATION CA TECHNOLOGIES February 2015 ISACA

More information

HOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE

HOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE HOW TO ADDRESS THE CURRENT IT SECURITY SKILLS SHORTAGE ISACA S CYBER SECURITY NEXUS Ivan Sanchez-Lopez Senior Manager Information Security, IT Risk & Continuity, DHL Global Forwarding ISACA Luxembourg

More information

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Cybersecurity Kill Chain William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Who Am I? Over 20 years experience with 17 years in the financial industry

More information

ISACA Tools Help Develop Cybersecurity Expertise

ISACA Tools Help Develop Cybersecurity Expertise Volume 21, 8 October 2014 ISACA Tools Help Develop Cybersecurity Expertise Nominate Qualified Candidates for the ISACA Board of Directors Tips for Solving Data Classification Challenges Earn CPE at Professional

More information

INSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL

INSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL INSIGHTS AND RESOURCES FOR THE CYBERSECURITY PROFESSIONAL BY 2 In enterprise IT, there is a single point where everything that matters in information, technology and business converges: Cybersecurity Nexus

More information

ISACA S CYBERSECURITY NEXUS (CSX) October 2015

ISACA S CYBERSECURITY NEXUS (CSX) October 2015 ISACA S CYBERSECURITY NEXUS (CSX) October 2015 DO2 EXECUTIVE OVERVIEW Will you be a Cyber defender? ISACA launched the Cybersecurity Nexus (CSX) program earlier this year. CSX, developed in collaboration

More information

Facing Information Security Challenges

Facing Information Security Challenges AKTINA Event Information Security & Cloud Challenges March 17, 2016 Facing Information Security Challenges ISACA Cyprus Chapter Paschalis Pissarides CRISC, CISM, CISA Immediate Past President (2010-2014)

More information

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 AGENDA IT s Changing Landscape ISACA s Response Vision and Mission COBIT 5

More information

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

More information

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015 Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key

More information

WRITTEN TESTIMONY OF

WRITTEN TESTIMONY OF WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you

More information

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private

More information

Cyber Risk Management with COBIT 5

Cyber Risk Management with COBIT 5 Cyber Risk Management with COBIT 5 Marco Salvato CISA, CISM, CGEIT, CRISC, COBIT 5 Approved Trainer 1 Agenda Common definition of Cyber Risk and related topics Differences between Cyber Security and IS

More information

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title

More information

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013

Security Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational

More information

CYBERSECURITY: Is Your Business Ready?

CYBERSECURITY: Is Your Business Ready? CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring

More information

KEY STEPS FOLLOWING A DATA BREACH

KEY STEPS FOLLOWING A DATA BREACH KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience

Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience Cloud Computing Technologies Achieving Greater Trustworthiness and Resilience Cloud Standards Customer Council Public Sector Cloud Summit March 24, 2014 Dr. Ron Ross Computer Security Division Information

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

10 Smart Ideas for. Keeping Data Safe. From Hackers

10 Smart Ideas for. Keeping Data Safe. From Hackers 0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000

More information

WEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services

WEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services WEB SITE SECURITY Jeff Aliber Verizon Digital Media Services 1 SECURITY & THE CLOUD The Cloud (Web) o The Cloud is becoming the de-facto way for enterprises to leverage common infrastructure while innovating

More information

CYBER SECURITY THREAT REPORT Q1

CYBER SECURITY THREAT REPORT Q1 CYBER SECURITY THREAT REPORT Q1 Moving Forward Published by UMC IT Security April 2015 0 U.S. computer networks and databases are under daily cyber-attack by nation states, international crime organizations,

More information

Presented by Evan Sylvester, CISSP

Presented by Evan Sylvester, CISSP Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information

More information

Information Security and Risk Management

Information Security and Risk Management Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management

More information

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC Cyber Security CHAD KNUTSON SECURE BANKING SOLUTIONS 2014 SECURE BANKING SOLUTIONS, LLC Presenter Chad Knutson Senior Information Security Consultant Masters in Information Assurance CISSP (Certified Information

More information

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming

More information

Re: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework )

Re: Experience with the Framework for Improving Critical Infrastructure Cybersecurity ( Framework ) 10 October 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Experience with the Framework for Improving Critical Infrastructure

More information

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons

More information

Collateral Effects of Cyberwar

Collateral Effects of Cyberwar Your texte here. Collateral Effects of Cyberwar by Ilia Kolochenko for Geneva Information Security Day 9 th of October 2015 Quick Facts and Numbers About Cybersecurity In 2014 the annual cost of global

More information

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average

More information

Security & privacy in the cloud; an easy road?

Security & privacy in the cloud; an easy road? Security & privacy in the cloud; an easy road? A journey to the trusted cloud Martin Vliem CISSP, CISA National Security Officer Microsoft The Netherlands mvliem@microsoft.com THE SHIFT O L D W O R L D

More information

Anti-exploit tools: The next wave of enterprise security

Anti-exploit tools: The next wave of enterprise security Anti-exploit tools: The next wave of enterprise security Intro From malware and ransomware to increasingly common state-sponsored attacks, organizations across industries are struggling to stay ahead of

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015

Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event

More information

A NEW APPROACH TO CYBER SECURITY

A NEW APPROACH TO CYBER SECURITY A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively

More information

24/7 Visibility into Advanced Malware on Networks and Endpoints

24/7 Visibility into Advanced Malware on Networks and Endpoints WHITEPAPER DATA SHEET 24/7 Visibility into Advanced Malware on Networks and Endpoints Leveraging threat intelligence to detect malware and exploitable vulnerabilities Oct. 24, 2014 Table of Contents Introduction

More information

CSIS/DOJ Active Cyber Defense Experts Roundtable March 10, 2015

CSIS/DOJ Active Cyber Defense Experts Roundtable March 10, 2015 CSIS/DOJ Active Cyber Defense Experts Roundtable March 10, 2015 On March 10, 2015 the Center for Strategic and International Studies, in conjunction with the Cybersecurity Unit of the U.S. Department of

More information

FREQUENTLY ASKED QUESTIONS on C Y B E R S E C U R I T Y. By IEEE USA s Committee on Communications Policy

FREQUENTLY ASKED QUESTIONS on C Y B E R S E C U R I T Y. By IEEE USA s Committee on Communications Policy FREQUENTLY ASKED QUESTIONS on C Y B E R S E C U R I T Y By IEEE USA s Committee on Communications Policy December 2011 This Frequently Asked Questions (FAQs) was prepared by IEEE-USA s Committee on Communications

More information

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015 Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

More information

Mobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program

Mobile Application Security. Helping Organizations Develop a Secure and Effective Mobile Application Security Program Mobile Application Security Helping Organizations Develop a Secure and Effective Mobile Application Security Program by James Fox fox_james@bah.com Shahzad Zafar zafar_shahzad@bah.com Mobile applications

More information

Cyber Insurance White Paper

Cyber Insurance White Paper Cyber Insurance White Paper This document provides an introduction to cyber insurance. This is a modern insurance product in response to modern security problems. Learn how to reduce your premiums. Author:

More information

A Case for Managed Security

A Case for Managed Security A Case for Managed Security By Christopher Harper Managing Director, Security Superior Managed IT & Security Services 1. INTRODUCTION Most firms believe security breaches happen because of one key malfunction

More information

EY Cyber Security Hacktics Center of Excellence

EY Cyber Security Hacktics Center of Excellence EY Cyber Security Hacktics Center of Excellence The Cyber Crime Underground Page 2 The Darknet Page 3 What can we find there? Hit men Page 4 What can we find there? Drug dealers Page 5 What can we find

More information

Cyber Defense Operation Center (CDOC) Ensuring that Experts are allways watching

Cyber Defense Operation Center (CDOC) Ensuring that Experts are allways watching (CDOC) Ensuring that Experts are allways watching Data Sheet Introduction CyberHat CDOC is an intelligent security operation center; which combines cutting edge technologies and innovative processes ensuring

More information

Malware. Stopping cyberattacks. Sponsored by

Malware. Stopping cyberattacks. Sponsored by Stopping cyberattacks Sponsored by APT to attack Every organization that maintains intellectual property should be aware of advanced persistent threats, reports Angela Moscaritolo. It would come as no

More information

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER WHITE PAPER CHALLENGES Protecting company systems and data from costly hacker intrusions Finding tools and training to affordably and effectively enhance IT security Building More Secure Companies (and

More information

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives Statement for the Record Richard Bejtlich Chief Security Strategist FireEye, Inc. Before the U.S. House of Representatives Committee on Energy and Commerce Subcommittee on Oversight and Investigations

More information

What Data? I m A Trucking Company!

What Data? I m A Trucking Company! What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West

More information

Detect, Prevent and Remediate the Cyber attack Nelson Yuen

Detect, Prevent and Remediate the Cyber attack Nelson Yuen Detect, Prevent and Remediate the Cyber attack Nelson Yuen Senior Systems Engineer Overview of the Local Security Landscape IP camera footages broadcasted live online In September, 2014, more than 1,000

More information

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Detection, analysis, and understanding of threat

More information

Certified Identity and Security Technologist (CIST) Overview & Curriculum

Certified Identity and Security Technologist (CIST) Overview & Curriculum Overview Identity management and security technologies are increasingly needed to address the growing needs of businesses to counter threats, meet requirements, and mitigate risks. According to recent

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

Cybersecurity: A View from the Boardroom

Cybersecurity: A View from the Boardroom An Executive Brief from Cisco Cybersecurity: A View from the Boardroom In the modern economy, every company runs on IT. That makes security the business of every person in the organization, from the chief

More information

Data Center security trends

Data Center security trends Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:

More information

FedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

FedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

Large Scale Breach Lessons Learned. September 2013

Large Scale Breach Lessons Learned. September 2013 Large Scale Breach Lessons Learned September 2013 1 A Comprehensive Approach to Advanced Threat Defense The threat landscape has changed Adversaries have the ability to develop customized, targeted, and

More information

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security

Next-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security Next-Generation Penetration Testing Benjamin Mossé, MD, Mossé Security About Me Managing Director of Mossé Security Creator of an Mossé Cyber Security Institute - in Melbourne +30,000 machines compromised

More information

InfoSec Academy Application & Secure Code Track

InfoSec Academy Application & Secure Code Track Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security

More information

30 BILLION RISKS AND REWARDS OF CONNECTED DEVICES THE INTERNET OF THINGS CYBER LANDSCAPE TODAY

30 BILLION RISKS AND REWARDS OF CONNECTED DEVICES THE INTERNET OF THINGS CYBER LANDSCAPE TODAY RISKS AND REWARDS OF CONNECTED DEVICES THE HIDDEN INTERNET OF THINGS ISACA 2015 IT RISK / REWARD BAROMETER The Internet of Things paints a vision of a carefree, seamlessly connected world where interconnected

More information

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles

SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

IT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

IT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing

More information

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)

More information

2015 VORMETRIC INSIDER THREAT REPORT

2015 VORMETRIC INSIDER THREAT REPORT Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security RETAIL EDITION #2015InsiderThreat RESEARCH BRIEF RETAIL CUSTOMERS AT RISK ABOUT THIS RESEARCH BRIEF

More information

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers

More information

Security Intelligence Services. www.kaspersky.com

Security Intelligence Services. www.kaspersky.com Kaspersky Security Intelligence Services. Threat Intelligence Services www.kaspersky.com THREAT INTELLIGENCE SERVICES Tracking, analyzing, interpreting and mitigating constantly evolving IT security threats

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Fighting Advanced Threats

Fighting Advanced Threats Fighting Advanced Threats With FortiOS 5 Introduction In recent years, cybercriminals have repeatedly demonstrated the ability to circumvent network security and cause significant damages to enterprises.

More information

FedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

FedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please

More information

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Cybersecurity: Building an Effective Defense : Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced

More information

ISACA ON-SITE TRAINING DELIVERS EXPERT INSTRUCTION AT YOUR WORKPLACE

ISACA ON-SITE TRAINING DELIVERS EXPERT INSTRUCTION AT YOUR WORKPLACE create better trained employees. choose the best value in training. ISACA ON-SITE TRAINING DELIVERS EXPERT INSTRUCTION AT YOUR WORKPLACE PRODUCTIVE train your workforce on-site. save on employee downtime

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

Data Breach Response Planning: Laying the Right Foundation

Data Breach Response Planning: Laying the Right Foundation Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA

More information

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness Wayne A. Wheeler The Aerospace Corporation GSAW 2015, Los Angeles, CA, March 2015 Agenda Emerging cyber

More information

Cyber Security Strategy

Cyber Security Strategy NEW ZEALAND S Cyber Security Strategy 2015 A secure, resilient and prosperous online New Zealand Ministerial Foreword The internet and technology have become a fundamental element in our lives. We use

More information

PACB One-Day Cybersecurity Workshop

PACB One-Day Cybersecurity Workshop PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance

More information

PREPARED TESTIMONY OF THE NATIONAL CYBER SECURITY ALLIANCE MICHAEL KAISER, EXECUTIVE DIRECTOR ON THE STATE OF CYBERSECURITY AND SMALL BUSINESS

PREPARED TESTIMONY OF THE NATIONAL CYBER SECURITY ALLIANCE MICHAEL KAISER, EXECUTIVE DIRECTOR ON THE STATE OF CYBERSECURITY AND SMALL BUSINESS PREPARED TESTIMONY OF THE NATIONAL CYBER SECURITY ALLIANCE MICHAEL KAISER, EXECUTIVE DIRECTOR ON THE STATE OF CYBERSECURITY AND SMALL BUSINESS BEFORE THE COMMITTEE ON HOUSE SMALL BUSINESS SUBCOMMITTEE

More information

Zak Khan Director, Advanced Cyber Defence

Zak Khan Director, Advanced Cyber Defence Securing your data, intellectual property and intangible assets from cybercrime Zak Khan Director, Advanced Cyber Defence Agenda (16 + optional video) Introduction (2) Context Global Trends Strategic Impacts

More information

New challenges in Data privacy.

New challenges in Data privacy. New challenges in Data privacy. Zdravko Stoychev, CISM CRISC Information Security Officer Alpha Bank Bulgaria branch South East European Regional Forum on Cybersecurity and Cybercrime, 2013 11-13 Nov 2013

More information

Hans Henrik Berthing, CPA, CISA, CGEIT, CRISC, CIA

Hans Henrik Berthing, CPA, CISA, CGEIT, CRISC, CIA Hans Henrik Berthing, CPA, CISA, CGEIT, CRISC, CIA HANS HENRIK BERTHING Married with Louise and dad for Dagmar and Johannes CPA, CRISC, CGEIT, CISA and CIA ISO 9000 Lead Auditor Partner and owner for Verifica

More information

Corporate Security Research and Assurance Services

Corporate Security Research and Assurance Services Corporate Security Research and Assurance Services We Keep Your Business In Business Obrela Security Industries mission is to provide Enterprise Information Security Intelligence and Risk Management Services

More information

INDUSTRY OVERVIEW: HEALTHCARE

INDUSTRY OVERVIEW: HEALTHCARE ii IBM MSS INDUSTRY OVERVIEW: HEALTHCARE RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS...

More information

Developing Secure Software in the Age of Advanced Persistent Threats

Developing Secure Software in the Age of Advanced Persistent Threats Developing Secure Software in the Age of Advanced Persistent Threats ERIC BAIZE EMC Corporation DAVE MARTIN EMC Corporation Session ID: ASEC-201 Session Classification: Intermediate Our Job: Keep our Employer

More information

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110 Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110 Exam Information Candidate Eligibility: The CyberSec First Responder: Threat Detection and Response (CFR) exam

More information

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD. Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD. Your Valuable Data In The Cloud? How To Get The Best Protection! A world safe for exchanging digital information

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3

Executive Summary 3. Snowden and Retail Breaches Influencing Security Strategies 3. Attackers are on the Inside Protect Your Privileges 3 GLOBAL ADVANCED THREAT LANDSCAPE SURVEY 2014 TABLE OF CONTENTS Executive Summary 3 Snowden and Retail Breaches Influencing Security Strategies 3 Attackers are on the Inside Protect Your Privileges 3 Third-Party

More information