CYBER SECURITY CHALLENGES AND SOLUTIONS AN EXECUTIVE BRIEFING
|
|
- Byron Higgins
- 8 years ago
- Views:
Transcription
1 Providing Information Peace of Mind to Business and the Notfor-Profit Community CYBER SECURITY CHALLENGES AND SOLUTIONS AN EXECUTIVE BRIEFING Long Beach CalCPA Discussion Group December 21, 2011 Stan Stahl, Ph.D. President Citadel Information Group Phone: Copyright Citadel Information Group, Inc. All Rights Reserved.
2 It was the best of times. It was the worst of times. Charles Dickens
3
4
5
6
7
8
9
10
11
12
13
14 Houston... We Have a Problem 14
15 Annual Cost of Online Bank Fraud: $1,000,000, Bloomberg, Aug 4, 2011:
16 16 Financial Fraud and Identity Theft at Epidemic Levels 542,649,217 Financial Records Reported Breached January 10, 2005 December 14, 2011 These count only reported breaches. They count neither (1) discovered but unreported breaches nor (2) undiscovered breaches.
17 17 Average Cost of Data Breach: $214 Per Compromised Record; $7.2 Million Per Event
18 18 State-Sponsored Cyber Espionage and Intellectual Property Theft Copyright ISSA-LA. All Rights Reserved.
19 19 Cyber Crime World s Most Dangerous Criminal Threat iej.html
20 Information Risk is Business Risk 20 Business Information Under Attack Theft Financial Fraud & Embezzlement Stolen Sales Information Corporate Espionage Theft of Proprietary Processes, Technologies & Other Intellectual Property Loss of Protected Information Belonging to Others Critical Information Unavailable Systems Used for Illegal Purposes
21 21 Information Security Odds Are With Cyber Criminal Cybercriminals Know vulnerabilities Choose where, when & how of attack Attacks blend technology with social engineering Defenders Inadequately aware of threat Over-emphasis on yesterday s technology Lack of specialized knowledge & training Staff not trained to be mindful
22 Meeting the Challenge of Cyber Crime 22 It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles, If you do not know your enemies but do know yourself, you will win one and lose one, If you do not know your enemies nor yourself, you will be imperiled in every single battle.
23 23 Know Your Enemy
24 Why Would Anyone Break Into Information Systems? 24 Because that s where the money is! Bank fraud Other network-based fraud Sell stolen credit cards, SS#, medical identities Sell stolen intellectual property Lease botnets for spam, DDOS attacks, storage Willie Sutton
25 The Growing Global Cyber Criminal Market 25 Organized Cyber Crime Gangs State- Sponsored Cyber Crime Political Hacktivists Cyber Crime Underground
26 CarderPlanet: Ensuring Honor Among Thieves 26 Wired, January 31, 2007: s/2007/01/72605
27 27 Spy Eye: Easy-to-Use Software for the Non- Technical Cyber Criminal
28 And It s Only Getting Worse 28
29 Beware the Inside Threat 29 Crimes include Embezzlement & Financial Theft Theft of Intellectual Property Destruction of Information Assets Spying on Management & Other Employees Masquerading as Other Employees Running Other Businesses Physical Theft Resource Misuse
30 Cyber Crime: A Lucrative Business Model 30 Opportunities to Make Money Cost of Entry Likelihood of Being Caught
31 31 How Your Computer Gets Owned
32 32 We re Secure. We Have Locks on All the Entrances.
33 Bypassing the Locks: Firewall 33 Firewall blocks activity on unneeded ports Cyber criminals use and Internet to go through open ports
34 34 Bypassing the Locks: Anti-Virus / Anti-Malware Fails to Block 60% of Zeus Attacks Anti-Virus blocks known malware DNA Cyber criminals create malware whose DNA changes every time it installs
35 Bypassing the Locks: Exploit Flaws in Software 35
36 36 Bypassing the Locks: Social Engineering Phishing & Spear-Phishing Before: The Nigerian Scam Now: Targeted Spear-Phishing c.track.bridge.metrics.portal.jps.signo n.online.sessionid.ssl.secure.gkkvnx s62qufdtl83ldz.udaql9ime4bn1siact3f.uwu2e4phxrm31jymlgaz.9rjfkbl26xnj skxltu5o.aq7tr61oy0cmbi0snacj.4yqv gfy5geuuxeefcoe7.paroquiansdores. org/
37 Bypassing the Locks: Install Malware on Legitimate Web Sites to Infect Visitors
38 Bypassing the Locks: Public Wi-Fi 38
39 39 Bypassing the Locks: Attack Remote Computing Devices
40 40 Anatomy of an Attack: Phase 1 Take Control of the Workstation Spear-Phishing Web Site Drive-By SmartPhone Malicious USB Key 0-Day Exploit Social Engineering ZeuS / SpyEye Trojan Key Logger File Access Botnet Herder
41 $$$$$ Phase 2 Steal Money & Sell Information 41 User IDs and Passwords Credit Card & Bank Numbers Sensitive Information Illegal Computer Use Sensitive Info Computer
42 42 Lowering the Odds: The View From 50,000 Feet
43 Cyber Security Protection 43 Information Security Management
44 Information Security Management 44 Confidentiality
45 45 Laws, Regulations, Contracts & Recommended Practices Establish Standard of Care US Federal Law Gramm-Leach-Bliley HIPAA FTC Rule US State Laws CA Civil Code CA 1386 / SB24 Breach Disclosure MasterCard and Visa Data Security Standard (PCI) European & Other Laws ISO standards ISO ISO Government Standards, Guides & Advisories NIST NSA US-CERT Practitioner Standards ISSA ISACA (ISC) 2 SANS Institute
46 46 Meeting Standard of Care Requires Top-Level Management & Leadership Information security requires CEO attention in their individual companies Business Roundtable, 2004 Copyright Citadel Information Group. All Rights Reserved.
47 Fundamental Concept: Defense in Depth 47 Operating Assumption: Cyber criminals will get through any particular defense
48 48 Secure from the Bottom Up Manage / Lead from the Top Down Information Security Governance Information Security Policies Compliance Management Plan for Incidents Manage 3 rd -Parties Trust. But Verify. Classify & Control Information IT Security Management Physical & Personnel Security Keep Systems Patched Intrusion Detection & Prevention Train Staff
49 49 Manage Information Security Like Other Quality Programs ISO 27001, Annex ISO A5: Security Policy A6: Organization A7: Asset Management A8: Human Resources A9: Physical / Environmental A10: Communication & Operations Management A11: Access Control A12: Acquisition, Development & Maintenance A13: Incident Management A14: Business Continuity A15: Compliance Copyright Citadel Information Group. All Rights Reserved. Information Security Management System Continuous Process Improvement Engine Demonstrate Continuous Process Improvement of Organization's Ability to Secure Sensitive Information 9/29-30/2010
50 Getting Started: The As-Is 50 If You Don t Know Where You Are, a Map Won t Help Copyright Citadel Information Group. All Rights Reserved.
51 Getting Started: The To-Be 51 If you don t know where you re going, when you get there you ll be lost. Yogi Berra Copyright Citadel Information Group. All Rights Reserved.
52 52 An Ounce of Prevention is Worth a Pound of Cure Security Prevention Costs Technology costs Security management costs Executive IT security management Security overhead costs Security Incident Costs Cold hard cash Direct incident recovery costs Lost productivity costs Intellectual property losses Breach disclosure costs Legal & attorney costs, including investigations and fines Loss of brand value Loss of competitive advantage
53 The Objective: Information Peace of Mind Protect Business Meet Information Security Standard of Care Lower Total Cost of Information Security SM 53 Copyright Citadel Information Group. All Rights Reserved.
54 Greatest Challenge: Organizational Leadership 54 Awareness of Risk Knowledge and Ability to Act Enthusiasm for Getting Involved Eagerness to Create a Culture of Cyber Security Mindfulness Attitude that Failure is not an option Continually asks What don t I know that I don t know I don t know
55 55 Lowering the Odds: Some Specifics
56 Keep Software Patched and Updated 56
57 Reduce Risk of On-Line Bank Fraud 57 Use Stand-Alone Workstation for On- Line Banking Use Only for On-Line Banking No No web browsing Best to Have Separate Internet Connection Best if Separate from Corporate Network Strongly Manage Security of Necessary Connection Out-Of-Band Confirmation from Bank Daily Out-of-Band Reconciliation Train Staff to Limit Information Posted on Social Networks Control Use of Social Networks from Office Be Suspicious It s Not Paranoia if They are Out to Get You
58 Passwords: Easier Than Ever 58 Corporate, Banking, ecommerce Long passphrase Web65mailers$ Lovemyjob$$$3 Different on Different Sites Registration Passwords qwertyu7 Use Secure Password Manager Carefully Roboform Keepass
59 Be Careful with File Transfer Services 59 Extremely Useful When Used with Care Responsibility with User Know what you re buying Having security feature feature implemented correctly Train staff on (in)secure use
60 The Cloud: Yes But Look Before You Leap 60 Cloud Services Salesforce Authorize.net icloud, Google, Amazon S3 Gmail, Office 365 Private clouds Desktop as a Service Security as a Service Security and Legal Challenges Security & privacy responsibility Information availability Legal compliance
61 Use Encryption to Protect Sensitive Data 61 Encryption at Rest Laptops External & USB drives Sensitive databases Encryption in Transit HTTPS: WPA2 for Wi-Fi Dropbox Disk & File Encryption Tools Windows BitLocker: Hard drive encryption Truecrypt: Hard drive encryption Axcrypt: File encryption WinZip: File encryption Key Performance Parameters Encryption algorithm Key length Key security Time to encrypt / decrypt
62 Protect Remote Computing Devices 62 Laptops and Netbooks Protect like desktops Encrypt hard drives ipads, Smartphones, Tablets Minimize sensitive processing Manage Wi-Fi Encrypt when available Password protect Remote find & kill Beware of Android Apps Use VPN when available
63 When Things Go Wrong 63 Incident Response Information Continuity The Trade-Off Back to work Evidence Preservation Be Prepared Network logs Plans Tests Training
64 Meeting the Challenge of Cyber Crime 64 It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles, If you do not know your enemies but do know yourself, you will win one and lose one, If you do not know your enemies nor yourself, you will be imperiled in every single battle.
65 65 Securing the Community It Takes the Village to Protect the Village
66 ISSA-LA: Creating the Los Angeles Cyber Security Management Learning Village 66 Problems cannot be solved by the same level of thinking that created them Albert Einstein Copyright Citadel Information Group. All Rights Reserved.
67 ISSA: 27 Years of Information Security Management Experience 10,000+ members 140 chapters 70 Countries CISSP Internet Security: CIA, Identity Theft, Bank Fraud, etc PC and Network Security: CIA National Security: Confidentiality & Availability Banking, Insurance, Fraud Control: Data Integrity & Availability 67
68 68 ISSA: Providing National Cyber Security Leadership December 22, 2009: ISSA International Board President Howard Schmidt Takes New Responsibility as President Obama s White House Cyber Security Coordinator.
69 69 ISSA-LA: Proactively Driving Information Systems Security Thinking in the Community ISSA-LA s Mission The premier catalyst and information source in the Los Angeles community for improving the practice of information security. Education, networking and support to our direct constituents Information security practitioners IT practitioners with information security responsibilities Information security vendors Outreach, advocacy and education to the broader Los Angeles community It Takes the Village to Secure the Village SM Copyright ISSA-LA. All Rights Reserved.
70 It Takes the Village to Secure the Village SM 70 Business Community InfoSec Community IT Community Law Enforcement ISSA-LA Schools & Education Not-for-Profit Community Families Government Copyright ISSA-LA. All Rights Reserved.
71 ISSA-LA Community Outreach Activities 71 Monthly Lunch Meetings [9 per year] Quarterly Dinner Meetings Annual Information Security Summit in Spring Quarterly CISO Forum Professional Study Groups Collaboration with Colleges, Universities, Professional Associations 2012 Initiatives Community-Based Web Site Community Outreach Speaker s Bureau Quarterly Executive Management Forum Quarterly CIO Forum Quarterly IT Security Briefing Family & Children Cyber Security Program Copyright ISSA-LA. All Rights Reserved.
72 72 An Information Security Ethical Standard of Behavior Protect your neighbor's information as you would want your neighbor to protect yours.
73 For More Information LinkedIn: ISSA-LA: LinkedIn Group Technical: ISSA Los Angeles Chapter Networking LinkedIn Group Community: Friends of ISSA-LA Subscribe to our blogs: Cyber Security News of the Week Weekly Patch and Vulnerability Report Coming soon: CitadelOnSecurity: Citadel s portal to information security awareness training and education
74 Thank You! CYBER SECURITY CHALLENGES AND SOLUTIONS AN EXECUTIVE BRIEFING Providing Information Peace of Mind to Business and the Notfor-Profit Community Copyright Citadel Information Group, Inc. All Rights Reserved.
Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age
Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.
More informationCYBER SECURITY MANAGEMENT: THE NEW C-SUITE RESPONSIBILITY
CYBER SECURITY MANAGEMENT: THE NEW C-SUITE RESPONSIBILITY 8 Critical Factors for Managing Productivity and Performance in 2013 April 19, 2013 Stan Stahl, Ph.D. President Citadel Information Group Phone:
More information10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group
10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group Presented by: Michael Flavin and Stan Stahl Saalex Information Technology Overview Saalex Information
More informationMeeting the Information Security Management Challenge in the Cyber-Age
Meeting the Information Security Management Challenge in the Cyber-Age November 2015 David Lam, CISSP, CPP Vice-President Citadel Information Group Copyright 2015. Citadel Information Group. All Rights
More informationBreaching Bad: New Cyber Security Risks & Regulations Affecting Suppliers At All Tiers
Breaching Bad: New Cyber Security Risks & Regulations Affecting Suppliers At All Tiers Securing the Infrastructure April 2015 Stan Stahl, Ph.D. President Citadel Information Group Phone: 323.428.0441 Stan@Citadel-Information.com
More informationMeeting the Information Security Management Challenge in the Cyber-Age
Meeting the Information Security Management Challenge in the Cyber-Age April 29. 2015 Stan Stahl, Ph.D. President Citadel Information Group Phone: 323.428.0441 Stan@Citadel-Information.com www.citadel-information.com
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationCertified Secure Computer User
Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the
More informationInformation Security Addressing Your Advanced Threats
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility Developed By The University of Texas at Dallas (ISO) Purpose of Training As an employee, you are often the first line of defense protecting valuable
More informationFERPA: Data & Transport Security Best Practices
FERPA: Data & Transport Security Best Practices April 2013 Mike Tassey Privacy Technical Assistance Center FERPA and Data Security Unlike HIPAA and other similar federal regulations, FERPA does not require
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationInformation Security Policy
Information Security Policy Steve R. Hutchens, CISSP EDS, Global Leader, Homeland Security Agenda Security Architecture Threats and Vulnerabilities Design Considerations Information Security Policy Current
More informationNational Cyber Security Month 2015: Daily Security Awareness Tips
National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.
More informationThe Top Ten of Information Security - For 2015
7 th Annual Information Security Summit The Executive Forum Information Security Management Overview June 4, 2015 Copyright 2015. Citadel Information Group. All Rights Reserved. 2 Establishing Leadership.
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationIIABSC 2015 - Spring Conference
IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationResearch Information Security Guideline
Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different
More informationBelmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.
Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.
More informationMust score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.
April 23, 2014 Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually. What is it? Electronic Protected Health Information There are 18 specific
More informationSound Business Practices for Businesses to Mitigate Corporate Account Takeover
Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility The University of Texas at Dallas Information Security Office (ISO) Purpose of Training Information generated, used, and/or owned by UTD has value. Because
More informationSeven Requirements for Successfully Implementing Information Security Policies and Standards
Seven Requirements for Successfully Implementing and Standards A guide for executives Stan Stahl, Ph.D., President, Citadel Information Group Kimberly A. Pease, CISSP, Vice President, Citadel Information
More informationInformation Security and Risk Management
Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management
More informationUnderstanding Layered Security and Defense in Depth
Understanding Layered Security and Defense in Depth Introduction Cybercriminals are becoming far more sophisticated as technology evolves. Well-publicized security breaches of major corporations are capturing
More informationBuilding The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord
Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against
More informationNational Cybersecurity Awareness Campaign
National Cybersecurity Awareness Campaign About Stop.Think.Connect. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department of Homeland Security with creating an ongoing
More informationPREP Course #25: Hot Topics in Cyber Security and Database Security. Presented by: Joe Baskin Manager, Information Security, OCIO JBaskin@nshs.
PREP Course #25: Hot Topics in Cyber Security and Database Security Presented by: Joe Baskin Manager, Information Security, OCIO JBaskin@nshs.edu Objectives Discuss hot topics in cyber security and database
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More information10 Quick Tips to Mobile Security
10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22
More informationNATIONAL CYBER SECURITY AWARENESS MONTH
NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the
More informationWhat keep the CIO up at Night Managing Security Nightmares
What keep the CIO up at Night Managing Security Nightmares Tajul Muhammad Taha and Law SC Copyright 2011 Trend Micro Inc. What is CIOs real NIGHTMARES? Security Threats Advance Persistence Threats (APT)
More informationHow to Practice Safely in an era of Cybercrime and Privacy Fears
How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationKeeping Data Safe. Patients, Research Subjects, and You
Keeping Data Safe Patients, Research Subjects, and You How do hackers access a system Hackers Lurking in Vents and Soda Machines By NICOLE PERLROTH APRIL 7, 2014 New York Times SAN FRANCISCO They came
More informationHot Topics in IT Security PREP#28 May 1, 2014. David Woska, Ph.D. OCIO Security
Hot Topics in IT Security PREP#28 May 1, 2014 David Woska, Ph.D. OCIO Security CME Disclosure Statement The North Shore LIJ Health System adheres to the ACCME s new Standards for Commercial Support. Any
More informationIt s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions
It s 2 o clock: Who Has Your Data? Josh Krueger Chief Technology Officer Integrity Technology Solutions Your home is your business and your farm is your network. But who has access to it? Can you protect
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationGlobal IT Security Risks
Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most
More informationThe 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationGlobal IT Security Risks: 2012
Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
More informationTMCEC CYBER SECURITY TRAINING
1 TMCEC CYBER SECURITY TRAINING Agenda What is cyber-security? Why is cyber-security important? The essential role you play. Overview cyber security threats. Best practices in dealing with those threats.
More informationCNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:
1. Do you implement virus controls and filtering on all systems? Anti-Virus anti-virus software packages look for patterns in files or memory that indicate the possible presence of a known virus. Anti-virus
More informationEffectively Managing Information Security Risk
A guide for executives Stan Stahl, Ph.D., President, Citadel Information Group Kimberly A. Pease, CISSP, Vice President, Citadel Information Group January, 2007 Copyright 2007. Citadel Information Group,
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationRemote Deposit Quick Start Guide
Treasury Management Fraud Prevention How to Protect Your Business Remote Deposit Quick Start Guide What s Inside We re committed to the safety of your company s financial information. We want to make you
More informationIntro. Tod Ferran, CISSP, QSA. SecurityMetrics. 2 years PCI and HIPAA security consulting, performing entity compliance audits
HIPAA Security Rule & Live Hack Tod Ferran, CISSP, QSA Intro Tod Ferran, CISSP, QSA 25 years working with IT and physical security 2 years PCI and HIPAA security consulting, performing entity compliance
More informationCyber Security An Exercise in Predicting the Future
Cyber Security An Exercise in Predicting the Future Paul Douglas, August 25, 2014 AUDIT & ACCOUNTING + CONSULTING + TAX SERVICES + TECHNOLOGY I www.pncpa.com I www.pntech.net What is Cyber Security? Measures
More informationFSOEP Web Banking & Fraud: Corporate Treasury Attacks
FSOEP Web Banking & Fraud: Corporate Treasury Attacks Your Presenters Who Are We? Tim Wainwright Managing Director Chris Salerno Senior Consultant Led 200+ penetration tests Mobile security specialist
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationTax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud
Tax-Related Identity Theft: IRS Efforts to Assist Victims and Combat IDT Fraud Glenn Gizzi Senior Stakeholder Liaison Marc Standig Enrolled Agent What is tax-related identity theft? Tax-related identity
More informationAVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
More information2012 NCSA / Symantec. National Small Business Study
2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National
More informationInformation Security. CS526 Topic 1
Information Security CS 526 Topic 1 Overview of the Course 1 Today s Security News Today: 220 million records stolen, 16 arrested in massive South Korean data breach A number of online gaming & movie ticket
More informationThe Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016
The Future of Data Breach Risk Management Response and Recovery Increasing electronic product life and reliability The Cybersecurity Forum April 14, 2016 Today s Topics About Merchants Information Solutions,
More informationTop five strategies for combating modern threats Is anti-virus dead?
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationCyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013
Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory
More informationSecurity Best Practices for Mobile Devices
Security Best Practices for Mobile Devices Background & Introduction The following document is intended to assist your business in taking the necessary steps needed to utilize the best security practices
More informationMalware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction
More informationLaws, regulations and compliance: Top tips for keeping your data under your control
Laws, regulations and compliance: Top tips for keeping your data under your control The challenge of complying with a growing number of frequently changing government, industry and internal regulations
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationPresentation Objectives
Gerry Cochran, IT Specialist Jennifer Van Tassel, Associate Examiner Office of the State Comptroller Thomas P. DiNapoli State & Local Government Accountability Andrew A. SanFilippo Executive Deputy Comptroller
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationData Access Request Service
Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations
More informationLearn to protect yourself from Identity Theft. First National Bank can help.
Learn to protect yourself from Identity Theft. First National Bank can help. Your identity is one of the most valuable things you own. It s important to keep your identity from being stolen by someone
More informationMedical Information Breaches: Are Your Records Safe?
Medical Information Breaches: Are Your Records Safe? Learning Objectives At the conclusion of this presentation the learner will be able to: Recognize the growing risk of data breaches Assess the potential
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationTHE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS
THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What
More informationSecurity Threats to Business, the Digital Lifestyle, and the Cloud. Trend Micro Predictions for 2013 and Beyond
Security Threats to Business, the Digital Lifestyle, and the Cloud Trend Micro Predictions for 2013 and Beyond In 2013, managing the security of devices, small business systems, and large enterprise networks
More information1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.
Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is
More informationSecurity Challenges and Solutions for Higher Education. May 2011
Security Challenges and Solutions for Higher Education May 2011 Discussion Topics Security Threats and Challenges Education Risks and Trends ACH and Wire Fraud Malware and Phishing Techniques Prevention
More informationCyber Security Strategies for the Small Business Market
Cyber Security Strategies for the Small Business Market Solutions for Small Business Reports are designed to demonstrate how new technologies enabled by cable providers help small business owners and managers
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More informationMalware & Botnets. Botnets
- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online
More informationCOULD YOUR BUSINESS SURVIVE A CRYPTOR? Learn how to guard against crypto-ransomware. www.kaspersky.com/business #SecureBiz
COULD YOUR BUSINESS SURVIVE A CRYPTOR? Learn how to guard against crypto-ransomware www.kaspersky.com/business #SecureBiz A practical guide to cryptor attacks The damage they do to businesses and how to
More informationUnit 3 Cyber security
2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 1 September 2015 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning hours:
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More informationCYBER INFORMATION SECURITY AWARENESS AND PROTECTION PRACTICES. Strengthening Your Community at the Organizational Level
CYBER INFORMATION SECURITY AWARENESS AND PROTECTION PRACTICES Strengthening Your Community at the Organizational Level Las Vegas, Nevada 2012 Security Awareness and Why is it Important? In today s economic
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationDON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0 CYBERSECURITY BREACHES
More informationCOMPUTER SECURITY PRINCIPLES AND PRACTICES BY COREY@MARK5MINISTRIES.ORG
COMPUTER SECURITY PRINCIPLES AND PRACTICES BY COREY@MARK5MINISTRIES.ORG INTRODUCTION My Background Some questions for you Why computer security? Principle of Incarnation What this presentation covers (and
More informationTop 5 Security Trends and Strategies for 2011/2012 Peter Sandkuijl Europe SE manager network security psandkuijl@checkpoint.com
Top 5 Security Trends and Strategies for 2011/2012 Peter Sandkuijl Europe SE manager network security psandkuijl@checkpoint.com 2011 Check Point Software Technologies Ltd. [PROTECTED] All rights reserved.
More informationCertified Secure Computer User
Certified Secure Computer User Course Outline Module 01: Foundations of Security Essential Terminologies Computer Security Why Security? Potential Losses Due to Security Attacks Elements of Security The
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationWho s Doing the Hacking?
Who s Doing the Hacking? 1 HACKTIVISTS Although the term hacktivist refers to cyber attacks conducted in the name of political activism, this segment of the cyber threat spectrum covers everything from
More informationWhy The Security You Bought Yesterday, Won t Save You Today
9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About
More information10/25/2012 BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM. Agenda. Security Cases What is Cloud? Road Map Security Concerns
BY VORAPOJ LOOKMAIPUN CISSP, CISA, CISM, CRISC, CEH VORAPOJ.L@G-ABLE.COM Agenda Security Cases What is Cloud? Road Map Security Concerns 1 Security Cases on Cloud Data Protection - Two arrested in ipad
More informationDesigning & Building an Information Security Program. To protect our critical assets
Designing & Building an Information Security Program To protect our critical assets Larry Wilson Version 1.0 March, 2014 Instructor Biography Larry Wilson is responsible for developing, implementing and
More informationManaging Web Security in an Increasingly Challenging Threat Landscape
Managing Web Security in an Increasingly Challenging Threat Landscape Cybercriminals have increasingly turned their attention to the web, which has become by far the predominant area of attack. Small wonder.
More information