The Changing Landscape: CyberSecurity in 2011
|
|
- Helen Sims
- 8 years ago
- Views:
Transcription
1 The Changing Landscape: CyberSecurity in 2011 Jim Hietala VP, Security 44 Montgomery Street Suite 960 San Francisco, CA USA Tel Cell
2 Agenda Review of Cybersecurity current state: changing threats, vulnerabilities, attack types Changing business requirements, technological shifts Work to be done Open Group security program
3 IT Security Challenges Insider threat Symantec survey, 79% take data upon leaving External attacks Mass indiscriminate attacks Targeted attacks Hybrids
4 Recent Cybersecurity Incidents Successful compromise of Google and 30 other companies Compromises of numerous oil companies, London Stock Exchange, NASDAQ Stuxnet attack Leveraged four 0 day vulnerabilities Ongoing Trojan attacks on online banking customers Wikileaks
5 Threats & Attackers, Then and Now 1980 s: Now: Profit motivated criminals Global, leverage freely available tools Sophisticated attackers and attacks
6 Wikileaks Highlights Numerous Fundamental Security Problems Insider privilege abuse Poor access control Ready availability of DDoS toolkits, and attacks against Amazon, PayPal by sympathizers Targeted hack attack against security firm that conducted Wikileaks investigation, HBGary, by Anonymous group 6
7 Political, Hacktivism, Cyberwar
8 Advanced Persistent Threat
9 Website Attacks Retail example: Heartland, TJX, 7-eleven, Hannaford, Dave & Buster s Impact: 130M+ credit card records stolen, extensive credit card fraud, massive costs to banks to reissue cards Attack Methodology: They identify Web sites that are vulnerable to SQL injection. They appear to target MSSQL only. They use "xp_cmdshell", an extended procedure installed by default on MSSQL, to download their hacker tools to the compromised MSSQL server. They obtain valid Windows credentials by using fgdump or a similar tool. They install network "sniffers" to identify card data and systems involved They install backdoors that "beacon" periodically to their command and control servers, allowing surreptitious access to the compromised networks. They target databases, Hardware Security Modules (HSMs), and processing applications in an effort to obtain credit card data or brute-force ATM PINs. They use WinRAR to compress the information they pilfer from the compromised networks.
10 Infected Websites Doubled in 2010 Drive-by downloads on legitimate Web sites have become the most popular method for delivering malicious programs Overtaking the use of spam and attachments (Growth in Websites infected
11 Hacking for Profit Black market price per stolen credit card has dropped from $10-16/card in 2007, to less than.50/card today, due to over supply Can also buy site logins to hacked sites
12 Monetizing Cybercrime, Malware Trojan malware(delivered via spam, viruses, websites) used to capture login credentials to bank accounts Funds transferred to money mules incountry, who transfer $ to perpetrators in originating country
13 Ramnicu Valcea: Hackerville
14 Predicted ROI on Cybercrime Techniques
15 How Real is the Threat? CIA Director Leon Panetta: "The potential for the next Pearl Harbor could very well be a cyber-attack Director of National Intelligence James Clapper: "This threat is increasing in scope and scale, and its impact is difficult to overstate."
16 Discussion What is the experience of Indian IT organizations with respect to CyberSecurity Threats and Attacks?
17 Threat Takeaways Consumers, businesses doing online banking are targets Anyone with high value information (IP, sensitive, confidential, research, credit cards) is a target Need to be on top of our security management games Regular patching is mandatory Reducing attack surfaces through vulnerabilities Relying on perimeter security (alone) is unwise Checklist-based infosec management isn t enoughmany ISO27001 certified companies have shown up in headlines lately for breaches
18 Agenda Review of Cybersecurity current state: changing threats, vulnerabilities, attack types Changing business requirements, technological shifts Work to be done Open Group security program
19 New Technologies Causing Security Concerns Web 2.0 Consumerization of IT, growth in mobile devices Virtualization Cloud computing
20 Business Requirements Affecting Security Greater access for non-employees E-commerce Collaboration Downsizing Outsourcing and offshoring
21 Traditional Security Architectures Status quo is locationcentric security Protection placed at the edge or perimeter of the network New threats and threat vectors = new security point solutions Consequence is that there are now over 1,000 vendors of security point solutions (C) The Open Group
22 Perimeter Security Failures Maginot Line and the Fall of France, 1940 US High Tech Border Fence w/ Mexico Abandoned as too costly, ineffective in
23 De-perimeterization Timeline Drivers: Cost, flexibility, faster working Full de-perimeterised working Connectivity Drivers: B2B & B2C integration, flexibility, M&A Drivers: Low cost and feature rich devices Full Internet-based Collaboration Consumerisation [Cheap IP based devices] Limited Internet-based Collaboration Toda y Drivers: Outsourcing and off-shoring External Working VPN based External collaboration [Private connections] Internet Connectivity Web, , Telnet, FTP Connectivity for Internet Effective breakdown of perimeter Connected LANs interoperating protocols Local Area Networks Islands by technology Stand-alone Computing [Mainframe, Mini, PC s] Time Copyright (C) 23 The Open Group 2011
24 Cloud Security and Risks to C-I-A
25 Agenda Review of Cybersecurity current state: changing threats, vulnerabilities, attack types Changing business requirements, technological shifts Work to be done Open Group security program
26 IT Industry Issues Incentives don t favor secure software products take your best shot with a prototype, immediately get it to market, iterate quickly, Guy Kawasaki, The Art of the Start One sided software license agreements with little buyer recourse By clicking the I agree button you are agreeing to act as crash test dummies without any chance of holding the software manufacturer to account for injuries, harm, damage, or loss, David Rice, Geekonomics
27 General Security Issues Lack of independent information about controls effectiveness 100+ security technology niches, which provide the best ROSI, and provide best protection? Debate over how to best manage information security Risk-based vs. best practices approach Best practices/checklist methods (ISO27001) are important, but insufficient Need for continuous improvement framework with metrics
28 Specific Areas for Improvement Secure Architecture: Build security into architectures vs. adding later Training software developers in secure coding, SDL Better guidance on developing secure architectures, how to use TOGAF and SABSA to do so, and how to develop secure web apps Information Security Management: Prioritizing, selecting appropriate security controls Making information security management more scientific, with maturity models & metrics, tie security to business objectives Easing the burden of risk, compliance, and audit Identity issues vis a vis cloud, enterprise identity stores Better industry support for assuring that commercial products are built with integrity
29 Agenda Review of Cybersecurity current state: changing threats, vulnerabilities, attack types Changing business requirements, technological shifts Work to be done Open Group security program
30 Security Forum Vision & Mission The Open Group: Boundaryless Information Flow, achieved through global interoperability in a secure, reliable and timely manner The Open Group Security Forum: To facilitate the rapid development of secure architectures supporting boundaryless information flow through: Development of industry standards, either independently or through co-operation (adopt, adapt, publish) Developing guides, business rationales & scenarios, use cases Developing reference and common system architectures, and support services Dept. Work & Pensions, UK
31 Secure Architecture Integrating security into enterprise architectures, TOGAF Revised Enterprise Security Architecture SABSA/TOGAF integration project Collaboration Oriented Architecture Secure Mobile Architecture Cloud Security Reference Architecture work in Cloud Computing Working Group
32 Information Security Management ISM3: Information Security Management Maturity Model New technical standard using metrics and a maturity model approach to managing information security Enhances ISO27001/2, adds business value context Audit, compliance, risk Audit & Logging: Update to XDAS standard, aligning with MITRE CEE ACEML compliance standard, to automate compliance configuration and reporting Risk Management: Risk Taxonomy Standard, Risk Assessment Methodologies Technical Guide, ISO Cookbook
33 Jericho Forum Thought leadership around de-perimeterization, guidance as to what to do about it Publications: Commandments, position papers, Collaboration Oriented Architecture Framework, Cloud Cube Model New Mission/Vision: Secure Collaboration in Cloud Computing New projects: COA (Security) Reference Architecture for TOGAF, COA Framework standard, Cloud Use Cases: business scenarios Commandments Self Assessment Scheme Security requirements in Cloud Computing Identity & Access Management in de-perimeterized environments New Liaison Cloud Security Alliance 33 (C) The Open Group March 2011
34 Some Members of Jericho
35 Real Time and Embedded Systems Forum Secure Operating Systems Multiple Independent Level of Security (MILS) Significant MILS work ongoing in the Real Time Forum to remove barriers to adoption, and accelerate progress Software assurance activities (C) The Open Group
36 Open Trusted Technology Forum Overview (OTTF) v1.5 Build with Integrity Buy with Confidence Note: OTTF Materials are copyrights of The Open Group All information presented is subject to change
37 Open Trusted Technology Forum Membership As of February, 2011
38 Need to Work Together to Develop Expectations for a Trusted Commercial off the Shelf (COTS) IT Product What are the Realistic, Consumable, Affordable Industry Best Practices? Good Commercial Product Helpful information that builds understanding of the product What s in it ( source code and origin/pedigree) How was it built (development and manufacturing) How will it be sustained from an OEM perspective What management, process and quality controls were applied What are the meaningful supply chain considerations What variability, and volatility of sub-processes and supply should be expected (opportunistic component sourcing and contract fabrication) What other measures of goodness can be used or leveraged Not a substitute for CC, NIST, or ITU; Interoperability or protocol level compliance or certification
39 The Technology Supply Chain Integrity Challenge Perceived increase in sophistication and severity of cybersecurity attacks worldwide Potential for vulnerabilities introduced by use of technology provided through the global supply chain Governments and organizations buy products from companies they trust, but those companies usually do not manufacture all the components of their products The forum is being formed in response to the need to establish industry best practices that will help understand and reduce risks posed by the globalization of the technology supply chain
40 What Problems Are We Solving? Commercial technology comprises key components of our critical infrastructure It s become necessary to understand; The potential integrity risks that may be inherited from supply chains, both for software and hardware, and how the original equipment manufacturer (OEM) assesses and manages these risks; Practices that can mitigate potential risks of significant supply chain attacks; Risks to confidentiality, integrity, and availability of a customer s environment or critical infrastructure as a result of procurement by customers of counterfeit components and products; Which software or technology development or engineering practices can help reduce product security and integrity risks; How product assurance and risk is managed through the adoption of industry best practices and recognized international and open industry standards.
41 The OTTF will respond to these industry challenges by Reducing risks that may be introduced from global supply chain providers Identifying manufacturing practices and checkpoints throughout the lifecycle that mitigate risk from uncontrolled, unprotected development methods and engineering procedures Develop conformance and accreditation criteria for trusted technology providers that will instill trust and confidence in both providers and consumers Work with the global community to develop responsible and realistic procurement policies that mitigate the risks introduced from supply chain vulnerabilities for all governments and vertical industries
42 O-TTPF Best Practice Categories Best Practice Categories Product Engineering / Development Method Secure Engineering / Development Method Supply Chain Management Method Definition Trusted technology providers utilize and internalize the application of a wellformed and documented development (or manufacturing) method or process. Secure development methods include techniques such as secure code design reviews or threat modeling, risk assessment and tooling for detecting, fixing, and mitigating vulnerabilities in both software and hardware. They might also include run-time protection measures; or monitoring and corrective actions for third-party component vulnerabilities or risks. Product design may also employ ways to ensure authenticity and protection from counterfeit components and use run-time execution protection measures; for example, the use of code signing. Trusted technology providers manage their supply chains through the application of defined, monitored, and validated supply chain processes. These practices seek to ensure the integrity of the supply chain throughout product design, sourcing, fabrication delivery, support, and end-of-life. Product Evaluation Methods A Trusted Supplier submits Information Assurance (IA) and IA-enabled products to one or more mutually recognized standards-based evaluation processes to determine the fulfilment of particular security properties, to levels of assurance appropriate to the application of the product depending on the needs of the market. (Common Criteria is an example of one such process).
43 Benefits of O-TTPF to Providers and Consumers The ability to work collaboratively with peer organizations, suppliers and customers to define, review and approve the best approaches developing a more trustworthy global technology supply chain Industry members of the TTF can directly interact with government acquisition leaders through their participation in the forum and government members can interact with their suppliers in an open, neutral forum Market differentiation through the future accreditation program, and status as an organization that contributes to the Forum Members can network with their peers in similar organizations around the globe and help harmonize global technology supply chain initiatives The TTF is intended to benefit technology buyers across all industries concerned with secure development practices and supply chain management, including government and defense, transportation, healthcare and financial services
44 O-TTPF Press Coverage
45 Summary IT security undergoing a profound transformation in threats, business drivers, and in security architectures Move from perimeter towards information-centric security Customers, vendors need help in sorting out what this means The Open Group has numerous forums and working groups working on IT and Cybersecurity challenges Work products include standards, frameworks, guides that educate, inform, accelerate market for secure IT From a supply-chain standpoint, Trusted Technology Forum is a natural place for Indian companies to get involved in Open Group security activities
46 Questions? Jim Hietala, VP, Security, The Open Group Twitter: jim_hietala
2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationJericho Forum Report Back
Jericho Forum Report Back What's been achieved through 2009, and how we will continue to make a difference in 2010. Paul Simmonds & Adrian Seccombe Board of Management, Jericho Forum How we got to here
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationApproach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera
Approach to Information Security Architecture Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera About TeliaSonera TeliaSonera provides network access and telecommunication services that help
More informationSecurity Risk Management Strategy in a Mobile and Consumerised World
Security Risk Management Strategy in a Mobile and Consumerised World RYAN RUBIN (Msc, CISSP, CISM, QSA, CHFI) PROTIVITI Session ID: GRC-308 Session Classification: Intermediate AGENDA Current State Key
More informationDeveloping Secure Software in the Age of Advanced Persistent Threats
Developing Secure Software in the Age of Advanced Persistent Threats ERIC BAIZE EMC Corporation DAVE MARTIN EMC Corporation Session ID: ASEC-201 Session Classification: Intermediate Our Job: Keep our Employer
More informationSTATEMENT of. Open Group and The Open Group Trusted Technology Forum. Submitted for the record. Hearing on. March 27, 2012
Executive Summary of The Open Group s testimony to the House Energy and Commerce Oversight and Investigations Subcommittee Hearing on IT Supply Chain Security: Review of Government and Industry Efforts
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationInternet threats: steps to security for your small business
Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationCyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte
Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private
More informationWhite Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management
White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more
More informationData Center security trends
Data Center security trends Tomislav Tucibat Major accounts Manager, Adriatic Copyright Fortinet Inc. All rights reserved. IT Security evolution How did threat market change over the recent years? Problem:
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More information2012 Data Breach Investigations Report
2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting & Information
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationKnowing Your Enemy How Your Business is Attacked. Andrew Rogoyski June 2014
Knowing Your Enemy How Your Business is Attacked Andrew Rogoyski June 2014 Why Cyber is the New Security 1986: Lawrence Berkeley NL discovers attempt to copy US Government Information on Arpanet 1988:
More informationA Guide to the Cyber Essentials Scheme
A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane
More informationZak Khan Director, Advanced Cyber Defence
Securing your data, intellectual property and intangible assets from cybercrime Zak Khan Director, Advanced Cyber Defence Agenda (16 + optional video) Introduction (2) Context Global Trends Strategic Impacts
More informationSecurity Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013
Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational
More informationSecuring the Cloud Infrastructure
EXECUTIVE STRATEGY BRIEF Microsoft recognizes that security and privacy protections are essential to building the necessary customer trust for cloud computing to reach its full potential. This strategy
More informationCisco RSA Announcement Update
Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationEU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015
EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015 Aristotelis Tzafalias Trust and Security Unit H.4 DG Connect European Commission Trust and Security: One Mission
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationApplying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.
Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan Agenda Current Threat Landscape The 80/20 Approach Achieving
More informationof firms with remote users say Web-borne attacks impacted company financials.
Introduction As the number of users working from outside of the enterprise perimeter increases, the need for more efficient methods of securing the corporate network grows exponentially. In Part 1 of this
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationSytorus Information Security Assessment Overview
Sytorus Information Assessment Overview Contents Contents 2 Section 1: Our Understanding of the challenge 3 1 The Challenge 4 Section 2: IT-CMF 5 2 The IT-CMF 6 Section 3: Information Management (ISM)
More informationCyber Security for your Connected Health Device
Cyber Security for your Connected Health Device Agenda Cyber Security Emerging Threats Implications to Healthcare Healthcare Response OpenSky s timeline Service Evolution Launch IT Optimization 2014 Geographic
More informationEvolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance
Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats
More informationMicrosoft Security Intelligence Report volume 7 (January through June 2009)
Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and
More informationProtecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
More informationCybercrime Security Risks and Challenges Facing Business
Cybercrime Security Risks and Challenges Facing Business Sven Hansen Technical Manager South Africa East Africa Security Conference August 2013 1 Agenda 1 What is Cyber Crime? 2 Cyber Crime Trends 3 Impact
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationTime Is Not On Our Side!
An audit sets the baseline. Restricting The next steps Authenticating help prevent, Tracking detect, and User Access? respond. It is rare for a few days to pass without news of a security breach affecting
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationMarble & MobileIron Mobile App Risk Mitigation
Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their
More informationCybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix
Cybercrime myths, challenges and how to protect our business Vladimir Kantchev Managing Partner Service Centrix Agenda Cybercrime today Sources and destinations of the attacks Breach techniques How to
More informationBusiness white paper. Missioncritical. defense. Creating a coordinated response to application security attacks
Business white paper Missioncritical defense Creating a coordinated response to application security attacks Table of contents 3 Your business is under persistent attack 4 Respond to those attacks seamlessly
More informationSecurity A to Z the most important terms
Security A to Z the most important terms Part 1: A to D UNDERSTAND THE OFFICIAL TERMINOLOGY. This is F-Secure Labs. Learn more about the most important security terms with our official explanations from
More informationCloud Cube Model: Selecting Cloud Formations for Secure Collaboration
Cloud Cube Model: Selecting Cloud Formations for Secure Collaboration Problem Cloud computing offers massive scalability - in virtual computing power, storage, and applications resources - all at almost
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationCybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015
Cybersecurity: A Growing Concern for All Businesses RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 RLI Design Professionals is a Registered Provider with The American
More informationRLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses
RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123 Cybersecurity: A Growing Concern for Small Businesses Copyright Materials This presentation is protected by US and International Copyright
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationDeveloping an Architectural Framework towards achieving Cyber Resiliency. Presented by Deepak Singh
Developing an Architectural Framework towards achieving Cyber Resiliency Presented by Deepak Singh Presentation Content Cyber Threat Landscape Cyber Attack and Threat Profile Cyber Threat Map Cyber Security
More informationEnterprise Cybersecurity: Building an Effective Defense
: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationPerspectives on Cybersecurity in Healthcare June 2015
SPONSORED BY Perspectives on Cybersecurity in Healthcare June 2015 Workgroup for Electronic Data Interchange 1984 Isaac Newton Square, Suite 304, Reston, VA. 20190 T: 202-618-8792/F: 202-684-7794 Copyright
More informationGetting Started with the iscan Online Data Breach Risk Intelligence Platform
Getting Started with the iscan Online Data Breach Risk Intelligence Platform 2 Table of Contents Overview... 3 Data Breach Risk Intelligence... 3 Data Breach Prevention Lifecycle Defined... 3 Choosing
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More information2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY
2015 GLOBAL THREAT INTELLIGENCE REPORT EXECUTIVE SUMMARY 1 EXECUTIVE SUMMARY INTRODUCING THE 2015 GLOBAL THREAT INTELLIGENCE REPORT Over the last several years, there has been significant security industry
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationISSECO Syllabus Public Version v1.0
ISSECO Syllabus Public Version v1.0 ISSECO Certified Professional for Secure Software Engineering Date: October 16th, 2009 This document was produced by the ISSECO Working Party Syllabus Introduction to
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationEXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources
EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationEC Council Certified Ethical Hacker V8
Course Code: ECCEH8 Vendor: Cyber Course Overview Duration: 5 RRP: 2,445 EC Council Certified Ethical Hacker V8 Overview This class will immerse the delegates into an interactive environment where they
More informationManaging the Unpredictable Human Element of Cybersecurity
CONTINUOUS MONITORING Managing the Unpredictable Human Element of Cybersecurity A WHITE PAPER PRESENTED BY: May 2014 PREPARED BY MARKET CONNECTIONS, INC. 14555 AVION PARKWAY, SUITE 125 CHANTILLY, VA 20151
More informationSecurity strategies to stay off the Børsen front page
Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the
More informationChallenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved
Siemens AG - Corporate Technology - IT Security Challenges in Industrial IT-Security Dr. Rolf Reinema, Head of Technology Field IT-Security, Siemens AG Siemens AG 2015. All rights reserved Not a single
More informationVMware and the Need for Cyber Supply Chain Security Assurance
White Paper VMware and the Need for Cyber Supply Chain Security Assurance By Jon Oltsik, Senior Principal Analyst September 2015 This ESG White Paper was commissioned by VMware and is distributed under
More informationDoyourwebsitebot defensesaddressthe changingthreat landscape?
WHITEPAPER Doyourwebsitebot defensesaddressthe changingthreat landscape? Don tletbotsturnaminorincident intoamegasecuritybreach 1.866.423.0606 Executive Summary The website security threat landscape has
More informationIT Audit and Compliance
Problem IT Audit and Compliance IT audit is about the formal verification and validation of the quality and effectiveness of IT controls to support the overall business control objectives. From a security
More informationPCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com
PCI DSS Overview and Solutions Anwar McEntee Anwar_McEntee@rapid7.com Agenda Threat environment and risk PCI DSS overview Who we are Solutions and where we can help Market presence High Profile Hacks in
More informationAuditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement
Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement Copyright Elevate Consult LLC. All Rights Reserved 1 Presenter Ray Guzman MBA, CISSP, CGEIT, CRISC, CISA Over 25
More informationUnified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice
Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government
More informationBefore the DEPARTMENT OF COMMERCE Internet Policy Task Force
Before the DEPARTMENT OF COMMERCE Internet Policy Task Force In the Matter of Cybersecurity, Innovation Docket No. 100721305-0305-01 and the Internet Economy COMMENTS OF VeriSign, Inc Joe Waldron Director,
More informationEnterprise-Grade Security from the Cloud
Datasheet Website Security Enterprise-Grade Security from the Cloud Unmatched web application security experience, enhanced by real-time big data analytics, enables Incapsula to provide best-of-breed security
More informationGlobalSign Malware Monitoring
GLOBALSIGN WHITE PAPER GlobalSign Malware Monitoring Protecting your website from distributing hidden malware GLOBALSIGN WHITE PAPER www.globalsign.com CONTENTS Introduction... 2 Malware Monitoring...
More informationSecurity Services. 30 years of experience in IT business
Security Services 30 years of experience in IT business Table of Contents 1 Security Audit services!...!3 1.1 Audit of processes!...!3 1.1.1 Information security audit...3 1.1.2 Internal audit support...3
More informationA Decision Maker s Guide to Securing an IT Infrastructure
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
More informationCybersecurity Governance Update on New FFIEC Requirements
Cybersecurity Governance Update on New FFIEC Requirements cliftonlarsonallen.com Our perspective CliftonLarsonAllen Started in 1953 with a goal of total client service Today, Professional Services Firm
More informationQuestions You Should be Asking NOW to Protect Your Business!
Questions You Should be Asking NOW to Protect Your Business! Angi Farren, AAP Senior Director Jen Wasmund, AAP Compliance Services Specialist 31 st Annual Conference SHAPE YOUR FUTURE April 23, 2013 Regional
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationBEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT
BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT Utility Sector Best Practices for Cyber Security Supply Chain Risk Management Discussion with Chief Information Officer (CIO) Overview The safety and
More informationTop Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009
Top Five Data Security Trends Impacting Franchise Operators Payment System Risk September 29, 2009 Top Five Data Security Trends Agenda Data Security Environment Compromise Overview and Attack Methods
More informationSoftware & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes
Software & Supply Chain Assurance: Mitigating Risks Attributable to Exploitable ICT / Software Products and Processes Joe Jarzombek, PMP, CSSLP Director for Software & Supply Chain Assurance Stakeholder
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
More informationInformation Security and Risk Management
Information Security and Risk Management COSO and COBIT Standards and Requirements Page 1 Topics Information Security Industry Standards and COBIT Framework Relation to COSO Internal Control Risk Management
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More informationInformation Security Threats and Strategies. Ted Ericson Product Marketing - ASI
Information Security Threats and Strategies Ted Ericson Product Marketing - ASI Agenda Security breaches today Attack vector mitigation Secure web implementation Penetration testing ASI Corporate Security
More informationExperience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.
Experience the commitment WHITE PAPER Information Security Continuous Monitoring Charting the Right Course May 2014 cgi.com 2014 CGI GROUP INC. During the last few months of 2013, six federal agencies
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationWhitepaper on AuthShield Two Factor Authentication with ERP Applications
Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationFINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES
FINANCIAL FRAUD: THE IMPACT ON CORPORATE SPEND IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5,500 companies in 26 countries around the world
More informationExecutive Cyber Security Training. One Day Training Course
Executive Cyber Security Training One Day Training Course INTRODUCING EXECUTIVE CYBER SECURITY TRAINING So what is all this we hear in the media about cyber threats? How can an organization understand
More informationINDUSTRY OVERVIEW: FINANCIAL
ii IBM MSS INDUSTRY OVERVIEW: FINANCIAL RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: NOVEMBER 5, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW... 1 MAJOR FINANCIAL
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More information2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security
2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security For 10 years, Microsoft has been studying and analyzing the threat landscape of exploits, vulnerabilities, and malware.
More informationAdvanced Persistent Threats
White Paper INTRODUCTION Although most business leaders and IT managers believe their security technologies adequately defend against low-level threats, instances of (APTs) have increased. APTs, which
More information