Exactly the Same, but Different
|
|
- Bethany Bruce
- 8 years ago
- Views:
Transcription
1 Exactly the Same, but Different 1 Shayne Champion, CISSP, CISA, GSEC, ABCP Program Manager GO Cyber Security TVA v1.0
2 Agenda Define Mobile Device Security o o Similarities Differences Things you Should be Doing 2
3 Mobile Device Security There is no question that mobile security will eventually equal if not surpass PC security as a threat to IT departments. Denise Culver, Heavy Reading Mobile Networks Insider 3
4 Mobile Device vs. Computers: SIMILARITIES 4
5 Definitions: Level Setting Com put er [kuhm-pyoo-ter] : An electronic device designed to accept data, perform prescribed mathematical and logical operations at high speed, and display the results of these operations. Mo bile De vice [moh-buhl dih-vahys] : A portable, wireless computing device that is small enough to be used while held in the hand; a hand-held. 5 Source:
6 6
7 NEWS FLASH: Mobile Devices ARE Computers!!! and we can do something about that, can t we? 7 Sources:
8 Same Kind of Different Same kind of security controls you *should* use anyway: Encryption NAC DLP AV / Malware Inventory Management Controlled Admin Privileges Port & Service Management 8
9 Similarity: Order of Magnitude Risk from an OSI perspective: Most risk shifting to applications Lower-level layers becoming relatively more tame 9 Source:
10 Define: Metadata Metadata : Data that defines or describes another piece of data. Metadata may reveal more about you, your organization, or your devices than you realize. Many devices, such as your computer, camera, or smart phone, automatically embed metadata in any digital files they create. 10 Source:
11 Metadata Some examples of metadata include: File creation date and time The address or geographic location where the file was created Your name, organization s name, and computer s name or IP address The names of any contributors to the document or their comments Type of camera you are using and its settings when the photo was taken Type of audio or video recording device you are using and its settings when a recording was taken Make, model, and service provider of your smart phone 11 Source:
12 Metadata Solutions Metadata Tools: Document Inspector : EXIF Metadata Explanation: Free Metadata Extraction Tool: or Disabling Geo-location for Smartphone Cameras 12 Source:
13 Unsecured WAP Sidejack Math * ( + )= Sidejacking - A well-known Wi-Fi hotspot attack that takes advantage of websites that don t use SSL/TLS encryption correctly by pirating the legitimate user s cookies and using those in the attacker s session (session hijacking) 13 Firesheep A Mozilla Firefox plug-in that automates session hijacking attacks over unsecured Wi-Fi networks. The packet sniffer analyzes traffic between a Wi-Fi router and a person s laptop or smartphone and captures the session cookie ("point-and-click" sidejacking) Source:
14 Mobile Device vs. Computers: DIFFERENCES 14
15 Risk Remediation Mobile Device risks are the same as many of the risks we already face everyday. For example 15 Source:
16 Difference 1: BYOD How do you handle user-owned devices? Applications Data Ownership Encryption SANS Survey: 16 NetworkWorld BYOD Survey: 65.3% necessary tools not in place 46.2% increased end user productivity 5.7% said it lead to breech, while 66.7% said no 47.2% increased end users' ability to work from home Source: SANS Mobility / BYOD Security Survey March
17 Difference 2: SMS SMS: Short Messaging Service, or text messages Common Vulnerabilities: 1) SMS of Death 2) Midnight Raid Business Card Attack 3) SMS Tokens 4) Smishing Attacks 17 Source:
18 SANS Survey: Platform Support 18 Source: SANS Mobility / BYOD Security Survey March 2012
19 SANS Survey: Platform Support 19 Source: SANS Mobility / BYOD Security Survey March 2012
20 Difference 3: Hardware / Carrier Each platform even within the same OS have unique characteristics, default settings, and/or vulnerabilities: PIN settings Service Carrier Like default passwords on routers or admin accounts iphone / ipad batteries Scope: Android Fragmentation 281+ different products 850,000 daily activations 300,000,000+ total devices 20 Sources:
21 Hardware / Carrier: PIN Codes Ten numbers represent 15% of all cell phone pass codes 21 Sources: Rooney, Ben (15 June 2011). "Once Again, 1234 Is Not A Good Password". The Wall Street Journal. Retrieved 8 July
22 Hardware / Carrier: PIN Codes Ten numbers represent 15% of all cell phone pass codes: 1) ) ) ) ) ) 5683 (spells 'LOVE') 7) ) ) ) 1998 Other popular choices include Year of birth & Year of graduation (social triangulation!). 22 Sources: Rooney, Ben (15 June 2011). "Once Again, 1234 Is Not A Good Password". The Wall Street Journal. Retrieved 8 July
23 PIN Code >>> Data Loss CASE STUDY: VERIZON WIRELESS Corporate Support Web Page How do I access my Voice Mail to retrieve messages? To access your Voice Mail, press "*VM" (*86), then "SEND." Follow the prompts to enter your password and retrieve your messages. If you press "*VM" (*86) and hear your own or a system greeting, press the # key to interrupt the greeting and follow the prompts to enter your password and retrieve your messages. 23 Source: and Optional Services/faq_voice_mail.html
24 Difference 4: Caller ID / ANI ANI : Automatic Number Identification (NAC for cell phones) Masquerading as the target cell number, threat actors may be able to steal unsecured data. Possible vectors include: VXML Social Engineering Orange Box Spoofing 24 Sources:
25 Social Engineering: Telco Social Hack Scenario: You pick up the phone, at the dial tone call AT&T Automated Operator: "AT&T,toplaceacall "Enter AT&T Automated Operator: "ThankyouforusingAT&T"<RING> Telus: ThisistheTelusoperator,Lisaspeaking.(or, ThisistheTelusoperator,whatnumberareyou callingfrom?) You: HiLisa,ThisistheTelustechnician,youshould seeananifailureonyourscreen,i'mcallingfrom [number to spoof] Ineedyoutoplaceatestcallto [number to call] Telus: ThankyoufromTelus 25 Source:
26 Threat Actors The APT in action 26 Source:
27 Application Vulnerabilities Native to many mobile OS (smart phone & tablet) Mobile Device Management (MDM) Default Permissions may be invasive e.g., Apple log file stores all visited geo-locations Open Web Application Security Consortium (OWASP) Application security is the next big trend in penetration testing which means it s already the big trend for hackers. Joe McCray, Strategic Security LLC 27 Source:
28 Lessons Learned Top 5 from the 2012 SANS Mobile Device Security Summit 1) Jailbreaking & Rooting is BAD for mobile device security 2) The OWASP Mobile Top 10 is going to be just as important 3) Mobile Threats are an evolving, moving target; security teams have to be quick to adapt to new mobile technology 4) Mobile Device Management (MDM) solutions are a requirement for any deployment 28 5) Apple ios devices are preferred over Android in the enterprise Source:
29 Things You Should Be Doing For many professionals, the mobile phone has become a mobile office. Mike Jones, Symantec 29
30 Control Starts at the Policy 30 Source: SANS Mobility / BYOD Security Survey March 2012
31 Mobile Policy Best Practices o o o Think from a threat controls perspective: Consider capabilities of mobile devices and apps in your environment Identify threat vectors & mitigate Identify non-technically enforceable controls and address with administrative policies & awareness Assess how mobile devices are already managed Use existing policies as a guideline Consider how to test successful control implementation 31 Source: SANS Mobility / BYOD Security Survey March 2012
32 2012 Top 5 Mobile Security Threats 1) Geolocation exploits 2) Excessive Permissions 3) Mobile Application Vulnerabilities 4) Unsecure Wi-Fi 5) Lost and Stolen Devices 32 Source:
33 Mobile Risk Management Tools 33 Source: SANS Mobility / BYOD Security Survey March 2012
34 Protecting the Mobile Executive Considerations for your Mobile Policy / Best Practices: USER EDUCATION Physical Security Fear Public Wireless Use Conference WAPs Corporate VPNs Leave it at Home Clean Loaner Devices Prepaid Cellular devices Blank SIM cards * + Google Voice 2G = No E! Don t Blab 34 Source:
35 Its About the Basics Verizon Business 2011 Data Breach Investigations Report (DBIR) Analysis of 2011 attacks determined that: 83% were targets of opportunity 92% were not highly difficult 95% were avoidable through simple or intermediate controls 35 Source:
36 SANS Top 20 Controls (v 3.1) 36 1: Inventory of Authorized and Unauthorized Devices 2: Inventory of Authorized and Unauthorized Software 3: Secure Configurations for Hardware and Software on Laptops, Workstations, & Servers 4: Continuous Vulnerability Assessment & Remediation 5: Malware Defenses 6: Application Software Security 7: Wireless Device Control 8: Data Recovery Capability 9: Security Skills Assessment and Appropriate Training to Fill Gaps 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches 11: Limitation and Control of Network Ports, Protocols, and Services 12: Controlled Use of Administrative Privileges 13: Boundary Defense 14: Maintenance, Monitoring, and Analysis of Security Audit Logs 15: Controlled Access Based on the Need to Know 16: Account Monitoring and Control 17: Data Loss Prevention 18: Incident Response Capability 19: Secure Network Engineering 20: Penetration Tests and Red Team Exercises
37 Summary Mobile Devices vs. Computers o o Similarities (yes Forrest, they are computers) Differences SMS Native Metadata Hardware / Carrier Issues (PINs, etc) Sidejacking Application Vulnerabilities 37 o o o o Things you Should be Doing Policies User Education Protect the Execs SANS Top 20 <-> Top 5 Mobile
38 38 Questions
39 New Mobile Security Tools Bleeding Edge Mobile Security Solutions 39
40 New Mobile Security Tools Can you hear me NOW, punk?!? 40
41 New Mobile Security Tools Android Security If you need to ask, you don t need to know. Really. 41 Source:
42 New Mobile Security Tools Sometimes Simple Security = Great Solutions 42
43 New Mobile Security Tools Hot from the UK: Less Mobile = Harder to Steal 43
44 New Mobile Security Tools Old School Tech 44
45 New Mobile Security Tools Keeping ahead of the Technology Curve 45 Source:
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationBYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager
BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager 1 AGENDA Mobile Explosion Mobile Trends BYOD Benefits, Challenges and Threats BYOD Security BYOD Strategy
More informationChris Boykin VP of Professional Services
5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing
More informationCheck Point and Security Best Practices. December 2013 Presented by David Rawle
Check Point and Security Best Practices December 2013 Presented by David Rawle Housekeeping o Mobiles on Silent o No File Alarms planned o Fire exits are in front and behind and down the stairs o Downstairs
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More information5 Steps to Advanced Threat Protection
5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationSecuring Corporate Email on Personal Mobile Devices
Securing Corporate Email on Personal Mobile Devices Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture...
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationSecurely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationApplication White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off
Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Times have Changed & A/V Executives Agree An A/V product as your sole endpoint protection solution isn t enough.
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationTrust Digital Best Practices
> ARMING IT AGAINST SMARTPHONE THREATS Trust Digital Best Practices April 2009 The information contained herein is subject to change at any time, and Trust Digital makes no warranties, either express or
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationAnswers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.
Mobility options and landscapes are evolving quickly for the corporate enterprise. Mobile platform providers such as Apple, Google and Microsoft, and leading device hardware vendors are constantly updating
More informationCOMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:
More informationWasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute
Wasting Money on the Tools? Automating the Most Critical Security Controls Bonus: Gaining Support From Top Managers for Security Investments Mason Brown Director, The SANS Institute The Most Trusted Name
More informationGreat Now We Have to Secure an Internet of Things. John Pescatore SANS Director, Emerging Security Trends @John_Pescatore
Great Now We Have to Secure an Internet of Things John Pescatore SANS Director, Emerging Security Trends @John_Pescatore 1 What the Heck is That?? 2 Different Views of the Internet of Things 3 Different
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationThe Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole
The Future Is SECURITY THAT MAKES A DIFFERENCE Overview of the 20 Critical Controls Dr. Eric Cole Introduction Security is an evolution! Understanding the benefit and know how to implement the 20 critical
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014
ONE DEVICE TO RULE THEM ALL! 1993 2013 1 AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 2 1 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program
More informationKaspersky Security for Mobile
Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months
More informationDDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest
DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service
More informationAssessing the Effectiveness of a Cybersecurity Program
Assessing the Effectiveness of a Cybersecurity Program Lynn D. Shiang Delta Risk LLC, A Chertoff Group Company Objectives Understand control frameworks, assessment structures and scoping of detailed reviews
More informationHow To Protect Your Network From Attack From A Cyber Threat
Targeting Improved Cyber Security Three Common Ways Electric Utilities Can Improve Their Cyber Security. By Power System Engineering, Inc. (PSE) Many managers understand the importance of strong cyber
More informationTechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security
Enterprise Mobility - Mobile Device Security Story Context: TechnoLabs has been focusing and offers Enterprise Mobility as one of its solution offering. No can deny the fact that mobile computing can bring
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More information{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com
{ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling
More informationGuideline on Safe BYOD Management
CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version
More information5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet
5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet Sr. Sales Engineer 1 What we ll talk about What is BYOD? Mobile Revolution, the Post PC era? BYOD: What to consider 1. Users 2. Devices
More informationKaspersky Lab Mobile Device Management Deployment Guide
Kaspersky Lab Mobile Device Management Deployment Guide Introduction With the release of Kaspersky Security Center 10.0 a new functionality has been implemented which allows centralized management of mobile
More informationPassing PCI Compliance How to Address the Application Security Mandates
Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These
More informationMobile Device Strategy
Mobile Device Strategy Technology Experience Bulletin, TEB: 2012-01 Mobile Device Strategy Two years ago, the Administrative Office of Pennsylvania Courts (AOPC) standard mobile phone was the Blackberry.
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationHow To Protect Your Mobile Devices From Security Threats
Back to the Future: Securing your Unwired Enterprise By Manoj Kumar Kunta, Global Practice Leader - Security Back to the Future: Securing your Unwired Enterprise The advent of smartphones and tablets has
More information2012 Data Breach Investigations Report
2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting & Information
More informationBYOD and Your Business
BYOD and Your Business Learn about the BYOD trend, the risks associated with this trend, and how to successfully adopt BYOD while securing your network. Agenda The rise of BYOD Security risks associated
More informationWHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks
WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.
More informationMobile Application Security Sharing Session May 2013
Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers
More informationSymantec Mobile Management Suite
Symantec Mobile Management Suite One Solution For All Enterprise Mobility Needs Data Sheet: Mobile Security and Management Introduction Most enterprises have multiple mobile initiatives spread across the
More informationJumpstarting Your Security Awareness Program
Jumpstarting Your Security Awareness Program Michael Holcomb Director, Information Security HO20110473 1 Jumpstarting Your Security Awareness Program Classification: Confidential Owner: Michael Holcomb
More informationSymantec Mobile Management 7.2
Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology
More informationETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001
001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110
More informationSCAC Annual Conference. Cybersecurity Demystified
SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber
More informationAsset Management In A Consumerized World
Asset Management In A Consumerized World Generously sponsored by: August 28, 2012 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London Welcome Conference Moderator Allan Wall ISSA Web Conference Committee
More informationProtecting Corporate Data from Mobile Threats. And the emerging role for microsd-based security Art Swift CEO, CUPP Computing
Protecting Corporate Data from Mobile Threats And the emerging role for microsd-based security Art Swift CEO, CUPP Computing 1 Information security is broken $77B WORLDWIDE SPENDING ON INFORMATION SECURITY
More informationWhy The Security You Bought Yesterday, Won t Save You Today
9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About
More informationIIABSC 2015 - Spring Conference
IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber
More informationYes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD
STRATEGY ANALYTICS INSIGHT October 2012 Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD By Mark Levitt, Analyst/Director at Strategy Analytics BYOD
More informationModule 1: Facilitated e-learning
Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1
More informationSecurity Issues with Integrated Smart Buildings
Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern
More informationCyber Self Assessment
Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have
More informationMobile Device Management
1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationTom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell
Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell Mobile Mobile Mobile Devices in the CU Environ Mobile Banking Risks and Reward Tom Schauer ü Since 1986 ü TrustCC Founded TrustCC in 2001 ü
More informationEnterprise Mobility as a Service
Service Description: Insert Title Enterprise Mobility as a Service Multi-Service User Management for Mobility 1. Executive Summary... 2 2. Enterprise Mobility as a Service Overview... 3 3. Pricing Structure...
More informationSecure Your Mobile Workplace
Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationSolving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense
Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense John M. Gilligan Information systems Security Association National Capital Chapter January 19, 2010 1 Topics Background
More informationMobile Security: Controlling Growing Threats with Mobile Device Management
Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work
More informationFeature List for Kaspersky Security for Mobile
Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance
More informationSecuring OS Legacy Systems Alexander Rau
Securing OS Legacy Systems Alexander Rau National Information Security Strategist Sample Agenda 1 Today s IT Challenges 2 Popular OS End of Support & Challenges for IT 3 How to protect Legacy OS systems
More informationBest Practices for a BYOD World
Face Today s Threats Head-On: Best Practices for a BYOD World Chris Vernon CISSP, VTSP Security Specialist Agenda Mobile Threats Overview 2013 State of Mobility Survey Canada BYOD Best Practices 2 Mobile
More information10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011
10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection September 2011 10 Potential Risks Facing Your IT Department: Multi-layered Security & Network Protection 2 It s
More information3 Steps to Implementing an Effective BYOD Mobile Security Strategy
White Paper 3 Steps to Implementing an Effective BYOD Mobile Security Strategy How to Augment Your MDM, MAM, NAC and SIEM Deployments to Truly Mitigate Mobile Risks and Protect Enterprise Resources Table
More informationDetecting Cyber Attacks in a Mobile and BYOD Organization
SOLUTION BRIEF Detecting Cyber Attacks in a Mobile and BYOD Organization Explore the challenges, understand the needs, evaluate mobile device management as an approach to detecting attacks and offer a
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationSmall Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.
Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness
More informationMobile First Government
Mobile First Government An analysis of NIST and DISA requirements for the adoption of commercially available mobility platforms by government agencies August 2013 415 East Middlefield Road Mountain View,
More informationRemote Access Security
Glen Doss Towson University Center for Applied Information Technology Remote Access Security I. Introduction Providing remote access to a network over the Internet has added an entirely new dimension to
More informationIs Your IT Environment Secure? November 18, 2015. Sarah Ackerman, Greg Bernard, Brian Matteson Clark Schaefer Consulting
Is Your IT Environment Secure? November 18, 2015 Sarah Ackerman, Greg Bernard, Brian Matteson Clark Schaefer Consulting Clark Schaefer Consulting Serving elite and emerging companies with practical solutions
More information4 Steps to Effective Mobile Application Security
Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional
More informationPractical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security
Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security March 14, 2013 About: Daniel Security researcher for almost a decade
More informationSymantec Mobile Management for Configuration Manager 7.2
Symantec Mobile Management for Configuration Manager 7.2 Scalable, Secure, and Integrated Device Management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices
More informationSecuring Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper
Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones
More informationParla, Secure Cloud Email
Parla, Secure Cloud Email Secure Email, Instant Messaging, Calendar, Contacts, Tasks, File sharing and Notes across all devices The 1 st Secure Email and Instant Messaging from and European Security Vendor
More informationOWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.
OWA vs. MDM Introduction SmartPhones and tablet devices are becoming a common fixture in the corporate environment. As feature phones are replaced with new devices such as iphone s, ipad s, and Android
More informationBYOD: BRING YOUR OWN DEVICE.
white paper BYOD: BRING YOUR OWN DEVICE. On-boarding and Securing Devices in Your Corporate Network Preparing Your Network to Meet Device Demand The proliferation of smartphones and tablets brings increased
More informationAcceptable Media Use and Bring Your Own Device (BYOD) Policy
Acceptable Media Use and Bring Your Own Device (BYOD) Policy Author: Mr Joe Cowell Headteacher Date Ratified by Governors: September 2015 Date of Review: September 2018 Wollaston School Acceptable Media
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More informationCyber Security 2014 SECURE BANKING SOLUTIONS, LLC
Cyber Security CHAD KNUTSON SECURE BANKING SOLUTIONS 2014 SECURE BANKING SOLUTIONS, LLC Presenter Chad Knutson Senior Information Security Consultant Masters in Information Assurance CISSP (Certified Information
More informationRunning Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University
Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1 Awareness of BYOD Security Concerns Benjamin Tillett-Wakeley East Carolina University AWARENESS OF BYOD SECURITY CONCERNS 2 Abstract This paper will
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationSecurity. Mobile Device FOR. by Rich Campagna, Subbu Iyer, and Ashwin Krishnan. John Wiley & Sons, Inc. Foreword by Mark Bauhaus.
Mobile Device Security FOR by Rich Campagna, Subbu Iyer, and Ashwin Krishnan Foreword by Mark Bauhaus Executive Vice President, Device and Network Systems Business Group, Juniper Networks WILEY John Wiley
More informationEffective Security in BYOD Environment 如 何 提 高 自 攜 裝 置 的 有 效 保 安. Roger Lee Presentation for ITRC Forum 2013 3 Dec 2013
Effective Security in BYOD Environment 如 何 提 高 自 攜 裝 置 的 有 效 保 安 Roger Lee Presentation for ITRC Forum 2013 3 Dec 2013 Agenda Some Alarming Clips 2013 BYOD and Mobile Security Report BYOD vs COPE Why BYOD?
More informationIT Security Risks & Trends
IT Security Risks & Trends Key Threats to All Businesses 1 1 What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical contractor Health
More informationMobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall
Mobile security and your EMR Presented by: Shawn Tester & Allen Cornwall Date: October 14, 2011 Overview General Security Challenges & best practices Mobile EMR interfaces - EMR Access - Today & Future
More informationProtecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices
Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices It s common today for law enforcement
More information1. Introduction... 1. 2. Activation of Mobile Device Management... 3. 3. How Endpoint Protector MDM Works... 5
User Manual I Endpoint Protector Mobile Device Management User Manual Table of Contents 1. Introduction... 1 1.1. What is Endpoint Protector?... 2 2. Activation of Mobile Device Management... 3 2.1. Activation
More informationARCHITECT S GUIDE: Comply to Connect Using TNC Technology
ARCHITECT S GUIDE: Comply to Connect Using TNC Technology August 2012 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97006 Tel (503) 619-0562 Fax (503) 644-6708 admin@trustedcomputinggroup.org
More informationThe Hidden Dangers of Public WiFi
WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect
More informationPCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com
PCI DSS Overview and Solutions Anwar McEntee Anwar_McEntee@rapid7.com Agenda Threat environment and risk PCI DSS overview Who we are Solutions and where we can help Market presence High Profile Hacks in
More informationKaspersky Security 10 for Mobile Implementation Guide
Kaspersky Security 10 for Mobile Implementation Guide APPLICATION VERSION: 10.0 MAINTENANCE RELEASE 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful
More information