Exactly the Same, but Different

Size: px
Start display at page:

Download "Exactly the Same, but Different"

Transcription

1 Exactly the Same, but Different 1 Shayne Champion, CISSP, CISA, GSEC, ABCP Program Manager GO Cyber Security TVA v1.0

2 Agenda Define Mobile Device Security o o Similarities Differences Things you Should be Doing 2

3 Mobile Device Security There is no question that mobile security will eventually equal if not surpass PC security as a threat to IT departments. Denise Culver, Heavy Reading Mobile Networks Insider 3

4 Mobile Device vs. Computers: SIMILARITIES 4

5 Definitions: Level Setting Com put er [kuhm-pyoo-ter] : An electronic device designed to accept data, perform prescribed mathematical and logical operations at high speed, and display the results of these operations. Mo bile De vice [moh-buhl dih-vahys] : A portable, wireless computing device that is small enough to be used while held in the hand; a hand-held. 5 Source:

6 6

7 NEWS FLASH: Mobile Devices ARE Computers!!! and we can do something about that, can t we? 7 Sources:

8 Same Kind of Different Same kind of security controls you *should* use anyway: Encryption NAC DLP AV / Malware Inventory Management Controlled Admin Privileges Port & Service Management 8

9 Similarity: Order of Magnitude Risk from an OSI perspective: Most risk shifting to applications Lower-level layers becoming relatively more tame 9 Source:

10 Define: Metadata Metadata : Data that defines or describes another piece of data. Metadata may reveal more about you, your organization, or your devices than you realize. Many devices, such as your computer, camera, or smart phone, automatically embed metadata in any digital files they create. 10 Source:

11 Metadata Some examples of metadata include: File creation date and time The address or geographic location where the file was created Your name, organization s name, and computer s name or IP address The names of any contributors to the document or their comments Type of camera you are using and its settings when the photo was taken Type of audio or video recording device you are using and its settings when a recording was taken Make, model, and service provider of your smart phone 11 Source:

12 Metadata Solutions Metadata Tools: Document Inspector : EXIF Metadata Explanation: Free Metadata Extraction Tool: or Disabling Geo-location for Smartphone Cameras 12 Source:

13 Unsecured WAP Sidejack Math * ( + )= Sidejacking - A well-known Wi-Fi hotspot attack that takes advantage of websites that don t use SSL/TLS encryption correctly by pirating the legitimate user s cookies and using those in the attacker s session (session hijacking) 13 Firesheep A Mozilla Firefox plug-in that automates session hijacking attacks over unsecured Wi-Fi networks. The packet sniffer analyzes traffic between a Wi-Fi router and a person s laptop or smartphone and captures the session cookie ("point-and-click" sidejacking) Source:

14 Mobile Device vs. Computers: DIFFERENCES 14

15 Risk Remediation Mobile Device risks are the same as many of the risks we already face everyday. For example 15 Source:

16 Difference 1: BYOD How do you handle user-owned devices? Applications Data Ownership Encryption SANS Survey: 16 NetworkWorld BYOD Survey: 65.3% necessary tools not in place 46.2% increased end user productivity 5.7% said it lead to breech, while 66.7% said no 47.2% increased end users' ability to work from home Source: SANS Mobility / BYOD Security Survey March

17 Difference 2: SMS SMS: Short Messaging Service, or text messages Common Vulnerabilities: 1) SMS of Death 2) Midnight Raid Business Card Attack 3) SMS Tokens 4) Smishing Attacks 17 Source:

18 SANS Survey: Platform Support 18 Source: SANS Mobility / BYOD Security Survey March 2012

19 SANS Survey: Platform Support 19 Source: SANS Mobility / BYOD Security Survey March 2012

20 Difference 3: Hardware / Carrier Each platform even within the same OS have unique characteristics, default settings, and/or vulnerabilities: PIN settings Service Carrier Like default passwords on routers or admin accounts iphone / ipad batteries Scope: Android Fragmentation 281+ different products 850,000 daily activations 300,000,000+ total devices 20 Sources:

21 Hardware / Carrier: PIN Codes Ten numbers represent 15% of all cell phone pass codes 21 Sources: Rooney, Ben (15 June 2011). "Once Again, 1234 Is Not A Good Password". The Wall Street Journal. Retrieved 8 July

22 Hardware / Carrier: PIN Codes Ten numbers represent 15% of all cell phone pass codes: 1) ) ) ) ) ) 5683 (spells 'LOVE') 7) ) ) ) 1998 Other popular choices include Year of birth & Year of graduation (social triangulation!). 22 Sources: Rooney, Ben (15 June 2011). "Once Again, 1234 Is Not A Good Password". The Wall Street Journal. Retrieved 8 July

23 PIN Code >>> Data Loss CASE STUDY: VERIZON WIRELESS Corporate Support Web Page How do I access my Voice Mail to retrieve messages? To access your Voice Mail, press "*VM" (*86), then "SEND." Follow the prompts to enter your password and retrieve your messages. If you press "*VM" (*86) and hear your own or a system greeting, press the # key to interrupt the greeting and follow the prompts to enter your password and retrieve your messages. 23 Source: and Optional Services/faq_voice_mail.html

24 Difference 4: Caller ID / ANI ANI : Automatic Number Identification (NAC for cell phones) Masquerading as the target cell number, threat actors may be able to steal unsecured data. Possible vectors include: VXML Social Engineering Orange Box Spoofing 24 Sources:

25 Social Engineering: Telco Social Hack Scenario: You pick up the phone, at the dial tone call AT&T Automated Operator: "AT&T,toplaceacall "Enter AT&T Automated Operator: "ThankyouforusingAT&T"<RING> Telus: ThisistheTelusoperator,Lisaspeaking.(or, ThisistheTelusoperator,whatnumberareyou callingfrom?) You: HiLisa,ThisistheTelustechnician,youshould seeananifailureonyourscreen,i'mcallingfrom [number to spoof] Ineedyoutoplaceatestcallto [number to call] Telus: ThankyoufromTelus 25 Source:

26 Threat Actors The APT in action 26 Source:

27 Application Vulnerabilities Native to many mobile OS (smart phone & tablet) Mobile Device Management (MDM) Default Permissions may be invasive e.g., Apple log file stores all visited geo-locations Open Web Application Security Consortium (OWASP) Application security is the next big trend in penetration testing which means it s already the big trend for hackers. Joe McCray, Strategic Security LLC 27 Source:

28 Lessons Learned Top 5 from the 2012 SANS Mobile Device Security Summit 1) Jailbreaking & Rooting is BAD for mobile device security 2) The OWASP Mobile Top 10 is going to be just as important 3) Mobile Threats are an evolving, moving target; security teams have to be quick to adapt to new mobile technology 4) Mobile Device Management (MDM) solutions are a requirement for any deployment 28 5) Apple ios devices are preferred over Android in the enterprise Source:

29 Things You Should Be Doing For many professionals, the mobile phone has become a mobile office. Mike Jones, Symantec 29

30 Control Starts at the Policy 30 Source: SANS Mobility / BYOD Security Survey March 2012

31 Mobile Policy Best Practices o o o Think from a threat controls perspective: Consider capabilities of mobile devices and apps in your environment Identify threat vectors & mitigate Identify non-technically enforceable controls and address with administrative policies & awareness Assess how mobile devices are already managed Use existing policies as a guideline Consider how to test successful control implementation 31 Source: SANS Mobility / BYOD Security Survey March 2012

32 2012 Top 5 Mobile Security Threats 1) Geolocation exploits 2) Excessive Permissions 3) Mobile Application Vulnerabilities 4) Unsecure Wi-Fi 5) Lost and Stolen Devices 32 Source:

33 Mobile Risk Management Tools 33 Source: SANS Mobility / BYOD Security Survey March 2012

34 Protecting the Mobile Executive Considerations for your Mobile Policy / Best Practices: USER EDUCATION Physical Security Fear Public Wireless Use Conference WAPs Corporate VPNs Leave it at Home Clean Loaner Devices Prepaid Cellular devices Blank SIM cards * + Google Voice 2G = No E! Don t Blab 34 Source:

35 Its About the Basics Verizon Business 2011 Data Breach Investigations Report (DBIR) Analysis of 2011 attacks determined that: 83% were targets of opportunity 92% were not highly difficult 95% were avoidable through simple or intermediate controls 35 Source:

36 SANS Top 20 Controls (v 3.1) 36 1: Inventory of Authorized and Unauthorized Devices 2: Inventory of Authorized and Unauthorized Software 3: Secure Configurations for Hardware and Software on Laptops, Workstations, & Servers 4: Continuous Vulnerability Assessment & Remediation 5: Malware Defenses 6: Application Software Security 7: Wireless Device Control 8: Data Recovery Capability 9: Security Skills Assessment and Appropriate Training to Fill Gaps 10: Secure Configurations for Network Devices such as Firewalls, Routers, and Switches 11: Limitation and Control of Network Ports, Protocols, and Services 12: Controlled Use of Administrative Privileges 13: Boundary Defense 14: Maintenance, Monitoring, and Analysis of Security Audit Logs 15: Controlled Access Based on the Need to Know 16: Account Monitoring and Control 17: Data Loss Prevention 18: Incident Response Capability 19: Secure Network Engineering 20: Penetration Tests and Red Team Exercises

37 Summary Mobile Devices vs. Computers o o Similarities (yes Forrest, they are computers) Differences SMS Native Metadata Hardware / Carrier Issues (PINs, etc) Sidejacking Application Vulnerabilities 37 o o o o Things you Should be Doing Policies User Education Protect the Execs SANS Top 20 <-> Top 5 Mobile

38 38 Questions

39 New Mobile Security Tools Bleeding Edge Mobile Security Solutions 39

40 New Mobile Security Tools Can you hear me NOW, punk?!? 40

41 New Mobile Security Tools Android Security If you need to ask, you don t need to know. Really. 41 Source:

42 New Mobile Security Tools Sometimes Simple Security = Great Solutions 42

43 New Mobile Security Tools Hot from the UK: Less Mobile = Harder to Steal 43

44 New Mobile Security Tools Old School Tech 44

45 New Mobile Security Tools Keeping ahead of the Technology Curve 45 Source:

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

Critical Controls for Cyber Security. www.infogistic.com

Critical Controls for Cyber Security. www.infogistic.com Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability

More information

BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager

BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager 1 AGENDA Mobile Explosion Mobile Trends BYOD Benefits, Challenges and Threats BYOD Security BYOD Strategy

More information

Chris Boykin VP of Professional Services

Chris Boykin VP of Professional Services 5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing

More information

Check Point and Security Best Practices. December 2013 Presented by David Rawle

Check Point and Security Best Practices. December 2013 Presented by David Rawle Check Point and Security Best Practices December 2013 Presented by David Rawle Housekeeping o Mobiles on Silent o No File Alarms planned o Fire exits are in front and behind and down the stairs o Downstairs

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

5 Steps to Advanced Threat Protection

5 Steps to Advanced Threat Protection 5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious

More information

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE

More information

Looking at the SANS 20 Critical Security Controls

Looking at the SANS 20 Critical Security Controls Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of

More information

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013 An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information

More information

Security Management. Keeping the IT Security Administrator Busy

Security Management. Keeping the IT Security Administrator Busy Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching

More information

Securing Corporate Email on Personal Mobile Devices

Securing Corporate Email on Personal Mobile Devices Securing Corporate Email on Personal Mobile Devices Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture...

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies

More information

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off

Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Times have Changed & A/V Executives Agree An A/V product as your sole endpoint protection solution isn t enough.

More information

INFORMATION SECURITY FOR YOUR AGENCY

INFORMATION SECURITY FOR YOUR AGENCY INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection

More information

Trust Digital Best Practices

Trust Digital Best Practices > ARMING IT AGAINST SMARTPHONE THREATS Trust Digital Best Practices April 2009 The information contained herein is subject to change at any time, and Trust Digital makes no warranties, either express or

More information

How to Secure Your Environment

How to Secure Your Environment End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge

More information

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data. Mobility options and landscapes are evolving quickly for the corporate enterprise. Mobile platform providers such as Apple, Google and Microsoft, and leading device hardware vendors are constantly updating

More information

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:

More information

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute

Wasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute Wasting Money on the Tools? Automating the Most Critical Security Controls Bonus: Gaining Support From Top Managers for Security Investments Mason Brown Director, The SANS Institute The Most Trusted Name

More information

Great Now We Have to Secure an Internet of Things. John Pescatore SANS Director, Emerging Security Trends @John_Pescatore

Great Now We Have to Secure an Internet of Things. John Pescatore SANS Director, Emerging Security Trends @John_Pescatore Great Now We Have to Secure an Internet of Things John Pescatore SANS Director, Emerging Security Trends @John_Pescatore 1 What the Heck is That?? 2 Different Views of the Internet of Things 3 Different

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

The Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole

The Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole The Future Is SECURITY THAT MAKES A DIFFERENCE Overview of the 20 Critical Controls Dr. Eric Cole Introduction Security is an evolution! Understanding the benefit and know how to implement the 20 critical

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014

ONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 ONE DEVICE TO RULE THEM ALL! 1993 2013 1 AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 2 1 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program

More information

Kaspersky Security for Mobile

Kaspersky Security for Mobile Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months

More information

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest DDoS Attacks: The Latest Threat to Availability Dr. Bill Highleyman Managing Editor Availability Digest The Anatomy of a DDoS Attack Sombers Associates, Inc. 2013 2 What is a Distributed Denial of Service

More information

Assessing the Effectiveness of a Cybersecurity Program

Assessing the Effectiveness of a Cybersecurity Program Assessing the Effectiveness of a Cybersecurity Program Lynn D. Shiang Delta Risk LLC, A Chertoff Group Company Objectives Understand control frameworks, assessment structures and scoping of detailed reviews

More information

How To Protect Your Network From Attack From A Cyber Threat

How To Protect Your Network From Attack From A Cyber Threat Targeting Improved Cyber Security Three Common Ways Electric Utilities Can Improve Their Cyber Security. By Power System Engineering, Inc. (PSE) Many managers understand the importance of strong cyber

More information

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security Enterprise Mobility - Mobile Device Security Story Context: TechnoLabs has been focusing and offers Enterprise Mobility as one of its solution offering. No can deny the fact that mobile computing can bring

More information

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and

More information

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com {ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling

More information

Guideline on Safe BYOD Management

Guideline on Safe BYOD Management CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version

More information

5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet

5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet 5 Considerations for a Successful BYOD Strategy Vincent Vanbiervliet Sr. Sales Engineer 1 What we ll talk about What is BYOD? Mobile Revolution, the Post PC era? BYOD: What to consider 1. Users 2. Devices

More information

Kaspersky Lab Mobile Device Management Deployment Guide

Kaspersky Lab Mobile Device Management Deployment Guide Kaspersky Lab Mobile Device Management Deployment Guide Introduction With the release of Kaspersky Security Center 10.0 a new functionality has been implemented which allows centralized management of mobile

More information

Passing PCI Compliance How to Address the Application Security Mandates

Passing PCI Compliance How to Address the Application Security Mandates Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These

More information

Mobile Device Strategy

Mobile Device Strategy Mobile Device Strategy Technology Experience Bulletin, TEB: 2012-01 Mobile Device Strategy Two years ago, the Administrative Office of Pennsylvania Courts (AOPC) standard mobile phone was the Blackberry.

More information

Cyber Exploits: Improving Defenses Against Penetration Attempts

Cyber Exploits: Improving Defenses Against Penetration Attempts Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How

More information

How To Protect Your Mobile Devices From Security Threats

How To Protect Your Mobile Devices From Security Threats Back to the Future: Securing your Unwired Enterprise By Manoj Kumar Kunta, Global Practice Leader - Security Back to the Future: Securing your Unwired Enterprise The advent of smartphones and tablets has

More information

2012 Data Breach Investigations Report

2012 Data Breach Investigations Report 2012 Data Breach Investigations Report A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting & Information

More information

BYOD and Your Business

BYOD and Your Business BYOD and Your Business Learn about the BYOD trend, the risks associated with this trend, and how to successfully adopt BYOD while securing your network. Agenda The rise of BYOD Security risks associated

More information

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.

More information

Mobile Application Security Sharing Session May 2013

Mobile Application Security Sharing Session May 2013 Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers

More information

Symantec Mobile Management Suite

Symantec Mobile Management Suite Symantec Mobile Management Suite One Solution For All Enterprise Mobility Needs Data Sheet: Mobile Security and Management Introduction Most enterprises have multiple mobile initiatives spread across the

More information

Jumpstarting Your Security Awareness Program

Jumpstarting Your Security Awareness Program Jumpstarting Your Security Awareness Program Michael Holcomb Director, Information Security HO20110473 1 Jumpstarting Your Security Awareness Program Classification: Confidential Owner: Michael Holcomb

More information

Symantec Mobile Management 7.2

Symantec Mobile Management 7.2 Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

SCAC Annual Conference. Cybersecurity Demystified

SCAC Annual Conference. Cybersecurity Demystified SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber

More information

Asset Management In A Consumerized World

Asset Management In A Consumerized World Asset Management In A Consumerized World Generously sponsored by: August 28, 2012 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London Welcome Conference Moderator Allan Wall ISSA Web Conference Committee

More information

Protecting Corporate Data from Mobile Threats. And the emerging role for microsd-based security Art Swift CEO, CUPP Computing

Protecting Corporate Data from Mobile Threats. And the emerging role for microsd-based security Art Swift CEO, CUPP Computing Protecting Corporate Data from Mobile Threats And the emerging role for microsd-based security Art Swift CEO, CUPP Computing 1 Information security is broken $77B WORLDWIDE SPENDING ON INFORMATION SECURITY

More information

Why The Security You Bought Yesterday, Won t Save You Today

Why The Security You Bought Yesterday, Won t Save You Today 9th Annual Courts and Local Government Technology Conference Why The Security You Bought Yesterday, Won t Save You Today Ian Robertson Director of Information Security Michael Gough Sr. Risk Analyst About

More information

IIABSC 2015 - Spring Conference

IIABSC 2015 - Spring Conference IIABSC 2015 - Spring Conference Cyber Security With enough time, anyone can be hacked. There is no solution that will completely protect you from hackers. March 11, 2015 Chris Joye, Security + 1 2 Cyber

More information

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD STRATEGY ANALYTICS INSIGHT October 2012 Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD By Mark Levitt, Analyst/Director at Strategy Analytics BYOD

More information

Module 1: Facilitated e-learning

Module 1: Facilitated e-learning Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1

More information

Security Issues with Integrated Smart Buildings

Security Issues with Integrated Smart Buildings Security Issues with Integrated Smart Buildings Jim Sinopoli, Managing Principal Smart Buildings, LLC The building automation industry is now at a point where we have legitimate and reasonable concern

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

Mobile Device Management

Mobile Device Management 1. Introduction Mobile Device Management This document introduces security risks with mobile devices, guidelines for managing the security of mobile devices in the Enterprise, strategies for mitigating

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell

Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell Mobile Mobile Mobile Devices in the CU Environ Mobile Banking Risks and Reward Tom Schauer ü Since 1986 ü TrustCC Founded TrustCC in 2001 ü

More information

Enterprise Mobility as a Service

Enterprise Mobility as a Service Service Description: Insert Title Enterprise Mobility as a Service Multi-Service User Management for Mobility 1. Executive Summary... 2 2. Enterprise Mobility as a Service Overview... 3 3. Pricing Structure...

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense

Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense John M. Gilligan Information systems Security Association National Capital Chapter January 19, 2010 1 Topics Background

More information

Mobile Security: Controlling Growing Threats with Mobile Device Management

Mobile Security: Controlling Growing Threats with Mobile Device Management Mobile Security: Controlling Growing Threats with Mobile Device Management As the use of mobile devices continues to grow, so do mobile security threats. Most people use their mobile devices for both work

More information

Feature List for Kaspersky Security for Mobile

Feature List for Kaspersky Security for Mobile Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance

More information

Securing OS Legacy Systems Alexander Rau

Securing OS Legacy Systems Alexander Rau Securing OS Legacy Systems Alexander Rau National Information Security Strategist Sample Agenda 1 Today s IT Challenges 2 Popular OS End of Support & Challenges for IT 3 How to protect Legacy OS systems

More information

Best Practices for a BYOD World

Best Practices for a BYOD World Face Today s Threats Head-On: Best Practices for a BYOD World Chris Vernon CISSP, VTSP Security Specialist Agenda Mobile Threats Overview 2013 State of Mobility Survey Canada BYOD Best Practices 2 Mobile

More information

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011

10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection. September 2011 10 Potential Risk Facing Your IT Department: Multi-layered Security & Network Protection September 2011 10 Potential Risks Facing Your IT Department: Multi-layered Security & Network Protection 2 It s

More information

3 Steps to Implementing an Effective BYOD Mobile Security Strategy

3 Steps to Implementing an Effective BYOD Mobile Security Strategy White Paper 3 Steps to Implementing an Effective BYOD Mobile Security Strategy How to Augment Your MDM, MAM, NAC and SIEM Deployments to Truly Mitigate Mobile Risks and Protect Enterprise Resources Table

More information

Detecting Cyber Attacks in a Mobile and BYOD Organization

Detecting Cyber Attacks in a Mobile and BYOD Organization SOLUTION BRIEF Detecting Cyber Attacks in a Mobile and BYOD Organization Explore the challenges, understand the needs, evaluate mobile device management as an approach to detecting attacks and offer a

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness

More information

Mobile First Government

Mobile First Government Mobile First Government An analysis of NIST and DISA requirements for the adoption of commercially available mobility platforms by government agencies August 2013 415 East Middlefield Road Mountain View,

More information

Remote Access Security

Remote Access Security Glen Doss Towson University Center for Applied Information Technology Remote Access Security I. Introduction Providing remote access to a network over the Internet has added an entirely new dimension to

More information

Is Your IT Environment Secure? November 18, 2015. Sarah Ackerman, Greg Bernard, Brian Matteson Clark Schaefer Consulting

Is Your IT Environment Secure? November 18, 2015. Sarah Ackerman, Greg Bernard, Brian Matteson Clark Schaefer Consulting Is Your IT Environment Secure? November 18, 2015 Sarah Ackerman, Greg Bernard, Brian Matteson Clark Schaefer Consulting Clark Schaefer Consulting Serving elite and emerging companies with practical solutions

More information

4 Steps to Effective Mobile Application Security

4 Steps to Effective Mobile Application Security Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional

More information

Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security

Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security March 14, 2013 About: Daniel Security researcher for almost a decade

More information

Symantec Mobile Management for Configuration Manager 7.2

Symantec Mobile Management for Configuration Manager 7.2 Symantec Mobile Management for Configuration Manager 7.2 Scalable, Secure, and Integrated Device Management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices

More information

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones

More information

Parla, Secure Cloud Email

Parla, Secure Cloud Email Parla, Secure Cloud Email Secure Email, Instant Messaging, Calendar, Contacts, Tasks, File sharing and Notes across all devices The 1 st Secure Email and Instant Messaging from and European Security Vendor

More information

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work. OWA vs. MDM Introduction SmartPhones and tablet devices are becoming a common fixture in the corporate environment. As feature phones are replaced with new devices such as iphone s, ipad s, and Android

More information

BYOD: BRING YOUR OWN DEVICE.

BYOD: BRING YOUR OWN DEVICE. white paper BYOD: BRING YOUR OWN DEVICE. On-boarding and Securing Devices in Your Corporate Network Preparing Your Network to Meet Device Demand The proliferation of smartphones and tablets brings increased

More information

Acceptable Media Use and Bring Your Own Device (BYOD) Policy

Acceptable Media Use and Bring Your Own Device (BYOD) Policy Acceptable Media Use and Bring Your Own Device (BYOD) Policy Author: Mr Joe Cowell Headteacher Date Ratified by Governors: September 2015 Date of Review: September 2018 Wollaston School Acceptable Media

More information

Top 20 Critical Security Controls

Top 20 Critical Security Controls Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need

More information

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC Cyber Security CHAD KNUTSON SECURE BANKING SOLUTIONS 2014 SECURE BANKING SOLUTIONS, LLC Presenter Chad Knutson Senior Information Security Consultant Masters in Information Assurance CISSP (Certified Information

More information

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University

Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1. Awareness of BYOD Security Concerns. Benjamin Tillett-Wakeley. East Carolina University Running Head: AWARENESS OF BYOD SECURITY CONCERNS 1 Awareness of BYOD Security Concerns Benjamin Tillett-Wakeley East Carolina University AWARENESS OF BYOD SECURITY CONCERNS 2 Abstract This paper will

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Security. Mobile Device FOR. by Rich Campagna, Subbu Iyer, and Ashwin Krishnan. John Wiley & Sons, Inc. Foreword by Mark Bauhaus.

Security. Mobile Device FOR. by Rich Campagna, Subbu Iyer, and Ashwin Krishnan. John Wiley & Sons, Inc. Foreword by Mark Bauhaus. Mobile Device Security FOR by Rich Campagna, Subbu Iyer, and Ashwin Krishnan Foreword by Mark Bauhaus Executive Vice President, Device and Network Systems Business Group, Juniper Networks WILEY John Wiley

More information

Effective Security in BYOD Environment 如 何 提 高 自 攜 裝 置 的 有 效 保 安. Roger Lee Presentation for ITRC Forum 2013 3 Dec 2013

Effective Security in BYOD Environment 如 何 提 高 自 攜 裝 置 的 有 效 保 安. Roger Lee Presentation for ITRC Forum 2013 3 Dec 2013 Effective Security in BYOD Environment 如 何 提 高 自 攜 裝 置 的 有 效 保 安 Roger Lee Presentation for ITRC Forum 2013 3 Dec 2013 Agenda Some Alarming Clips 2013 BYOD and Mobile Security Report BYOD vs COPE Why BYOD?

More information

IT Security Risks & Trends

IT Security Risks & Trends IT Security Risks & Trends Key Threats to All Businesses 1 1 What do the following have in common? Catholic church parish Hospice Collection agency Main Street newspaper stand Electrical contractor Health

More information

Mobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall

Mobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall Mobile security and your EMR Presented by: Shawn Tester & Allen Cornwall Date: October 14, 2011 Overview General Security Challenges & best practices Mobile EMR interfaces - EMR Access - Today & Future

More information

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices It s common today for law enforcement

More information

1. Introduction... 1. 2. Activation of Mobile Device Management... 3. 3. How Endpoint Protector MDM Works... 5

1. Introduction... 1. 2. Activation of Mobile Device Management... 3. 3. How Endpoint Protector MDM Works... 5 User Manual I Endpoint Protector Mobile Device Management User Manual Table of Contents 1. Introduction... 1 1.1. What is Endpoint Protector?... 2 2. Activation of Mobile Device Management... 3 2.1. Activation

More information

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology ARCHITECT S GUIDE: Comply to Connect Using TNC Technology August 2012 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97006 Tel (503) 619-0562 Fax (503) 644-6708 admin@trustedcomputinggroup.org

More information

The Hidden Dangers of Public WiFi

The Hidden Dangers of Public WiFi WHITEPAPER: OCTOBER 2014 The Hidden Dangers of Public WiFi 2 EXECUTIVE SUMMARY 4 MARKET DYNAMICS 4 The Promise of Public WiFi 5 The Problem with Public WiFi 6 MARKET BEHAVIOR 6 Most People Do Not Protect

More information

PCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com

PCI DSS Overview and Solutions. Anwar McEntee Anwar_McEntee@rapid7.com PCI DSS Overview and Solutions Anwar McEntee Anwar_McEntee@rapid7.com Agenda Threat environment and risk PCI DSS overview Who we are Solutions and where we can help Market presence High Profile Hacks in

More information

Kaspersky Security 10 for Mobile Implementation Guide

Kaspersky Security 10 for Mobile Implementation Guide Kaspersky Security 10 for Mobile Implementation Guide APPLICATION VERSION: 10.0 MAINTENANCE RELEASE 1 Dear User, Thank you for choosing our product. We hope that you will find this documentation useful

More information