Innovative Approaches to Enhance Digital Security
|
|
- Ginger Anderson
- 8 years ago
- Views:
Transcription
1 Innovative Approaches to Enhance Digital Security 2014 Latin America Treasury & Finance Conference A Blueprint for a Digitally Connected Treasury Sabine McIntosh Global Head TTS Digital Security and Account Services sabine.mcintosh@citi.com +44 (20) Elizabeth Petrie Director Strategic Analysis elizabeth.petrie@citi.com +1 (202) Treasury and Trade Solutions
2 (B) Increase in Digital Banking Enhances Need for Cyber Security As business interactions move online, cyber threats are becoming more sophisticated and dangerous. Tremendous Growth of Online Interactions with each Click or Tap Leaving a Trail of Data Cyber Threat and Fraud are on the Rise with Significant Impacts on Business and the Economy 4x In 10 yrs 44x In 10 yrs Global Devices Connected to the Internet 60 50B 40 15B 20 5B Global Digital Data (In Exabytes) 40,000 20, $3 Trillion Estimated cyber attack fallout cost to global economy by $200+ Billion Estimated amount stolen from banks, financial institutions, companies and individuals, double the amount in Source: World Economic Forum, SWIFT. 1. McKinsey report: Risk and responsibility in a hyperconnected world: Implications for enterprises ; January The Guardian Report: Online fraud costs global economy many times more than $100 billion ; October
3 Increasing Sophistication The Changing Information Security Threat Landscape The cyber threat landscape continues to evolve as better organized and more sophisticated attackers have emerged. Organized crime and Nation States Highly organized and well funded Driven by the opportunity for financial or geopolitical gain Destructive adversaries with aim of disrupting economy Individual players Opportunistic and casual Driven by desire to prove they can Typically still individual players Premeditated and planned actions Driven by desire for financial gain Evolving Threats An Illustration of the Information Security Challenge Past Present Speed of Attack Target of Attack Value of Information Complexity of Business Model Sophistication of Techniques Availability of Tools Non real-time theft of passwords and confidential information Typically targets of opportunity Very variable hard to monetize without exposing the malicious actor Workforce primarily based in same geography as business and on payroll Moderately sophisticated adversaries seeking to exploit well known vulnerabilities Custom tools created by knowledgeable individuals to perform a specific attack Real time compromises of customer computers and communication channels Frequently specifically chosen high value targets Readily monetized in a sophisticated, secure, and anonymous underground economy Workforce increasingly cross border and outsourced Highly sophisticated supply chain to create or detect vulnerabilities and exploit tools, then sold to worker bees Malicious tools are commodity items readily available on the black market 3
4 Nature and Frequency of Attacks The amount of knowledge required to launch very sophisticated attacks is decreasing over time making these threats more severe each day. Recent attacks show increased knowledge and understanding of the technology, infrastructure and systems of their victims. Bad Actors are going after customers, suppliers, and third parties in addition to direct attacks. Intelligence, external and internal as well as shared knowledge across the industry and governments will be the most effective counter strategies. Attack Sophistication vs. Intruder Technical Knowledge High Required Intruder Knowledge Attack Sophistication Low Disabling audits Password cracking Self-replicating code Password guessing Back doors Burglaries Packet spoofing Sniffers Sweepers Hijacking sessions GUI Exploiting known vulnerabilities Denial of service Cross site scripting Stealth /advanced scanning techniques Automated probes/scans www attacks Coordinated DDOS Botnets Staged Distributed attack tools SQL Injections Tools Mobile Malware
5 Key Adversaries Cyber Criminals Motivation: Make Money. Methods: Very mature underground economy supporting every facet of cyber criminal activity. Cyber Terrorism Motivation: Instill fear so targets comply with demands or ideology. Methods: Using cyber to enable their programs (Recruit, Incite, Train, Plan and Finance). Underground forums allow these groups to easily acquire destructive capabilities. Hactivists Motivation: Seek publicity for their geopolitical agenda. Methods: Disruption and Defacement. State-Affiliated (Advanced Persistent Threat) Motivation: Political and technological advantage to improve self interests. Methods: Advanced operations to gain a foothold into a target s infrastructure. Once a foothold is established, the adversary performs reconnaissance and methodically plans their attack. APT actors often leave back doors to re-establish access to the target in case their primary means is identified and mitigated. 5
6 Understanding Information Security Risk Information Security Risk is determined based on strong assessment of the threats, known vulnerabilities and the assets involved. External Insecure Code and Applications Intellectual Property Nation State Cyber Terrorists Cyber Criminals Hacktivists Toxic Combinations/Over Entitlements Client Side Software Vulnerabilities Unauthorized Privileged User Access Corporate Data Credentials Financial Transactions Internal Privileged Users End Users Unencrypted Data Improper Configuration Management Network and Operating System Software Vulnerabilities 6
7 Threat Implications and Impact on Business The rise of the cyber threat has wide immediate business implications and significant impacts over the longterm. Immediate Implications for the Business Loss of data Corruption or destruction of data Unauthorized access Account takeovers Compromised systems and applications Impact on the Business Reputational loss Financial loss/fraud Regulatory compliance incidents and penalties Client loss Unavailability of services 7
8 Role of Intelligence Execution Intelligence must be an integral part of the decision making process. Intelligence is having the right information, at the right time, and in the hands of the right people. Intelligence is embedded in the day-to-day work, from the establishment of a customer relationship to the execution of any service. Capturing and understanding the knowledge of employees is the foundation of a successful Intelligence Program. Intelligence Cycle Analysis and Production Dissemination Processing and Exploitation Active Collaboratio n Requirements Collection Planning and Direction Output/Deliverables Inform operational planning and strategic decision-making Inventory of intelligence resources Identification of resource gaps, recommendations for remediation Centralized mechanism for ad hoc intelligence data Regular, frequent updates to senior management and key business stakeholders (e.g. dashboard-type, high-level briefing report) Intelligence-sharing and knowledge-sharing (lessons learned, etc.) Source: 2008 Federal Bureau of Investigation; 8
9 Intelligence Involves Forward-Looking Insights Client Customer Trends Technology Evolution Intelligence Government Regulatory Threat Landscape Industry Trends Third Party Risk Intelligence is built from a mosaic cutting across various views, which helps to identify emerging trends, make informed decisions and predict the next event. Intelligence has a short half-life. Security Activity Intelligence + = Context Defense Situational Awareness 9
10 A Multi-Layered Approach to Information Security Using talent, processes and technology to approach Information Security significantly reduces cyber vulnerabilities and the impact. Identity and Access Management (IAM) Pillars Data Protection Global ID Administration Privileged User Managed Access Security Incident Management Intelligence Collection Vulnerability Assessment Third Party Information Security Assessments Secure System Development Lifecycle Information Security Risk Assessments and Issue Management 10
11 Digital Security is Our Business Citi invests large amounts annually to help protect client assets. Working with our clients is critical to the integrity of end-to-end security. Focus on Partnering End-to-end, Bringing Together Technology and Best Practices Channel Protection Security goes beyond technology and authentication mechanisms to various processes, including: Maker/checker compliance for transaction authorization Cyber Threat! Data Privacy Ensuring business devices are clean and password-protected Leveraging data for alerts Transaction Monitoring Payment monitoring and behaviorbased blocking tools Client collaboration is central to maintaining high security Digital channels have brought better control, but as we leverage new channels, we need to be at the top of our game and keep ahead of the curve. 11
12 Continuous Innovation to Keep Ahead of the Threat Citi continues to invest in Digital Security with several smart experiments in flight across TTS Innovation Labs. Biometrics Voice Biometrics: Evaluate technologies to enable user access via simple verification of their natural speech Behavioral Biometrics: Deploy passive login tool using client behavior (i.e. typing) that cannot be emulated by external agents Device Security Malware Detection: Enable passive detection tools to identify viruses Information Breach: Advise clients when their private credentials are being publicly distributed by cyber criminals Out of Band Security Out of Band Authentication: Provide One- Time-Password via SMS, Phone Call or device application, using a channel or device separate from the primary banking channel Digital Signature and Transaction Approval: Secure transactions via mobile device separate from desktop banking channel Client Experience Client Credential Re-Use: Enable clients to log-in using their own corporate issued credentials Risk-based Authentication: Enable simpler security for low risk transactions and complex security for higher risk transactions The key challenge is to balance user experience, security, and worldwide availability for Citi clients. The above smart experiments may or may not be rolled out. 12
13 The Power of Our Network CitiDirect BE SM Online Award winning digital corporate banking platform live in 96 markets that processes +$30 trillion annually CitiDirect BE SM Mobile Industry leading mobile platform that processed $113 billion in Mobile Payments from on-the-road ICG clients in 2013 alone! 13
14 Working Together to Secure Digital Transactions Client We are Only as Strong as the Weakest Link 14
15 IRS Circular 230 Disclosure: Citigroup Inc. and its affiliates do not provide tax or legal advice. Any discussion of tax matters in these materials (i) is not intended or written to be used, and cannot be used or relied upon, by you for the purpose of avoiding any tax penalties and (ii) may have been written in connection with the "promotion or marketing" of any transaction contemplated hereby ("Transaction"). Accordingly, you should seek advice based on your particular circumstances from an independent tax advisor. In any instance where distribution of this communication is subject to the rules of the US Commodity Futures Trading Commission ( CFTC ), this communication constitutes an invitation to consider entering into a derivatives transaction under U.S. CFTC Regulations 1.71 and , where applicable, but is not a binding offer to buy/sell any financial instrument. Any terms set forth herein are intended for discussion purposes only and are subject to the final terms as set forth in separate definitive written agreements. This presentation is not a commitment to lend, syndicate a financing, underwrite or purchase securities, or commit capital nor does it obligate us to enter into such a commitment, nor are we acting as a fiduciary to you. By accepting this presentation, subject to applicable law or regulation, you agree to keep confidential the information contained herein and the existence of and proposed terms for any Transaction. Prior to entering into any Transaction, you should determine, without reliance upon us or our affiliates, the economic risks and merits (and independently determine that you are able to assume these risks) as well as the legal, tax and accounting characterizations and consequences of any such Transaction. In this regard, by accepting this presentation, you acknowledge that (a) we are not in the business of providing (and you are not relying on us for) legal, tax or accounting advice, (b) there may be legal, tax or accounting risks associated with any Transaction, (c) you should receive (and rely on) separate and qualified legal, tax and accounting advice and (d) you should apprise senior management in your organization as to such legal, tax and accounting advice (and any risks associated with any Transaction) and our disclaimer as to these matters. By acceptance of these materials, you and we hereby agree that from the commencement of discussions with respect to any Transaction, and notwithstanding any other provision in this presentation, we hereby confirm that no participant in any Transaction shall be limited from disclosing the U.S. tax treatment or U.S. tax structure of such Transaction. We are required to obtain, verify and record certain information that identifies each entity that enters into a formal business relationship with us. We will ask for your complete name, street address, and taxpayer ID number. We may also request corporate formation documents, or other forms of identification, to verify information provided. Any prices or levels contained herein are preliminary and indicative only and do not represent bids or offers. These indications are provided solely for your information and consideration, are subject to change at any time without notice and are not intended as a solicitation with respect to the purchase or sale of any instrument. The information contained in this presentation may include results of analyses from a quantitative model which represent potential future events that may or may not be realized, and is not a complete analysis of every material fact representing any product. Any estimates included herein constitute our judgment as of the date hereof and are subject to change without any notice. We and/or our affiliates may make a market in these instruments for our customers and for our own account. Accordingly, we may have a position in any such instrument at any time. Although this material may contain publicly available information about Citi corporate bond research, fixed income strategy or economic and market analysis, Citi policy (i) prohibits employees from offering, directly or indirectly, a favorable or negative research opinion or offering to change an opinion as consideration or inducement for the receipt of business or for compensation; and (ii) prohibits analysts from being compensated for specific recommendations or views contained in research reports. So as to reduce the potential for conflicts of interest, as well as to reduce any appearance of conflicts of interest, Citi has enacted policies and procedures designed to limit communications between its investment banking and research personnel to specifically prescribed circumstances Citibank, N.A. All rights reserved. Citi and Citi and Arc Design are trademarks and service marks of Citigroup Inc. or its affiliates and are used and registered throughout the world. Citi believes that sustainability is good business practice. We work closely with our clients, peer financial institutions, NGOs and other partners to finance solutions to climate change, develop industry standards, reduce our own environmental footprint, and engage with stakeholders to advance shared learning and solutions. Highlights of Citi s unique role in promoting sustainability include: (a) releasing in 2007 a Climate Change Position Statement, the first US financial institution to do so; (b) targeting $50 billion over 10 years to address global climate change: includes significant increases in investment and financing of renewable energy, clean technology, and other carbon-emission reduction activities; (c) committing to an absolute reduction in GHG emissions of all Citi owned and leased properties around the world by 10% by 2011; (d) purchasing more than 234,000 MWh of carbon neutral power for our operations over the last three years; (e) establishing in 2008 the Carbon Principles; a framework for banks and their U.S. power clients to evaluate and address carbon risks in the financing of electric power projects; (f) producing equity research related to climate issues that helps to inform investors on risks and opportunities associated with the issue; and (g) engaging with a broad range of stakeholders on the issue of climate change to help advance understanding and solutions. Citi works with its clients in greenhouse gas intensive industries to evaluate emerging risks from climate change and, where appropriate, to mitigate those risks. efficiency, renewable energy and mitigation
Centralizing Treasury in Latin America
Centralizing Treasury in Latin America Liquidity Perspectives Ron Chakravarti Managing Director Treasury Advisory Citi Treasury and Trade Solutions Treasury Models: Some Variations Group Treasury Local
More informationUnderstanding & Realizing Big Data Potential
Understanding & Realizing Big Data Potential 2014 Latin America Treasury & Finance Conference A Blueprint for a Digitally Connected Treasury Driss R. Temsamani Analytics & Innovation Head driss.r.temsamani@citi.com
More informationDigital Security Cyber Security and Fraud Prevention
Treasury and Trade Solutions Citi Online Academy February 2015 Digital Security Cyber Security and Fraud Prevention Rajesh Shenoy Global Head of TTS Digital Security rajesh.a.shenoy@citi.com +1 (416) 947-5602
More informationWEXOnline Data Analysis and Reporting Tools
GSA SmartPay 2010 Conference WEXOnline Data Analysis and Reporting Tools Sharon Linnane Government Account Manager, Wright Express Corporation 12 th Annual GSA SmartPay Conference Atlanta, GA August 10-12,
More informationTreasure Trove The Rising Role of Treasury in Accounts Payable
Treasury and Trade Solutions North America July 30, 2015 Treasure Trove The Rising Role of Treasury in Accounts Payable 2015 Citibank, N.A. All rights reserved Today s Speakers Andrew Bartolini Chief Research
More informationCiti Supplier Finance
Treasury & Trade Solutions North America Trade Finance Citi Supplier Finance Supplier Finance Program for UTC Suppliers The Solution UTC and Citi have entered into a partnership that enables preferred
More informationHow To Harmonize Tax Processing On Flows In Euro Zone
T2S Dedicated Info Session on Getting Ready for Cross-CSD Settlements Issue #2: Tax Processing Marcello Topa Citi Global Transaction Services EMEA 15/03/2012 Milan, Italy Issue #2: Tax Processing Scope
More informationPayment Factories: different ways of achieving payment efficiency. Jonathan Jordan EMEA Payments Market Manager, Citi Transaction Services
Payment Factories: different ways of achieving payment efficiency Jonathan Jordan EMEA Payments Market Manager, Citi Transaction Services The term Payment Factory is becoming increasingly talked about
More informationCitibank Custom Reporting System (CCRS) Cycle based Reporting
GSA SmartPay 2010 Conference Citibank Custom Reporting System (CCRS) Cycle based Reporting Mini Session 12 th Annual GSA SmartPay Conference Atlanta, GA August 10 12, 2010 Goals and Objectives This course
More informationRisk Management in Global Operating Industry
Risk Management in Global Operating Industry World Financial Symposium 2015 Here is the News Saleema Brohi Aviation Legal Expert Session Sponsor World Financial Symposium 2015 Cyber Attack! - Beyond Firewalls
More informationAdvanced Management and Delinquency Reporting Hands On
GSA SmartPay 2010 Conference Advanced Management and Delinquency Reporting Hands On Tony Swann & Rob Robbins Training & Account Management 12 th Annual GSA SmartPay Conference Atlanta, GA August 10-12,
More informationIssues Facing the Asset Management Industry. Navigating a Challenging Environment
Issues Facing the Asset Management Industry Navigating a Challenging Environment Top Issues Facing Asset Managers Primary challenges that Citi sees our asset manager clients facing Regulatory Complexity
More informationTreasury and Trade Services Global Payments. Citi Payment Analytics User Guide
Treasury and Trade Services Global Payments Citi Payment Analytics User Guide Table of Contents 1. Accessing Payment Analytics 2. Dashboard Overview Getting to the Citi Payment Analytics Dashboard Overview
More informationPreventing Misuse and Abuse in Your Program
GSA SmartPay Conference Preventing Misuse and Abuse in Your Program Maureen Garlock Vice President, Citi 11 th Annual GSA SmartPay Conference Phoenix, Arizona July 28 th - July 30 th, 2009 Preventing Misuse
More informationCiti s Affordable Housing Subordinate Loan Program
Citi Community Capital August 19, 2014 Citi s Affordable Housing Subordinate Loan Program Citi s Affordable Housing Subordinate Loan Program Citi s Affordable Housing Subordinate Loan Program (the Program
More informationWhat s New in Citi s Online Tools
GSA SmartPay 2010 Conference What s New in Citi s Online Tools David Lipke Citi Product Development 12 th Annual GSA SmartPay Conference Atlanta, GA August 10 12, 2010 House Rules To ensure the best possible
More informationCIPI Soundbite: CPO/CTA Registration & non-us Funds
CIPI Soundbite: CPO/CTA Registration & non-us Funds Citibank International Plc, Ireland Branch October 2012 Glossary You must learn to talk clearly. The jargon of scientific terminology which rolls off
More informationClient Delivery TAMPA
Treasury and Trade Solutions April, 10 th 2015 Client Delivery TAMPA Patricia Pires Citi Service Center and Offshore Unit Head for Latin America Agenda Quién somos nosotros? Nuestra Estructura Nuestros
More informationImplementing a Program Management Plan
GSA SmartPay 2010 Conference Implementing a Program Management Plan Heelay Yaftali Vice President 12 th Annual GSA SmartPay Conference Atlanta, GA August 10-12, 2010 House Rules To ensure the best possible
More informationUsing CitiManager Card Management Module Travel
2011 GSA SmartPay Training Conference Using CitiManager Card Management Module Travel Instructor s Name Instructor s Title, Citi A Winning Hand: Solutions, Savings and Sustainability with GSA SmartPay
More informationProgram Audit Tool (Reporting Solution)
2011 GSA SmartPay Training Conference Program Audit Tool (Reporting Solution) Heelay Yaftali Vice President, Citi A Winning Hand: Solutions, Savings and Sustainability with GSA SmartPay The 13 th Annual
More informationGSA SmartPay 2010 Conference. Disputes: DoD Travel. Karen Young Senior Vice President, Citi
GSA SmartPay 2010 Conference Disputes: Karen Young Senior Vice President, Citi 12 th Annual GSA SmartPay Conference Atlanta, GA August 10-12, 2010 House Rules To ensure the best possible learning experience
More informationAgency Update: Hear the News from the Top
Market insights on Community Development Agency Update February 18, 2014 Agency Update: Hear the News from the Top Woody Brewer from Fannie Mae and Kim Griffith from Freddie Mac Share Their Views Woody
More informationGSA SmartPay Conference. Credit Card Basics. Bruce E. Sullivan VP / Head of Specialized Sales - Federal, Visa, Inc.
GSA SmartPay Conference Credit Card Basics Bruce E. Sullivan VP / Head of Specialized Sales - Federal, Visa, Inc. 11 th Annual GSA SmartPay Conference Phoenix, Arizona July 28 th - July 30 th, 2009 Credit
More informationDematerialization of Turkish Government Debt Instruments
Dematerialization of Turkish Government Debt Instruments Asli Gunel Central Registry Agency Gunsel Topbas Citibank A.S. Turkey 19 January 2012 1 Government Debt Instruments Quick Facts Central Bank of
More informationBECS Pre-Trade Analytics. An Overview
BECS Pre-Trade Analytics An Overview January 2010 Citi s Pre-Trade Analytical Products and Services Citi has a long history of providing advanced analytical tools to our clients. Significant effort has
More informationKuwait Stock Exchange. New Changes and Implementations
Kuwait Stock Exchange New Changes and Implementations May 2012 Table of Contents 1. Old and New systems 4 2. New Trading System X-stream 8 3. Sector Classification 11 4. Kuwait 15 Index 13 5. New Website
More informationCybersecurity: Is Your Company Prepared?
Treasury and Trade Solutions April 29, 2015 Cybersecurity: Is Your Company Prepared? Sabine Mcintosh Managing Director Global Head of TTS Digital Security and Account Services sabine.mcintosh@citi.com
More informationReports & Inquires Guide
Reports & Inquires Guide May 2013 Table of Contents 1 Overview 4 A. Report vs. Inquiry 6 B. Additional Resources 8 Online Help 9 CitiDirect Customer Support 9 2 Setting Preferences for Reports and Inquiries
More informationThe Benefits of Moving from Fragmented to Integrated Cash Application
The Benefits of Moving from Fragmented to Integrated Cash Application Basak Toprak, EMEA Market Manager for Receivables and Channel Services, Global Transaction Services, Citi Frank Gastl, MD of Hanse
More informationM E E T I N G November 17 th, 2010. A world of seamlessly integrated products, services and service.
M E E T I N G Citi Commercial Meeting Solutions Cards November 17 th, 2010 A world of seamlessly integrated products, services and service. Table of Contents I. Meetings & Events 3 A. Industry Overview:
More informationCitibank Presents: Techniques for Establishing a Successful Audit Process
GSA SmartPay Conference Citibank Presents: Techniques for Establishing a Successful Audit Process David Ruda, Noak Smith (VA) Vice President, Public Sector Market Manager, Commercial Cards Citibank Presents:
More informationGSA SmartPay Conference. Electronic Tools Overview Navy
GSA SmartPay Conference Electronic Tools Overview Navy The Tenth Annual GSA SmartPay Conference Towards New Horizons! Denver, Colorado July 22 nd - July 24 th, 2008 Goals and Objectives Provide an overview
More informationTax Initiatives The Common Reporting Standard
Treasury and Trade Solutions February 2016 Tax Initiatives The Common Reporting Standard The Common Reporting Standard (CRS) The Common Reporting Standard - Overview The Common Reporting Standard ( CRS
More informationCitibank Custom Reporting System (CCRS) Exporting and File Management
GSA SmartPay Conference Citibank Custom Reporting System (CCRS) Exporting and File Management Aras Toker Analyst Citibank Presents: Continue the Revolution Citibank Commercial Cards, Government Services
More informationFundamentals of Program Management
GSA SmartPay 2010 Conference Fundamentals of Program Management Heelay Yaftali Vice President 12 th Annual GSA SmartPay Conference Atlanta, GA August 10-12, 2010 House Rules To ensure the best possible
More informationInformation Security & Identity Theft
GSA SmartPay Conference Information Security & Identity Theft Maureen Garlock Vice President, Citi 11 th Annual GSA SmartPay Conference Phoenix, Arizona July 28 th - July 30 th, 2009 Techniques for Establishing
More informationGSA SmartPay Conference. Citibank Presents: Information Security and Identity Theft
GSA SmartPay Conference Citibank Presents: Information Security and Identity Theft Citibank Presents: Continue the Revolution Citibank Commercial Cards, Government Services The Ninth Annual GSA SmartPay
More informationU.S. General Services Administration. How Do I Manage My Centrally Billed Travel Program (GSA/FED) Adam Jackson Vice President Citi July 2012
U.S. General Services Administration How Do I Manage My Centrally Billed Travel Program (GSA/FED) Adam Jackson Vice President Citi July 2012 This material is intended for use by the GSA only 2012 GSA SmartPay
More informationPortfolio Management Tools and Processes. Real Estate Emerging Managers Summit January 10, 2012
Portfolio Management Tools and Processes Real Estate Emerging Managers Summit January 10, 2012 Discussion Agenda Topic Introductions Why do portfolio management tools and processes matter? Back Office
More informationIdentity Theft Trends and Prevention
GSA SmartPay 2010 Conference Identity Theft Trends and Prevention Gregory Munson, CISSP, CISM Senior VP, ICG Global Information Security 12 th Annual GSA SmartPay Conference Atlanta, GA August 10 12, 2010
More informationHomeland Security Perspectives: Cyber Security Partnerships and Measurement Activities
16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, Mid Atlantic Region National Cyber Security Division (NCSD) Office
More informationDefense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks
Defense-in-Depth Strategies for Secure, Open Remote Access to Control System Networks A look at multi-vendor access strategies Joel Langill TÜV FSEng ID-1772/09, CEH, CPT, CCNA Security Consultant / Staff
More informationTHE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.
THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from
More informationKASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com
KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationHigh Level Cyber Security Assessment 2/1/2012. Assessor: J. Doe
2/1/2012 Assessor: J. Doe Disclaimer This report is provided as is for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information
More informationWorking Effectively with Citi Department of Defense Travel
GSA SmartPay Conference Working Effectively with Citi Department of Defense Travel Stacy Eslich Vice President, Citi 11 th Annual GSA SmartPay Conference Phoenix, Arizona July 28 th - July 30 th, 2009
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationCyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte
Cyber security Time for a new paradigm Stéphane Hurtaud Partner Information & Technology Risk Deloitte 90 More than ever, cyberspace is a land of opportunity but also a dangerous world. As public and private
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationEvolving Threats and Attacks: A Cloud Service Provider s viewpoint. John Howie Senior Director Online Services Security and Compliance
Evolving Threats and Attacks: A Cloud Service Provider s viewpoint John Howie Senior Director Online Services Security and Compliance Introduction Microsoft s Cloud Infrastructure Evolution of Threats
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationGlobal Tax Initiatives The Evolving Regulatory Environment
Treasury and Trade Solutions March 2016 Global Tax Initiatives The Evolving Regulatory Environment Global Tax Initiatives The Regulatory Environment Local Governments Governments are continuing to coordinate
More informationHow Do Threat Actors Move Deeper Into Your Network?
SECURITY IN CONTEXT LATERAL MOVEMENT: How Do Threat Actors Move Deeper Into Your Network? LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is
More informationCyber Security for audit committees
AUDIT COMMITTEE INSTITUTE Cyber Security for audit committees An introduction kpmg.com/globalaci 2 Audit Committee Institute An introduction to cyber security for audit committees Audit committees have
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationEnterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security
Enterprise Security Governance Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Governance and Organisational Model Risk Mgmt & Reporting Digital Risk & Security
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationDeveloping Secure Software in the Age of Advanced Persistent Threats
Developing Secure Software in the Age of Advanced Persistent Threats ERIC BAIZE EMC Corporation DAVE MARTIN EMC Corporation Session ID: ASEC-201 Session Classification: Intermediate Our Job: Keep our Employer
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationPENETRATION TESTING GUIDE. www.tbgsecurity.com 1
PENETRATION TESTING GUIDE www.tbgsecurity.com 1 Table of Contents What is a... 3 What is the difference between Ethical Hacking and other types of hackers and testing I ve heard about?... 3 How does a
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationThe Fleet Industry Trends in Fleet Management
GSA SmartPay 2010 Conference The Fleet Industry Trends in Fleet Management Gary Robbins Vice President/Wright Express Corporation 12 th Annual GSA SmartPay Conference Atlanta, GA August 10-12, 2010 House
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationCYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More informationCybersecurity Strategic Talent Management. March, 2012
Cybersecurity Strategic Talent Management March, 2012 Cyber Operations - Starts with People Exploit Intel Attack Cyber Operations Defend Enablers 2 Talent Management Challenge Mission: Attract, Develop,
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationTable of Contents. Application Vulnerability Trends Report 2013. Introduction. 99% of Tested Applications Have Vulnerabilities
Application Vulnerability Trends Report : 2013 Table of Contents 3 4 5 6 7 8 8 9 10 10 Introduction 99% of Tested Applications Have Vulnerabilities Cross Site Scripting Tops a Long List of Vulnerabilities
More informationCertified Identity and Access Manager (CIAM) Overview & Curriculum
Identity and access management (IAM) is the most important discipline of the information security field. It is the foundation of any information security program and one of the information security management
More informationData Platform Security. Vinod Kumar Technology Evangelist www.extremeexperts.com http://blogs.sqlxml.org/vinodkumar
Data Platform Security Vinod Kumar Technology Evangelist www.extremeexperts.com http://blogs.sqlxml.org/vinodkumar Agenda Problem Statement Security for Enterprise Security Defaults - Vulnerabilities Configurations
More informationPrime Finance. Perspective. Prime Custody: Asset Protection & Operational Simplicity
Prime Finance Perspective Prime Custody: Asset Protection & Operational Simplicity February 2010 For more information contact Prime Finance around the globe: New York 1 800 773 2889 Boston 1 617 346 9935
More informationInformation Security Policy
Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationAANVAL INDUSTRY FOCUS SOLUTIONS BRIEF. Aanval for Financial Services
TACTICAL FLEX, INC. AANVAL INDUSTRY FOCUS SOLUTIONS BRIEF Aanval for Financial Services Aanval is a product of Tactical FLEX, Inc. - Copyright 2012 - All Rights Reserved Challenge for IT in Today s Financial
More informationRisk Assessment and Cloud Strategy Development: Getting it Right this Time!
Risk Assessment and Cloud Strategy Development: Getting it Right this Time! Barbara Endicott-Popovsky, PhD University of Washington Center of Information Assurance and Cybersecurity Kirsten Ferguson-Boucher
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationThreat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations
Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations September 2015 Copyright 2015 Deloitte Development LLC. All rights reserved. This presentation
More informationFERPA: Data & Transport Security Best Practices
FERPA: Data & Transport Security Best Practices April 2013 Mike Tassey Privacy Technical Assistance Center FERPA and Data Security Unlike HIPAA and other similar federal regulations, FERPA does not require
More informationSecurity and Privacy
Security and Privacy Matthew McCormack, CISSP, CSSLP CTO, Global Public Sector, RSA The Security Division of EMC 1 BILLIONS OF USERS MILLIONS/BILLIONS OF APPS 2010 Cloud Big Data Social Mobile Devices
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationInformation Protection Removing Fear, Uncertainty and Doubt. September 2015
Information Protection Removing Fear, Uncertainty and Doubt September 2015 Agenda 1 State of the Nation for cybersecurity Dynamic world of change Key Cyber trends New vectors of threats Potential impacts
More informationSecurity Overview. BlackBerry Corporate Infrastructure
Security Overview BlackBerry Corporate Infrastructure Published: 2015-04-23 SWD-20150423095908892 Contents Introduction... 5 History... 6 BlackBerry policies...7 Security organizations...8 Corporate Security
More informationPresented by Evan Sylvester, CISSP
Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationInformation Security Management System for Microsoft s Cloud Infrastructure
Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System
More informationCyber Watch. Written by Peter Buxbaum
Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs
More informationCYBERSECURITY HOT TOPICS
1 CYBERSECURITY HOT TOPICS Secure Banking Solutions 2 Presenter Chad Knutson VP SBS Institute Senior Information Security Consultant Masters in Information Assurance CISSP, CISA, CRISC www.protectmybank.com
More informationCyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats
Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations
More informationA New Approach to Assessing Advanced Threat Solutions
A New Approach to Assessing Advanced Threat Solutions December 4, 2014 A New Approach to Assessing Advanced Threat Solutions How Well Does Your Advanced Threat Solution Work? The cyber threats facing enterprises
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationThreats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1
Threats and Attacks Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to:
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationHACKING RELOADED. Hacken IS simple! Christian H. Gresser cgresser@nesec.de
HACKING RELOADED Hacken IS simple! Christian H. Gresser cgresser@nesec.de Agenda About NESEC IT-Security and control Systems Hacking is easy A short example where we currently are Possible solutions IT-security
More information