Bryan Hadzik Network Consulting Services, inc. Endpoint Security Data At Rest
|
|
- Emery Wilcox
- 8 years ago
- Views:
Transcription
1 Bryan Hadzik Network Consulting Services, inc. Endpoint Security Data At Rest
2 Look back on 2010 Agenda Incident types Inside Job? Source of Risk Role of Encryption Some Conclusions
3 2010 A Year In Review The Good The Bad And the (occasionally) Ugly
4 First, The Good News (Or Is It?) Some good news:
5 More Likely.
6 Incident Types: 2010
7 Incident by Vector
8 Understanding Insider Attacks: Some Definitions "There are two kinds of people in the world: those who divide the world into two kinds of people, and those who don't Robert Benchley
9 Understanding Insider Attacks: Quantifying Attacks 48% of attacks involve an insider Source: 2010 Verizon Risk Team Data Breach Investigation Report
10 Understanding Insider Attacks: Some Definitions Accidental Malicious Insider Risk
11 Non-Malicious
12 Understanding Insider Attacks: Non-Malicious
13 Some Stats 7% of all laptops are lost during their operational lifetime Source: Ponemon Institute
14 Some Stats 7% of all laptops are lost during their operational lifetime 60% are simply misplaced Source: Ponemon Institute
15 Examples in 2010
16 Healthcare ALONE 147 Breaches in 2010
17 Healthcare ALONE 45% involved a laptop or portable electronic device
18 Not just the BIG companies It happens every day
19 Malicious Insiders
20 Malicious Insiders I ll just blend right in
21 Malicious Insiders CERT indentified four, broad groups: 1. Sabotage (often out of a desire for revenge) 2. Attacks for financial benefit 3. Attacks for business gain 4. Attacks associated with unauthorized access but not necessarily for personal gain Source: "Common Sense Guide to Prevention and Detection of Insider Threats
22 Looking For Commonalities 46% of attacks another staff member had direct knowledge of the attacker s plans US Secret Service/Carnegie Mellon whitepaper :"Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector"
23 Malicious Insiders At least no-one has mentioned WikiLeaks..
24 The WikiLeak Era
25 Coming To A Board Room Near You?
26 Some Practical Steps
27 CERT s 16 Step Program 1. CONSIDER THREATS FROM INSIDERS AND BUSINESS PARTNERS IN ENTERPRISE-WIDE RISK ASSESSMENTS 2. CLEARLY DOCUMENT AND CONSISTENTLY ENFORCE POLICIES AND CONTROLS 3. INSTITUTE PERIODIC SECURITY AWARENESS TRAINING FOR ALL EMPLOYEES 4. MONITOR AND RESPOND TO SUSPICIOUS OR DISRUPTIVE BEHAVIOR, BEGINNING WITH THE HIRING PROCESS 5. ANTICIPATE AND MANAGE NEGATIVE WORKPLACE ISSUES 6. TRACK AND SECURE THE PHYSICAL ENVIRONMENT 7. IMPLEMENT STRICT PASSWORD AND ACCOUNT MANAGEMENT POLICIES AND PRACTICES. 8. ENFORCE SEPARATION OF DUTIES AND LEAST PRIVILEGE 9. CONSIDER INSIDER THREATS IN THE SOFTWARE DEVELOPMENT LIFE CYCLE 10. USE EXTRA CAUTION WITH SYSTEM ADMINISTRATORS AND TECHNICAL OR PRIVILEGED USERS 11. IMPLEMENT SYSTEM CHANGE CONTROLS 12. LOG, MONITOR, AND AUDIT EMPLOYEE ONLINE ACTIONS 13. USE LAYERED DEFENSE AGAINST REMOTE ATTACKS 14. DEACTIVATE COMPUTER ACCESS FOLLOWING TERMINATION 15. IMPLEMENT SECURE BACKUP AND RECOVERY PROCESSES 16. DEVELOP AN INSIDER INCIDENT RESPONSE PLAN Source: CERT's "Common Sense Guide to Prevention and Detection of Insider Threats"
28 CERT s 16 Step Program 1. CONSIDER THREATS FROM INSIDERS AND BUSINESS PARTNERS IN ENTERPRISE-WIDE RISK ASSESSMENTS 2. CLEARLY DOCUMENT AND CONSISTENTLY ENFORCE POLICIES AND CONTROLS 3. INSTITUTE PERIODIC SECURITY AWARENESS TRAINING FOR ALL EMPLOYEES 4. MONITOR AND RESPOND TO SUSPICIOUS OR DISRUPTIVE BEHAVIOR, BEGINNING WITH THE HIRING PROCESS 5. ANTICIPATE AND MANAGE NEGATIVE WORKPLACE ISSUES 6. TRACK AND SECURE THE PHYSICAL ENVIRONMENT 7. IMPLEMENT STRICT PASSWORD AND ACCOUNT MANAGEMENT POLICIES AND PRACTICES. 8. ENFORCE SEPARATION OF DUTIES AND LEAST PRIVILEGE 9. CONSIDER INSIDER THREATS IN THE SOFTWARE DEVELOPMENT LIFE CYCLE 10. USE EXTRA CAUTION WITH SYSTEM ADMINISTRATORS AND TECHNICAL OR PRIVILEGED USERS 11. IMPLEMENT SYSTEM CHANGE CONTROLS 12. LOG, MONITOR, AND AUDIT EMPLOYEE ONLINE ACTIONS 13. USE LAYERED DEFENSE AGAINST REMOTE ATTACKS 14. DEACTIVATE COMPUTER ACCESS FOLLOWING TERMINATION 15. IMPLEMENT SECURE BACKUP AND RECOVERY PROCESSES 16. DEVELOP AN INSIDER INCIDENT RESPONSE PLAN Technical Controls/Process Non-Technical Controls/Process Source: CERT's "Common Sense Guide to Prevention and Detection of Insider Threats"
29 Boiling That Down Be able to identify the causes of insider attacks Technical or process vulnerabilities Management problems Enforce good segregation of duties Watch for technical precursors (log, monitor, audit) Privilege escalations Service account use Changing access rights Have good processes in place for high-risk events and individuals
30 The Business Problem Internet Cafe Prospect List Employee Patient Records Transit Home Social Security Numbers Customer Credit Card Info. Site Intellectual Property Classified Information Office Partner Contractor Airport Critical enterprise data resides on numerous endpoint devices enterprises are now looking for comprehensive data protection solutions 30
31 How are you Keeping up with Changing Regulations? Industry Regulations PCI DSS Visa Europe Sarbanes Oxley (SOX) EuroSOX - Directive 2006/43/EC Basel II - International Convergence of Capital Measurement and Capital Standards US Federal Regulations HIPAA & The HITECH Act FISMA 2 (ICE) Data Breach Notification Act (S139) Data Accountability and Trust Act (HR 2221) US State Regulations SB1386 (the first) 201 CMR 17 (one of the latest) NRS 603A (requires PCI DSS) >45 other State & US Jurisdiction Laws Desktops Laptops USB Memory Sticks Smartphone s & PDA s CD/DVD
32 Consider: Non-Compliance Costs Gartner Estimates $160/account Ponemon Estimates $243/account Company Accounts Impacted Estimated Breach Cost Country Avg. Cost per Record (USD) Avg. Total Cost of a breach (USD) Health Net 446k $70 - $75 Million MA Secretary of Commonwealth 139k $22 - $25 Million AMR 79k $10 - $15 Million Lincoln Medical & Mental Health 130k $15 - $20 Million San Jose Medical 110k $12 - $17 Million Boeing 382k $60 - $65 Million Australia million France million Germany million UK million US million Average million ING 13k $1.5 - $2 Million Fidelity 196k $31 - $36 Million A4e 24k $3 - $4 Million Other Costs: - Reputation - Brand - Innovation - Operations - Personal Risks Ponemon Institute estimates $243 per victim for a first time data breach in it s Fourth Annual US Cost of Data Breach Study published in January Gartner estimate: $160 per account in direct charges: legal expenses, professional fees; customer notification; embedded costs of cleanup and recovery, systems Gartner G
33 How Encryption Can Help A little help here, please...
34 How Encryption Can Help: Non-Malicious Incidents Especially important to prevent accidental data breaches Source: Ponemon Institute: Cost of a lost laptop
35 How Encryption Can Help: Non-Malicious Incidents Especially important to prevent accidental data breaches Source: Ponemon Institute: Cost of a lost laptop
36 Role Of Encryption Technologies such as encryption can be implemented to prevent such users from reading or modifying sensitive files to which they should not have access. Source: CERT's "Common Sense Guide to Prevention and Detection of Insider Threats"
37 Should we encrypt the entire disk? Everything needs to go through the encryption Overhead on every single read/write The system cannot boot up without password Password sync can be difficult NOT required for audit purposes NOT required for security
38 What are we encrypting with full disk encryption Files 20% 10% 15% 40% OS Program Files Temp data User Data
39 What are they looking for? Fixed drive C:\documents and settings\username C:\windows\system32\config\sam C:\pagefile.sys Removable drive Any documents
40 Which encryption is best? Full Disk Encryption Complete encryption of hard disk, including boot and system files Disadvantage: Encryption only on system level - no awareness of user or type of data Only available for Desktops and Laptops System administration significantly impacted No separation of system and security administration No protection against copy onto external media Data-Centric Encryption Data automatically encrypted based on policies Encryption awareness of users, groups, systems and data types System remains accessible for system administration Central Administration for all devices and storage media with automated key escrow for guaranteed recovery Automatic detection and enforced protection of external media File & Folder Encryption Files and Folders specifically selected by the user are encrypted Disadvantage: Security dependent on user behavior Temporary application files can leak information No central administration or key recovery Impossible to enforce or prove compliance
41 How should the protection work? Fixed drive C:\documents and settings\username File level user encryption Policy based C:\windows\system32\config\sam Tamper protection C:\pagefile.sys System level encryption
42 How should the protection work? Removable Drive Policy based file level encryption Only encrypt what is important No user interaction required
43 The problem with ipads Top down enterprise adoption New platform Personal devices
44 The specs 256 bit AES* Local wipe Remote wipe VPN Code signing Passcode policies *Not perfect
45 The Challenges Top Down C-levels are the first to get the device Bypass normal testing and validation Make it work attitude Personal All I need to know is username/password Easy to discover settings even without auto discover Wipe
46 ios is the target Phone, ipad share the same OS Jailbreakers are doing all the work for other reasons Most exciting new platform Commonplace
47 Encryption? Rated at AES 256 bit Passcode does not relate to encryption The keychain is the key username/password Vpn username/password
48 How to do it? Jailbreak Install ssh server Execute script that asks for the keychain info No reverse encryption necessary Just ask nicely Cannot be removed and broken, but just as easy to break on the device
49 What do we get?
50 How to protect Data The hard way Keep the data off the device* VDI Disallow Exchange activesync Disallow syncing *Not technologically difficult
51 How to protect Data The medium difficult way Allow data, but encrypt and secure access Insist on Exchange activesync Create policies Local wipe Remote wipe Local encryption Keeping device current VDI the very sensitive data Remote wipe means password reset
52 FIREWALL FIREWALL LANDesk MOBILE GUARDIAN Enterprise Edition INTERNAL NETWORK Existing Infrastructure DMZ REMOTE NETWORK Central Admin Console Active Directory Exchange Server with CMG OTA Sync Control CMG Local Gatekeeper or Proxy Policy Enterprise Server CMG Policy Proxy Internet CMG Shielded Devices CMG Shielded Devices Secure and control data across all mobile and portable endpoints Device detection and enforced provisioning across all connections Local policy enforcement ensures data protection travels with the device at all times Scalable, single point of management and control for all platforms Leverages existing infrastructure for seamless integration 52
53 Primary objectives 1 Keeps your business out of the headlines and protects your brand by eliminating the need to notify customers/employees of lost or stolen data 2 Provides proof that a lost or stolen mobile device was encrypted to meet compliance requirements 3 Provides Maximum Security with Minimal Impact on operational processes and end users
54 Moving Out To The Cloud The Cloud makes the challenges of Insider Threat more complex: Increases complexity of quantifying risk Managing that risk Ensuring compliance Serves as a barrier to adoption of Cloud offerings These challenges exist for both private and public cloud infrastructures
55 Some Conclusions Insider incidents are often accidental
56 Some Conclusions In the event of an accidental disclosure, or malicious theft, encryption has been proven to reduce both risk and cost
57 Three important things to protect Data on the local HD Lost laptop scenario Policy based file encryption No user interaction User/system level keys Escrowed to server Removable media Malicious or not data removal Drive level encryption
58 Three important things to protect Tablets/Smart Phones Local Wipe Remote wipe(password reset) Insist on exchange activesync
59 Thank You!
I ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationSecureAge SecureDs Data Breach Prevention Solution
SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal
More informationSecuring Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology
20140115 Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology TABLE OF CONTENTS What s at risk for your organization? 2 Is your business
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationSECURELINK.COM REMOTE SUPPORT NETWORK
REMOTE SUPPORT NETWORK I. INTRODUCTION EXECUTIVE SUMMARY MANAGING REMOTE SUPPORT IN A SECURE ENVIRONMENT Enterprise software vendors strive to maximize support efficiency log on to the customer system,
More informationEncryption Buyers Guide
Encryption Buyers Guide Today your organization faces the dual challenges of keeping data safe without affecting user productivity. Encryption is one of the most effective ways to protect information from
More informationProtecting Your Data On The Network, Cloud And Virtual Servers
Protecting Your Data On The Network, Cloud And Virtual Servers How SafeGuard Encryption can secure your files everywhere The workplace is never static. Developments include the widespread use of public
More informationEnterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect
Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...
More informationManaging BitLocker Encryption
Managing BitLocker Encryption WWW.CREDANT.COM Introduction Organizations are facing a data security crisis. Despite decades of investment in security, breaches of sensitive information continue to dominate
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationFor your eyes only - Encryption and DLP Erkko Skantz
For your eyes only - Encryption and DLP Erkko Skantz Symantec Finland 1 USER PRODUCTIVITY INFORMATION MANAGEMENT DATA CENTER SECURITY 2 Focus on information 3 Today's System-Centric Enterprise Data Center
More informationAUDIT TAX SYSTEMS ADVISORY
AUDIT TAX SYSTEMS ADVISORY Presented by: Jim Rumph Introduction JIM RUMPH, CISA Systems Manager Jim is a graduate of the University of Georgia with a Bachelor of Business Administration in Accounting and
More informationSECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK
SECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK Whitepaper 2 Secure File Sharing and Collaboration: The Path to Increased Productivity and Reduced Risk Executive
More informationRSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief
RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The
More informationFull Disk Encryption Drives & Management Software. The Ultimate Security Solution For Data At Rest
Full Disk Encryption Drives & Management Software The Ultimate Security Solution For Data At Rest Agenda Introduction Information Security Challenges Dell Simplifies Security Trusted Drive Technology Seagate
More informationPCI Data Security Standards (DSS)
ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants
More informationAdopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
More informationHow to use Alertsec to Enable SOX Compliance for Your Customers
How to use Alertsec to Enable SOX Compliance for Your Customers Alertsec offers Cloud Managed - Policy Controlled - Security Modules for Ensuring Compliance at the Endpoints Contents Executive Summary...
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationProtecting personally identifiable information: What data is at risk and what you can do about it
Protecting personally identifiable information: What data is at risk and what you can do about it Virtually every organization acquires, uses and stores personally identifiable information (PII). Most
More informationRisk Mitigation Strategies: Lessons Learned from Actual Insider Attacks
Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks Dawn M. Cappelli Andrew P. Moore CERT Program Software Engineering Institute Carnegie Mellon University 04/09/08 Session Code:DEF-203
More informationDeciphering the Code: A Simple Guide to Encryption
Deciphering the Code: A Simple Guide to Encryption By Anthony Merry, Director of Product Management - Data Protection A business s success is increasingly dependent on its ability to leverage its data.
More informationSolutions Brief. PC Encryption Regulatory Compliance. Meeting Statutes for Personal Information Privacy. Gerald Hopkins Cam Roberson
Solutions Brief PC Encryption Regulatory Compliance Meeting Statutes for Personal Information Privacy Gerald Hopkins Cam Roberson March, 2013 Personal Information at Risk Legislating the threat Since the
More informationThe Essential Security Checklist. for Enterprise Endpoint Backup
The Essential Security Checklist for Enterprise Endpoint Backup IT administrators face considerable challenges protecting and securing valuable corporate data for today s mobile workforce, with users accessing
More informationKaspersky Lab s Full Disk Encryption Technology
Kaspersky Lab s Full Disk Encryption Technology In the US alone, an estimated 12,000 laptops are lost or stolen each week. According to the Ponemon Institute, a laptop is stolen every 53 seconds; more
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationInformation Security Addressing Your Advanced Threats
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
More informationSecurely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
More information= AUDIO. The Importance of Mobile Device Management in HIT. An Important Reminder. Mission of OFMQ 12/9/2015
The Importance of Mobile Device Management in HIT Mario Cruz OFMQ Chief Information Officer An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906 0123. Step 2: Enter code 2071585#.
More informationIntroduction. PCI DSS Overview
Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,
More information2 0 1 4 F G F O A A N N U A L C O N F E R E N C E
I T G OV E R NANCE 2 0 1 4 F G F O A A N N U A L C O N F E R E N C E RAJ PATEL Plante Moran 248.223.3428 raj.patel@plantemoran.com This presentation will discuss current threats faced by public institutions,
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationGoing Beyond Basic Full Disk Encryption: Are You Really Covered? A PGP Corporation White Paper
Endpoint Data Protection Buyer s Guide Going Beyond Basic Full Disk Encryption: Are You Really Covered? A PGP Corporation White Paper 1 Table of Contents Executive Summary... 2 I. Assessing Encryption
More informationHow To Protect Yourself From Cyber Threats
Cyber Security for Non- Profit Organizations Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 May 2015 Agenda IT Security Basics e- Discovery Compliance Legal Risk Disaster Plans Non- Profit
More informationHow To Manage A Privileged Account Management
Four Best Practices for Passing Privileged Account Audits October 2014 1 Table of Contents... 4 1. Discover All Privileged Accounts in Your Environment... 4 2. Remove Privileged Access / Implement Least
More informationPlan of Attack 5 Step Plan
Plan of Attack 5 Step Plan Naming those Digital Assets Practicing Digital Doomsday Training + Policies and Procedures Technology Tuning Security in the Supply Chain Next Steps Sample Plan 0 to 30 Days
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationHow to Practice Safely in an era of Cybercrime and Privacy Fears
How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,
More informationFileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.
FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution. In today s world the potential for ready access to data from virtually any device over any type of network connection creates
More informationEndpoint protection for physical and virtual desktops
datasheet Trend Micro officescan Endpoint protection for physical and virtual desktops In the bring-your-own-device (BYOD) environment, protecting your endpoints against ever-evolving threats has become
More informationSecurity Trends and Client Approaches
Security Trends and Client Approaches May 2010 Bob Bocchino, CISA ERM Security and Compliance Business Advisor IBU Technology Sales Support Industries Business Unit, Technology Sales Support 1 Mark Dixon
More informationSecuring Healthcare Data on Mobile Devices
Securing Healthcare Data on Mobile Devices Michelle Cook, Healthcare Mobility Specialist Keith Glynn, CISSP, Sr. Technical Solutions Engineer October 31, 2013 Poll Question #1 Has your organization deployed
More informationPresentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy
Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes
More informationEnterprise Mobility as a Service
Service Description: Insert Title Enterprise Mobility as a Service Multi-Service User Management for Mobility 1. Executive Summary... 2 2. Enterprise Mobility as a Service Overview... 3 3. Pricing Structure...
More informationThe ForeScout Difference
The ForeScout Difference Mobile Device Management (MDM) can help IT security managers secure mobile and the sensitive corporate data that is frequently stored on such. However, ForeScout delivers a complete
More informationProtecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11
Protecting What Matters Most Terry Ray Chief Product Strategist Trending Technologies Session 11 Cyber attacks are bad and getting Significant economic Stock price fell by 14% Impacted profits by 46% Total
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationSecurity Architecture Whitepaper
Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationCONTENTS. Abstract... 2. Need for Desktop Management... 2. What should typical Desktop Management Software do?... 2. Securing Desktops...
CONTENTS Abstract... 2 Need for Desktop Management... 2 What should typical Desktop Management Software do?... 2 Securing Desktops... 3 Standardization... 4 Troubleshooting... 4 Auditing IT Assets... 5
More informationE-Virus in Six Cisco Routers
Name of the Project: e.g. Organization Development By Roland Cheung @HKCERT Agenda Malware Trend Security Risk on Industry Sector Case Study Security Mitigations Malware Trend Reason Fun Profit Direct
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationSecuring SharePoint 101. Rob Rachwald Imperva
Securing SharePoint 101 Rob Rachwald Imperva Major SharePoint Deployment Types Internal Portal Uses include SharePoint as a file repository Only accessible by internal users Company Intranet External Portal
More informationPlugging the Leaks: Best Practices in Endpoint Security
Plugging the Leaks: Best Practices in Endpoint Security Main Line / Date / Etc. XXXX May 2008 2nd Line 80-11-01601 xx-xx-xxxx Revision 1.0 Tagline Here Introduction It s hard to open a newspaper or browse
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationCyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s
Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s 1 Agenda Data Security Trends Root causes of Cyber Attacks How can we fix this? Secure Infrastructure Security Practices
More informationSecuring Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits
A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide
More informationNine Network Considerations in the New HIPAA Landscape
Guide Nine Network Considerations in the New HIPAA Landscape The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Omnibus Final Rule, released January 2013, introduced some significant
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationNavigating Endpoint Encryption Technologies
Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationForeScout MDM Enterprise
Highlights Features Automated real-time detection of mobile Seamless enrollment & installation of MDM agents on unmanaged Policy-based blocking of unauthorized Identify corporate vs. personal Identify
More informationMobile security and your EMR. Presented by: Shawn Tester & Allen Cornwall
Mobile security and your EMR Presented by: Shawn Tester & Allen Cornwall Date: October 14, 2011 Overview General Security Challenges & best practices Mobile EMR interfaces - EMR Access - Today & Future
More informationSecuring Platform as a Service: A Technical Whitepaper on Security Practices at CloudBees
Securing Platform as a Service: A Technical Whitepaper on Security Practices at CloudBees As a consumer of cloud services, you are relying on your cloud service provider in ways that were previously limited
More informationTake Control of Identities & Data Loss. Vipul Kumra
Take Control of Identities & Data Loss Vipul Kumra Security Risks - Results Whom you should fear the most when it comes to securing your environment? 4. 3. 2. 1. Hackers / script kiddies Insiders Ex-employees
More informationSymantec Mobile Management 7.2
Scalable, secure, and integrated device management Data Sheet: Endpoint Management and Mobility Overview The rapid proliferation of mobile devices in the workplace is outpacing that of any previous technology
More informationWhen enterprise mobility strategies are discussed, security is usually one of the first topics
Acronis 2002-2014 Introduction When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come as no surprise that Acronis Access Advanced
More informationPractical Storage Security With Key Management. Russ Fellows, Evaluator Group
Practical Storage Security With Key Management Russ Fellows, Evaluator Group SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies
More informationSecuring Virtual Desktop Infrastructures with Strong Authentication
Securing Virtual Desktop Infrastructures with Strong Authentication whitepaper Contents VDI Access Security Loopholes... 2 Secure Access to Virtual Desktop Infrastructures... 3 Assessing Strong Authentication
More informationHow To Protect Your Mobile Devices From Security Threats
Back to the Future: Securing your Unwired Enterprise By Manoj Kumar Kunta, Global Practice Leader - Security Back to the Future: Securing your Unwired Enterprise The advent of smartphones and tablets has
More informationThe Ministry of Information & Communication Technology MICT
The Ministry of Information & Communication Technology MICT Document Reference: ISGSN2012-10-01-Ver 1.0 Published Date: March 2014 1 P a g e Table of Contents Table of Contents... 2 Definitions... 3 1.
More informationManaging Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec
Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics
More informationManaged Hosting & Datacentre PCI DSS v2.0 Obligations
Any physical access to devices or data held in an Melbourne datacentre that houses a customer s cardholder data must be controlled and restricted only to approved individuals. PCI DSS Requirements Version
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside Out Latest Innovations in Oracle Database 12c Jukka Männistö Database Architect Oracle Nordic Coretech Presales The 1995-2014 Security Landscape Regulatory Landscape HIPAA, SOX (2002),
More informationTop Five Ways to Protect Your Network. A MainNerve Whitepaper
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
More informationactivecho Driving Secure Enterprise File Sharing and Syncing
activecho Driving Secure Enterprise File Sharing and Syncing activecho Overview In today s enterprise workplace, employees are increasingly demanding mobile and collaborative solutions in order to get
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More information2012 NCSA / Symantec. National Small Business Study
2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National
More informationWhat IT Auditors Need to Know About Secure Shell. SSH Communications Security
What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic
More informationSample Data Security Policies
This document provides three example data security policies that cover key areas of concern. They should not be considered an exhaustive list but rather each organization should identify any additional
More informationGlobal security intelligence. YoUR DAtA UnDeR siege: DeFenD it with encryption. #enterprisesec kaspersky.com/enterprise
Global security intelligence YoUR DAtA UnDeR siege: DeFenD it with encryption #enterprisesec kaspersky.com/enterprise Contents Your Data Under Siege: Defend it with Encryption 3 Steps Taken to Minimise
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationCyber Exploits: Improving Defenses Against Penetration Attempts
Cyber Exploits: Improving Defenses Against Penetration Attempts Mark Burnette, CPA, CISA, CISSP, CISM, CGEIT, CRISC, QSA LBMC Security & Risk Services Today s Agenda Planning a Cyber Defense Strategy How
More informationBEST PRACTICES. Encryption. www.kaspersky.com
BEST PRACTICES www.kaspersky.com 2 YOUR GUIDE TO ENCRYPTION BEST PRACTICES. Data Protection. Act. Proactive data protection is a global business imperative. Kaspersky Lab can help you implement many of
More informationResearch Information Security Guideline
Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different
More informationWebsense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration
Websense Data Security Suite and Cyber-Ark Inter-Business Vault The Power of Integration Websense Data Security Suite Websense Data Security Suite is a leading solution to prevent information leaks; be
More informationFortinet Solutions for Compliance Requirements
s for Compliance Requirements Sarbanes Oxley (SOX / SARBOX) Section / Reference Technical Control Requirement SOX references ISO 17799 for Firewall FortiGate implementation specifics IDS / IPS Centralized
More informationCloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
More informationSecuring Data on Portable Media. www.roxio.com
Securing Data on Portable Media www.roxio.com Contents 2 Contents 3 Introduction 4 1 The Importance of Data Security 5 2 Roxio Secure 5 Security Means Strong Encryption 6 Policy Control of Encryption 7
More informationMobile Device Management for CFAES
Mobile Device Management for CFAES What is Mobile Device Management? As smartphones and other mobile computing devices grow in popularity, management challenges related to device and data security are
More informationAgenda. Cyber Security: Potential Threats Impacting Organizations 1/6/2015. January 10, 2015 Scott Petree
Cyber Security: Potential Threats Impacting Organizations January 10, 2015 Scott Petree Agenda 2 Data Security Trends Root Causes of Cyber Attacks How Can We Fix This? Secure Infrastructure User Awareness
More informationBelmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.
Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.
More informationWhite Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0
White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative
More informationSecureD Technical Overview
WHITEPAPER: SecureD Technical Overview WHITEPAPER: SecureD Technical Overview CONTENTS section page 1 The Challenge to Protect Data at Rest 3 2 Hardware Data Encryption Provides Maximum Security 3 3 SecureD
More information