Government Worker Privacy Survey. Improper Exposure of Official Use, Sensitive, and Classified Materials
|
|
- Eugene Cunningham
- 8 years ago
- Views:
Transcription
1 Government Worker Privacy Survey Improper Exposure of Official Use, Sensitive, and Classified Materials
2 1 Introduction Data privacy is a growing concern for the US government as employees conduct business outside of secure environments, analysts and operators with varying degrees of clearance conduct their mission in shared operations centers and office space, and the military and field agents conduct remote operations and deployments to their mission destinations. The IT security industry has focused primarily on protecting the network and device layers, without much consideration of the most outward facing risk the last 2 feet from the computer screen to the user. This vulnerable expanse, if compromised, puts both the individual and the organization at risk. Government employees are often put in even more vulnerable situations than their commercial counterparts due to the nature of their business. They are direct targets from nation states, terrorists, organized crime and other nefarious sources attempting to better their position by stealing intellectual property and national secrets. In December of 2011, we released the results of a mobile worker privacy survey that highlighted the lack of protections in the commercial space for preventing data leakage from over- the- shoulder eavesdroppers. Those survey results are summarized in the OptioLabs Mobile Worker Privacy Survey Whitepaper available at: worker- privacy- study/. The purpose of this new study is to look at the Federal workplace to understand the types of documents being viewed on government computers and how they are protected. At the 2012 FOSE Conference & Exposition in Washington D.C., we conducted a new survey to capture the thoughts and opinions of the government community. We presented the same set of questions that were asked of their commercial counterparts. Interestingly enough, we found that while the government cohort considered display security a high priority, not many were doing anything about it. There has always been a sense that the government takes security much more seriously than the private sector, but this study found that both government and commercial organizations are about equal when it comes to data loss vulnerability. Even more concerning is the type of data at risk for exposure, including For Official Use Only (FOUO) and classified government information. The survey found that 60 percent of respondents use their computers in public places to view sensitive information. In fact, most respondents indicated they work with multiple types of sensitive information. Fifty- seven percent stated that they work with financial/credit card data; 18 percent work with For Official Use Only (FOUO) information (this is primarily used by the United States Department of Defense as a handling instruction for Controlled Unclassified Information); 18 percent work with human resources data and 19 percent work with classified information. We randomly selected over 100 people for this survey. Throughout this report, we outline our results and make comparisons to the commercial mobile worker survey that support our claim that neither commercial industry or government agencies are doing enough to prevent data loss through visual means.
3 Contents Introduction... 1 Government Not Protecting Critical Data In Public... 3 False Sense of Security... 4 Data Exposure... 5 Government Data Remains Exposed... 6 Government Survey Results How often do you use your computer in public spaces? How often are you concerned about other people looking at your display? What do you use your computer for: Business, Personal, Both How often have you looked at someone else s display without their knowledge? Do you use a screen privacy solution? What kinds of data do you work with that require privacy? How often have you worked with private information outside of the office? If only you could view your screen, would you be more productive in public places? How important is privacy to you? Survey Demographics Are you male or female? Which category below includes your age? What job level do you perform in your organization? What industry do you work in? Who is your employer? About OptioLabs
4 3 Government Not Protecting Critical Data In Public While most expect the government to operate in a much safer working environment, we found that both government and commercial organizations are about equal when it comes to data loss vulnerability. Late in 2011 the company executed a survey of mobile workers in the private sector that showed strikingly similar results to this new government study. Our survey found that 99% of Government and Commercial users value data privacy; yet less than 20% use some form of screen protection. Government and commercial users both place a high value on privacy of data, but neither put much effort in taking action to protect or prevent data loss through visual eavesdropping. One might think the government would take much greater efforts to protect their critical information, however, our results show that only 18% use some form of screen protection. In comparison, 12% of workers use screen protection in the commercial space. Of the 18% using protection, 15% use a plastic filter while 3% use some form of software protection. Figure 1: Summary Results
5 4 False Sense of Security It is well known that foreign entities target government employees, executives and their computer systems in efforts to exploit intellectual property and extract valuable information. All government departments recognize the issue and have IT policies, systems and procedures in place to minimize potential losses. With this degree of attention and in light of several well publicized breaches it was surprising to find that only 75% of those surveyed expressed concern about people looking at private information on their computer displays in public places and 62% admitted to looking at other people s displays regularly. Why displays are not part of existing IT security policy is a puzzle that may be partly attributed to a false sense of security and a lack of education on the threat. Government workers are less concerned about privacy of data at the visual endpoint than commercial mobile workers and may not appreciate their risk of exposure. As is the case in the private sector, the public sector values productivity beyond the boundaries of the work environment. Our survey shows that 41% of the government cohort believes that having the ability to work outside of the office will increase productivity while the commercial statistic of 52% is fairly comparable. As mobile technology continues to be adopted by the government this opportunities for the adversary will only grow. Figure 2: Threat and Productivity Comparison
6 5 Data Exposure 60 percent of respondents indicated using a computer in a public place with confidential information on their computer screens and 69% admit to working on sensitive information outside of the office. The top four data types exposed in public places, in order, are: 1. Financial/Credit Card Information (57 percent) 2. Classified and FOUO Information (47 percent) 3. Personal Information (SSNs, Medical, Human Resources) (44 percent) 4. Proprietary / Trade Secret (18 percent) Sensitive data such as financial results and credit card numbers, classified and FOUO information, personal records, healthcare records, and intellectual property are being regularly exposed. Figure 3: Types of Data Exposed The impact of individuals not protecting data on computer screens has serious financial consequences for all organizations. In 2008 the U.S. Secret Service and Carnegie Mellon CERT performed an in- depth study of insider incidents at a wide variety of government, financial, IT and telecommunication entities. Their study revealed that 42% of incidents began with simple observation of unprotected computer screens, resulting in an average cost of $400,000 per incident.
7 6 Government Data Remains Exposed While protecting data on computers is top of mind for everyone, most organizations are focused on conventional security technologies such as anti- virus software, personal firewalls and spam filters. The WikiLeaks episode clearly revealed one crucial fact the government did not have adequate protections on sensitive data, and the status quo of traditional security tools and official policy could not stop a breach. Besides tightening up controls on removable media, WikiLeaks underscores the need for the government to start looking at a system the way an attacker does by looking for the weakest links. The majority of breaches are made through social engineering attacks that start with simple observation. Adversaries, especially insiders, start by observing computer screens surreptitiously to launch their attacks. Government needs to start looking for weakest links just like the attacker does. Preventing data leakage is a high priority within the government and yet one of the easiest access points, the computer screen, is being overlooked. Over- the- shoulder reconnaissance reveals what is available, where it is, and who has access to it all the ingredients an adversary needs to succeed at a data breach. The traditional tools for protecting computer screens from data leakage are the ever- unpopular plastic privacy filters, but even if they are used they are ineffective at stopping a breach. All it takes is a direct view from behind the user to get a clear view of the screen. Clearly the government needs a more effective technology solution for securing displayed information. Studies of security breaches by the U.S. Secret Service, Verizon Business, Carnegie Mellon and others consistently reveal insiders are causing 30% to 50% of incidents. Social engineers, disgruntled employees, suppliers, and competitors can be adept at maneuvering around strong controls to exploit points of weakness, including simply looking over someone s shoulder to steal information directly from the screen. With insider incidents costing organizations an average of $750,000 per year, the stakes are high. Even the U.S. Government has recognized the issue and in 2010 updated the legal definition of Computer Trespassing to include looking at a computer screen that an individual was not authorized to view. While the new statute makes it easier to prosecute social engineers, catching them remains the primary challenge. What s lacking are technical security solutions to protect information over the last two feet of the network: from the screen to the user s eyes. OptioLabs will continue to expand the survey results with ongoing surveys of consumers, enterprise, and government mobile workers. Our goal is to raise awareness as a first step in helping organizations to recognize and solve this growing challenge.
8 7 Government Survey Results The following section details responses to the questions posed during the survey. 1. How often do you use your computer in public spaces?
9 8 2. How often are you concerned about other people looking at your display?
10 9 3. What do you use your computer for: Business, Personal, Both
11 10 4. How often have you looked at someone else s display without their knowledge?
12 11 5. Do you use a screen privacy solution?
13 12 6. What kinds of data do you work with that require privacy?
14 13 7. How often have you worked with private information outside of the office?
15 14 8. If only you could view your screen, would you be more productive in public places?
16 15 9. How important is privacy to you?
17 16 Survey Demographics The following section details all of the demographics of the people who completed the survey. 10. Are you male or female?
18 Which category below includes your age?
19 What job level do you perform in your organization?
20 What industry do you work in?
21 Who is your employer?
22 About OptioLabs Computer screens are the last unprotected frontier in information security. You secure your networks and your hard drives, but how do you secure displayed data from unauthorized viewers? Prying eyes are everywhere from insider threats in the office to competitors in the airport. Developed by a team of security experts, PrivateEye Enterprise from OptioLabs is security software for organizations that need to control proprietary and regulated information displayed on Windows desktops, laptops, and tablets. PrivateEye Enterprise actively prevents visual eavesdroppers by blurring the display on a device whenever an authorized user is not paying attention. It looks for potential visual eavesdroppers nearby and will warn the user or automatically protect the display whenever one is detected. It s convenient for the user, automatically recognizing their faces so that they don t have to type passwords, but it is tough on potential intruders. Anyone attempting to break in to an unattended workstation will have their picture taken and recorded in an audit log. For enterprises needing to comply with regulations, PrivateEye Enterprise s audit trail gives a whole new level of evidence that can be used to prove data on displays is continuously protected against unauthorized disclosure. PrivateEye Enterprise is a product you can depend on to protect your data. OptioLabs develops transformational security products for the mobile enterprise and embedded systems. Led by a world- class team of technologists, and leveraging innovations developed for national security protocols, OptioLabs has pioneered game- changing advanced security solutions for the world's leading mobile platforms. With offices in Baltimore and Nashville, Tennessee, OptioLabs customers include federal agencies, commercial enterprises, and device manufacturers. 21 Contact sales@optiolabs.com West Camden Street Suite 801 Baltimore, Maryland Download a free trial of PrivateEye Enterprise at OptioLabs Inc.
Insider Threats in the Real World Eavesdropping and Unauthorized Access
Insider Threats in the Real World Eavesdropping and Unauthorized Access A Visual Data Security Whitepaper Prepared by: OptioLabs Camden Yards 323 West Camden Street, Suite 801 Baltimore, Maryland 21201
More informationKeep Your Records Private. Addressing The Need for Display Security in Healthcare Environments. PrivateEye Enterprise
Keep Your Records Private Addressing The Need for Display Security in Healthcare Environments PrivateEye Enterprise 1 Introduction Protecting the privacy of medical records, clinical systems, medical imaging
More informationHIPAA Compliance with LT Auditor+
HIPAA Compliance with LT Auditor+ An Executive White Paper By BLUE LANCE, Inc. BLUE LANCE INC. www.bluelance.com 713.255.4800 info@bluelance.com On February 20, 2003, the Department of Health and Human
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More information10 best practice suggestions for common smartphone threats
10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationPenetration Testing Service. By Comsec Information Security Consulting
Penetration Testing Service By Consulting February, 2007 Background The number of hacking and intrusion incidents is increasing year by year as technology rolls out. Equally, there is no hiding place your
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationSecuring Endpoints without a Security Expert
How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series
More informationon Data and Identity Theft*
on Data and Identity Theft* What you need to know about emerging topics essential to your business. Brought to you by PricewaterhouseCoopers. October 2008 A collaborative business world s Achilles heel
More information82-10-43 Social Engineering and Reverse Social Engineering Ira S. Winkler Payoff
82-10-43 Social Engineering and Reverse Social Engineering Ira S. Winkler Payoff Social engineering is the term that hackers use to describe attempts to obtain information about computer systems through
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationTop Five Ways to Protect Your Network. A MainNerve Whitepaper
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
More informationMobile Application Security Report 2015
Mobile Application Security Report 2015 BY Author : James Greenberg 1 P a g e Executive Summary Mobile Application Security Report 2015 The mobile application industry is growing exponentially at an explosive
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationSecurity Basics: A Whitepaper
Security Basics: A Whitepaper Todd Feinman, David Goldman, Ricky Wong and Neil Cooper PricewaterhouseCoopers LLP Resource Protection Services Introduction This paper will provide the reader with an overview
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationSHS Annual Information Security Training
SHS Annual Information Security Training Information Security: What is It? The mission of the SHS Information Security Program is to Protect Valuable SHS Resources Information Security is Everyone s Responsibility
More informationData Loss Prevention Program
Data Loss Prevention Program Safeguarding Intellectual Property Author: Powell Hamilton Senior Managing Consultant Foundstone Professional Services One of the major challenges for today s IT security professional
More informationInformation Technology Acceptable Use Policies
White Paper: Information Technology Acceptable Use Policies A practical guide for protecting IT assets from the largest single IT Security threat inappropriate use of IT services, including desktops, email,
More informationHUMAN RESOURCES MANAGEMENT NETWORK (HRMN) SELF-SERVICE
PERFORMANCE AUDIT OF HUMAN RESOURCES MANAGEMENT NETWORK (HRMN) SELF-SERVICE DEPARTMENT OF CIVIL SERVICE July 2004 ...The auditor general shall conduct post audits of financial transactions and accounts
More informationDon't Be The Next Data Loss Story
Don't Be The Next Data Loss Story Data Breaches Don t Discriminate DuPont scientist downloaded 22,000 sensitive documents as he got ready to take a job with a competitor Royal London Mutual Insurance Society
More information2012 Endpoint Security Best Practices Survey
WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationBusiness Case. for an. Information Security Awareness Program
Business Case (BS.ISAP.01) 1 (9) Business Case for an Information Security Business Case (BS.ISAP.01) 2 Contents 1. Background 3 2. Purpose of This Paper 3 3. Business Impact 3 4. The Importance of Security
More informationSecure Email Inside the Corporate Network: INDEX 1 INTRODUCTION 2. Encryption at the Internal Desktop 2 CURRENT TECHNIQUES FOR DESKTOP ENCRYPTION 3
A Tumbleweed Whitepaper Secure Email Inside the Corporate Network: Providing Encryption at the Internal Desktop INDEX INDEX 1 INTRODUCTION 2 Encryption at the Internal Desktop 2 CURRENT TECHNIQUES FOR
More informationWhat do passwords cost your business?
What do passwords cost your business? Investigating the hidden costs in free password security As companies extend access to their business online, they need enhanced password security, better identity
More informationNetwork Security Landscape
Cole p01.tex V3-07/28/2009 3:46pm Page 1 Network Security Landscape COPYRIGHTED MATERIAL IN THIS PART Chapter 1 State of Network Security Chapter 2 New Approaches to Cyber Security Chapter 3 Interfacing
More informationCOUNTERINTELLIGENCE VULNERABILITY ASSESSMENT FOR CORPORATE AMERICA
COUNTERINTELLIGENCE VULNERABILITY ASSESSMENT FOR CORPORATE AMERICA 09/1 8/2009 version UNCLASSIFIED//FOR OFFICIAL USE ONLY Cl VULNERABILITY ASSESSMENT FOR CORPORATE AMERICA DEFINING COUNTERINTELLIGENCE
More informationSecurity & SMEs. An Introduction by Jan Gessin. Introduction to the problem
Security & SMEs An Introduction by Jan Gessin Introduction to the problem SMEs convinced it will never happen to them. In many ways SMEs are more of a target than big business. Harsh realities of the online
More informationInformation Security @ Blue Valley Schools FEBRUARY 2015
Information Security @ Blue Valley Schools FEBRUARY 2015 Student Data Privacy & Security Blue Valley is committed to providing an education beyond expectations to each of our students. To support that
More informationThreats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1
Threats and Attacks Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to:
More informationVOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance
VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance Valerie J.M. Watzlaf, PhD, RHIA, FAHIMA, Sohrab Moeini, MS, and Patti Firouzan, MS, RHIA Department of Health Information
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationAVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com
AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out
More informationINFORMATION SECURITY GUIDE. Employee Teleworking. Information Security Unit. Information Technology Services (ITS) July 2013
INFORMATION SECURITY GUIDE Employee Teleworking Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Introduction... 2 2. Teleworking Risks... 3 3. Safeguards for College
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Improved Security Required for DHS Networks (Redacted) Notice: The Department of Homeland Security, Office of Inspector General, has redacted
More information1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.
Employee Security Awareness Survey Trenton Bond trent.bond@gmail.com Admin - Version 1.3 Security Awareness One of the most significant security risks that organizations and corporations face today is
More informationENISA s ten security awareness good practices July 09
July 09 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the European
More informationCourse: Information Security Management in e-governance
Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security
More informationThis chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How
This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How Network Security Is Breached Network Security Policy
More informationAberdeenGroup. The Importance of Database Vulnerability Assessments. Business Value Research Series. September 2005
e AberdeenGroup The Importance of Database Vulnerability Assessments Business Value Research Series September 2005 Executive Summary Why a Vulnerability Assessment is Important A mid all the gains of the
More informationRoger s Cyber Security and Compliance Mini-Guide
Roger s Cyber Security and Compliance Mini-Guide A Mini Guide for Small and Medium Business and not for profit organisations. By Roger Smith Managed Service Provider and Cyber Security Coach R & I ICT
More informationFundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals
Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure.
More informationIncident Response Plan for PCI-DSS Compliance
Incident Response Plan for PCI-DSS Compliance City of Monroe, Georgia Information Technology Division Finance Department I. Policy The City of Monroe Information Technology Administrator is responsible
More informationPermeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions
Permeo Technologies WHITE PAPER HIPAA Compliancy and Secure Remote Access: Challenges and Solutions 1 Introduction The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has had an
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationRSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief
RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The
More informationThe Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard
The Impact of Wireless LAN Technology on to the PCI Data Security Standard 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs and PCI Retailers today use computers
More informationAB 1149 Compliance: Data Security Best Practices
AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationChapter 6: Fundamental Cloud Security
Chapter 6: Fundamental Cloud Security Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,
More informationMy CEO wants an ipad now what? Mobile Security for the Enterprise
My CEO wants an ipad now what? Mobile Security for the Enterprise Agenda Introductions Emerging Mobile Trends Mobile Risk Landscape Response Framework Closing Thoughts 2 Introductions Amandeep Lamba Manager
More informationCYBERSECURITY: Is Your Business Ready?
CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring
More informationMangesh Sawant. Information Security Risks for Business Professionals Traveling to China
Mangesh Sawant Information Security Risks for Business Professionals Traveling to China Introduction The growth of a globe trotting mobile workforce equipped with laptops and other devices is bringing
More informationIntroduction to Computer Security
Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security
More informationThe Danish Cyber and Information Security Strategy
February 2015 The Danish Cyber and Information Security Strategy 1. Introduction In December 2014 the Government presented a National Cyber and Information Security Strategy containing 27 government initiatives
More informationOutbound Email Security and Content Compliance in Today s Enterprise, 2005
Outbound Email Security and Content Compliance in Today s Enterprise, 2005 Results from a survey by Proofpoint, Inc. fielded by Forrester Consulting on outbound email content issues, May 2005 Proofpoint,
More informationHIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER
HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationTHE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE
THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationTop five strategies for combating modern threats Is anti-virus dead?
Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationWhite Paper. Data Security. The Top Threat Facing Enterprises Today
White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is
More informationCity of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011
City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011 Purpose and Intent The City of Boston recognizes the importance
More informationData Loss Prevention in the Enterprise
Data Loss Prevention in the Enterprise ISYM 525 Information Security Final Paper Written by Keneth R. Rhodes 12-01-09 In today s world data loss happens multiple times a day. Statistics show that there
More informationGetting a Secure Intranet
61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like
More informationBSHSI Security Awareness Training
BSHSI Security Awareness Training Originally developed by the Greater New York Hospital Association Edited by the BSHSI Education Team Modified by HSO Security 7/1/2008 1 What is Security? A requirement
More informationApplying the 80/20 approach for Operational Excellence. How to combat new age threats, optimize investments and increase security.
Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan Agenda Current Threat Landscape The 80/20 Approach Achieving
More informationInternet Safety and Security: Strategies for Building an Internet Safety Wall
Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationSecuring Database Servers. Database security for enterprise information systems and security professionals
Securing Database Servers Database security for enterprise information systems and security professionals Introduction: Database servers are the foundation of virtually every Electronic Business, Financial,
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationNeoscope www.neoscopeit.com 888.810.9077
Your law firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine your practice without IT. Today,
More informationEvolution from FTP to Secure File Transfer
IPSWITCH FILE TRANSFER WHITE PAPER Evolution from FTP to Secure File Transfer www.ipswitchft.com Do you know where your organization s confidential and sensitive files were transferred today? Are you sure
More informationDriving Company Security is Challenging. Centralized Management Makes it Simple.
Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary
More informationHacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking
Hacking Book 1: Attack Phases Chapter 1: Introduction to Ethical Hacking Objectives Understand the importance of information security in today s world Understand the elements of security Identify the phases
More informationAlways Worry About Cyber Security. Always. Track 4 Session 8
Always Worry About Cyber Security. Always. Track 4 Session 8 Mark Stevens SVP, Global Services and Support Digital Guardian MStevens@DigitalGuardian.com 781-902-7818 www.digitalguardian.com 2 Abstract
More informationFileLocker. The Top Five Reasons Legal Professionals Must Adopt Private Cloud File Sharing
Truly Secure Cloud Collaboration The Top Five Reasons Legal Professionals Must Adopt Private Cloud File Sharing Infrascale 0 Phone: +.866.79.78 Web: www.filelocker.com The Top Five Reasons Legal Professionals
More informationWorking Practices for Protecting Electronic Information
Information Security Framework Working Practices for Protecting Electronic Information 1. Purpose The following pages provide more information about the minimum working practices which seek to ensure that
More informationesoft Technical White Paper: Who Needs Firewall Protection?
esoft Technical White Paper: Who Needs Firewall Protection? "Without the protection of a firewall, which serves as a buffer between an organization s internal network and myriad external networks including
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationSECURITY ORGANISATION Security Awareness and the Five Aspects of Security
SECURITY ORGANISATION Security Awareness and the Five Aspects of Security Shift Security simply used to protect information vs. Enabling business initiatives with security Bolt-on/add-on structure to business
More informationHIPAA PRIVACY OVERVIEW
HIPAA PRIVACY OVERVIEW OBJECTIVES At the completion of this course, the learner will be able to: Define the Purpose of HIPAA Define Business Associate Identify Patients Rights Understand the Consequences
More informationYOUR HIPAA RISK ANALYSIS IN FIVE STEPS
Ebook YOUR HIPAA RISK ANALYSIS IN FIVE STEPS A HOW-TO GUIDE FOR YOUR HIPAA RISK ANALYSIS AND MANAGEMENT PLAN 2015 SecurityMetrics YOUR HIPAA RISK ANALYSIS IN FIVE STEPS 1 YOUR HIPAA RISK ANALYSIS IN FIVE
More informationEnterprise Cybersecurity: Building an Effective Defense
: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced
More informationBest practices for protecting network data
Best practices for protecting network data A company s value at risk The biggest risk to network security is underestimating the threat to network security. Recent security breaches have proven that much
More informationThe FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED
The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop
More informationChairman Johnson, Ranking Member Carper, and Members of the committee:
UNITED STATES OFFICE OF PERSONNEL MANAGEMENT STATEMENT OF THE HONORABLE KATHERINE ARCHULETA DIRECTOR U.S. OFFICE OF PERSONNEL MANAGEMENT before the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
More informationCYBERSECURITY POLICY
* CYBERSECURITY POLICY THE CYBERSECURITY POLICY DEFINES THE DUTIES EMPLOYEES AND CONTRACTORS OF CU*ANSWERS MUST FULFILL IN SECURING SENSITIVE INFORMATION. THE CYBERSECURITY POLICY IS PART OF AND INCORPORATED
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationCYBER INFORMATION SECURITY AWARENESS AND PROTECTION PRACTICES. Strengthening Your Community at the Organizational Level
CYBER INFORMATION SECURITY AWARENESS AND PROTECTION PRACTICES Strengthening Your Community at the Organizational Level Las Vegas, Nevada 2012 Security Awareness and Why is it Important? In today s economic
More informationAN INFORMATION GOVERNANCE BEST
SMALL BUSINESS ID THEFT AND FRAUD AN INFORMATION GOVERNANCE BEST PRACTICES GUIDE FOR SMALL BUSINESS IT IS NOT A MATTER OF IF BUT WHEN AN INTRUSION WILL BE ATTEMPTED ON YOUR BUSINESS COMPUTER SYSTEM IN
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More information7 Things All CFOs Should Know About Cyber Security
Insero & Company s Accounting & Finance Education Series Presents 7 Things All CFOs Should Know About Cyber Security September 23, 2014 Michael Montagliano Chief Technologist, IV4. Inc. CERTIFIED PUBLIC
More information