Cyber Risk: An Executive Business Perspective
|
|
- Gwen Wheeler
- 8 years ago
- Views:
Transcription
1 13th Annual Privacy and Security Conference Keeping Pace with the Digital Revolution Cyber Risk: An Executive Business Perspective Risk issues, impact on companies and infrastructures February 2011 Risk Management Willie (William) Wong Enterprise Services, IBM Security, Business Continuity/Resiliency & Integrated Communication Services, Canada
2 Agenda Objectives What is IT Risk The Risk landscape Technologies Risk Examples Social Media/Business Mobile Platforms Cloud Top IT Business Risk issues and Pains facing management Simple Risk Strategies/Actions 2 Risk Management
3 Objectives Help organizations to: 1. Understand emerging and latest technologies 2. Understand the associated risk issues 3. Understand how to reduce and manage the risks from a business perspective 3 Risk Management
4 What is IT Risk? Key Concepts 1. Confidentiality of Data (Data Privacy) 2. Integrity of Data 3. Availability of Data 4 Risk Management
5 There are four key business issues driving the significant corporate growth in security investments DATA EXPLOSION Big Data is driving compliance to be a significant challenge, as few customers know where all sensitive data is, let alone who is looking at it. CONSUMERIZATION OF IT The advent of Enterprise 2.0 and social business are enabling significant new business risks to emerge EVERYTHING IS EVERYWHERE New innovative platforms including cloud, virtualization and more are driving even greater challenges in complexity and cost. ATTACK SOPHISTICATION Attacks are now focused on the business itself vs. the IT infrastructure. making security a top concern, from the boardroom down 5 Risk Management
6 Targeted attacks are increasing 2011 Sampling of Security Breaches by Attack Type, Time and Impact Attack Type SQL Injection Bethesda Software URL Tampering Spear Phishing Fox News X-Factor Northrop Grumman IMF Italy PM Site 3 rd Party SW DDoS Citigroup Spanish Nat. Police Sega Secure ID Unknown Epsilon Sony PBS Gmail Accounts PBS SOCA Booz Allen Hamilton Vanguard Defense Size of circle estimates relative impact of breach HB Gary RSA L3 Communications Sony BMG Greece Lockheed Martin Malaysian Gov. Site Peru Special Police Nintendo Brazil Gov. Turkish Government AZ Police Monsanto SK Communications Korea Feb US Senate NATO Mar April May June July Aug IBM Security X-Force 2011 Midyear Trend and Risk Report September Risk Management
7 Evolving challenges: Internal, External & Compliance Regulators Board of Directors / Audit Committee CIO & Team Theft of Client Records Hactavists Business imperatives: Continuity of operations Intellectual Property Theft Theft of State Secrets Protect sensitive client data Protect valuable IP Protect critical infrastructure Protect the Brand Insider Fraud Enable new Business & Technology Models Comply with policy and regulations Contain cost Physical takeover of critical infrastructure 7 Risk Management
8 2010 IBM Global Risk Study- Emerging technology risks Out of five technologies evaluated, social networking, mobile platforms and cloud computing present the highest risk concern Social networking tools Mobile platforms. Cloud computing 15% 21% 19% 24% 27% 35% 42% 54% 64% We are concerned about being able to safely control the flow of data to/from employee mobile devices and safely storing it. Manufacturing, North America Virtualization Service-oriented architecture 26% 31% 25% 34% 43% 42% We are already looking at cloud computing and haven't yet perfected security on our own local networks. Healthcare, North America Extremely risky/risky Somewhat risky Moderately/not at all risky Sources: Q17 (How big a risk are the following technologies and tools to your company?) 8 Risk Management
9 Social Networking Risks 1. Leveraging SPAM, Malware and Phishing using Social Networks as delivery vehicles like Facebook, Linkedin, Twitter etc. are on the rise. 2. Increased source of data leakage. EG. Intellectual capital, used for Advance Persistent Threat (APT), customer information, scandals, Privacy issues etc. 3. Companies struggle to manage Social Media Altimeter Group - 2Q Risk Management
10 Using Social Media engineering for criminal activity Home Robbery and Hacking a company! Following example demonstrates a real life information gathering phase using Social Media tools. Due to sensitivity and to avoid legal issues, a mock scenario, using information gathered, has been created to demonstrate potential impact to a target. Objectives of this example: 1. Short Term Goal Commit a personal robbery 2. Long Term Goal Hack a company using a employee s access 3. Avoid Prosecution - by setting up the employee to take the fall. 10 Risk Management
11 Using Social Media engineering for criminal activity 1. Acquire a target and gather basic personal information Robert is Senior IT Administrator for a Financial Institution (access to userid/passwords), which makes him a Advanced Persistent Threat (APT) target Lives in Richmond Hill, rare spelling of his last name He has 800+ Facebook connections and minimal privacy settings He has over 500 pictures posted in various places (nice layout of his house-alarm) Owns a expensive watch collection, provides his Cell number, house number etc Posts information when he is away on weekends and holidays. Assume he uses a wireless Router Assume he has remote access to company IT assets 11 Risk Management
12 Using Social Media engineering for criminal activity 2. Gather target location information Using 411.ca, we found only 5 last names matching Robert s in Richmond Hill. We are lucky because Robert s home address is listed in 411.ca. Knowing his house number helped data filtering. In addition to his Cell number we now have his home number as well. WHO NEEDS 411? Private Webpages: We also checked some pictures taken with his smartphone which provided GPS co-ordinates just to confirm his home location. Also on Facebook, we didn t see any dogs or surveillance cameras in the home from the 500+ photos he posted for all to see (Always good to know). 12 Risk Management
13 Using Social Media engineering for criminal activity 3. Get a visual of target location and hack the wireless The Google Map Street View feature makes casing a target location relatively easy. Pictures like this yield much information such as thick bushes, houses are far apart, easy access to the backyard. We do some War Driving at Robert s house where we first hack his wireless to gain access to his network to install a recent sniffer to capture his work information. He made his network name his Last Name(easy to find) He used his home phone number for a 11 digit wireless encryption key NOTE: Hacking tool sets can be obtained free or can be bought for as little as $10 or depending on complexity, features etc. 13 Risk Management
14 Using Social Media engineering for criminal activity 1. Home Robbery - RECAP He has a home alarm system (7 minute rule of in and out) Monitor the Facebook page to see when he is away on vacation. The other advantages we have from Social Media networks are: We assume he lives alone except on weekends where his girlfriend sleeps over (From facebook). We know the location of the watches in the house(wall Unit) We know they are stored in red lockbox We can call his home and cell number to check where he is 2. Hacking Robert s Company through Robert - RECAP Once we gain access to Robert s wireless network we install a recently released sniffer or trojan malware to capture key strokes and other information We use this information to gain access to Robert s place of employment Post investigation will point to Robert as the culprit initially 14 Risk Management
15 What can happen after the initial company system breach? Dependent on Attacker s Motivation Basically Anything! Map out the corporate network, data storage, etc Target Senior Executives and other key stakeholders Cyber Extortion Locate Points of Failure and TAKE THEM OUT! Just for fun Etc.. There are MANY USES ONCE WE GET THE DATA.. 15 Risk Management
16 Take away thought. Is your organization s security posture positioned to address this type of breach? 16 Risk Management
17 Mobile Platforms 1. Global smartphone shipments reached more than 302 million Increase of 75% over the number of units shipped in Gartner: by 2014, 90% of organizations will support corporate applications on personal devices. 3. Expect significant increase in malware for smart devices! 17 Risk Management
18 Common Enterprise Mobile Security Issues Many mobile device platforms some have immature security functionality. Mix of business and personal information on the same device Balance between non-ownership of the devices and control on the devices Mobile devices are prone to loss and theft No effective process to certify and provision mobile applications Mobile devices are always on and connected, so are more vulnerable to network attacks. Malware threats are becoming more prevalent Risk Awareness for users is often overlooked. Users only know what they know. 18 Risk Management
19 Mobility Risk: Specific Android example 1.Android Tablet 2.FREE Bluetooth Program Transfers files from Tablet to PC via Bluetooth 3.Asking for a lot of permissions 19 Risk Management
20 Take away thought. Has your organization effectively accessed the risks in the Mobility/BYOD Strategy? * Sources: IBM X-Force Report Mar 2011 and others 20 Risk Management
21 Cloud Computing 1. Cloud technology is the natural evolution of computing. Where software, data access, and storage services do not require end-user knowledge of the physical location and configuration of the system that delivers the services. Analogy: Users on a electrical grid. 2. Security and Availability issues are seen as the #1 inhibitors to leveraging Cloud technologies 3. Cost savings and innovation will be key drivers for leveraging Cloud computing 21 Risk Management
22 Cloud Computing in a nutshell Image from Microsoft Clip Art Traditional Computing = Physical Separation 22 Risk Management
23 Cloud Computing in a nutshell Image from Microsoft Clip Art Virtualization = Shared Building 23 Risk Management
24 Cloud Computing in a nutshell Image from Microsoft Clip Art 24 Risk Management Cloud Computing = Shared public infrastructure
25 Functionality Versus Risk Versus Costs Traditional to Cloud computing IT Risk and Network implications 1. Traditional Computing Physical Separation EG. House Control of services, dataflow and platform Network is manageable Business Continuity measures effective Risk perceived as low 2. Virtualization 3. Cloud Shared Infrastructure EG. Condo Control of services and dataflow Network is manageable Business Continuity measures effective Risk perceived as Low to Medium Shared public Infrastructure EG. Motel/Hotel Limited control of services and dataflow Network Management is limited Security & Business Continuity reliant on provider Risk perceived as High 25 Risk Management
26 Take away thought. Does your organization understand the risks associated with Cloud solutions? * Sources: IBM X-Force Report Mar 2011 and others 26 Risk Management
27 Top IT business Risk issues and Pains facing management 1. Availability of systems and data- Move to Resiliency 2. Meeting compliance standards 3. Protecting critical company and customer data 1. What is the value of my data? 2. Where is my data going? 3. Who is doing what with my data? 4. Reducing costs while maintaining or improving current risk levels 5. Reduce complexity, optimize the network 6. Developing effective long term risk solutions 7. Getting buyin from the Organization 27 Risk Management
28 Manual Automated The Enterprise Risk Journey Basic Organizations employ perimeter protection/disaster recovery, which regulates access and feeds manual reporting Reactive Proactive Optimized Organizations use predictive and automated security analytics to drive toward security intelligence. Focus on Business Resiliency Proficient Security/Business Continuity is layered into the IT fabric and business operations 28 Risk Management
29 Simple strategies to optimize security & resiliency programs 1. Redefine and Simplify Risk and Risk Management Understand where you are, where you need to be Determine if a base, proficient, or optimized model is needed to support the business 2. Understand your Total Infrastructure Framework Take Inventory of current security and resiliency assets and practices Look for ways to take better advantage of what you already have in place today Know where you need to go and how you plan to get there 3. Engage a Global Risk Partner with a business focus A Partner that has experts, solutions and assets Leverages their innovation, integration and global expertise Has broader portfolios IE. Security, Resiliency & Compliance Functionality Versus Risk Versus Costs 29 Risk Management
30 Look for Broader portfolios, expertise, solutions and assets! Proven Risk Framework approaches/methodology Risk approach considers both Security, Resiliency & Compliance perspectives Research Division and large investments in Security patents Security services and products Business Continuity and Resiliency solutions Managed Services capabilities Integrated Mobility and Cloud solutions Technology Agnostic (ability to work with multiple partners) Ability to draw on Local and Global expertise, solutions and assets Project managers, Consultants, IT Architects, IT Specialist, Security Operation Centres, etc. Ability to go beyond risk needs if required (EG. Mobile Device Management) Security Products/Solutions Security Services Business Resiliency Services Application/Web Security Identity and Access Management Security Compliance Manager Real Time Database security Test Data Masking Intrusion Detection/Prevention Message Protection Virtual Server Protection Key Life Cycle Management Security Policy Manager Endpoint Security Manager Etc 30 Risk Management Security and Risk Assessments (Including Penetration Testing, Network, PCI, Cloud etc..) Managed Security Services Data Protection Services Security Architecture Design Compliance Application Security Access Governance, Certificate Mgmt Mobility Security Cloud Security Agnostic Disaster recovery and business continuity planning Business Impact Analysis IT recovery sites (public or private) Managed Backup Cloud Virtual Server Recovery Recovery support services Data and server replication Agnostic
31 Simple strategies to optimize security, resiliency & network programs Stakeholder buy in! It s business. Develop a strategy. 31 Risk Management
32 Getting Buyin - C-suite priorities* WHO should be concerned with WHAT CEO CFO/COO CIO CHRO CMO CxO priority Maintain competitive differentiation Comply with regulations Expand use of mobile devices Enable global labor flexibility Enhance the brand Security risks Misappropriation of intellectual property Misappropriation of business sensitive data Failure to address regulatory requirements Data proliferation Unsecured endpoints and inappropriate access Release of sensitive data Careless insider behavior Stolen personal information from customers or employees Potential impact Loss of market share and reputation Legal exposure Audit failure Fines and criminal charges Financial loss Loss of data confidentiality, integrity and/or availability Violation of employee privacy Loss of customer trust Loss of brand reputation Increasingly, companies are appointing CROs and CISOs with a direct line to the Audit Committee *Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series 32 Risk Management
33 Approach CEO CFO COO CHRO CMO Stakeholders BUY IT services/solutions from the CIO CIO Clearly define the Strategy supporting the Business Objectives Clearly state how the solution components support the strategy Focus on Common Benefits that apply to as many C-Level Peers as possible Identify issues, implications, what you need from them. Ask for input! Always identify actions/timelines/owners A well prepared business case will yield better results 33 Risk Management
34 About Wireless Network Routers for home the average user Security/Management BONUS 1. WEP, WPA, WPA2 Wireless Encryption Feature, relatively easy to use 2. Create a strong Password to login/disable Remote Management 3. Parent Control/Policy Support/Scheduling 4. Guest Networking/Website filtering/blocking 5. Media Access Control Address Filtering (Access via MAC Address) 6. RADIUS Authentication (Dial In, seldom used but ) 7. NAT(hide addresses using 1 IP) and SPI(Detect Traffic patterns) Firewall 8. Syslog/Logs - Read the Manual on how to configure your Router Log files to capture/save/ transactions IE. login attempts 9. Spot Check your Network Access status IE. Who is on your network Other Features you may want: a/b/g/n Mbps+ Max throughput (you may want to stream video in the future) 3. Bandwidth 2.4 or 5 Ghz? Dual Band? 4. QoS Quality of Service 5. LAN Ports 4 are standard 6. USB Ports and Shared resources IE. Printing, Storage 34 Risk Management
35 Review Objectives YOU SHOULD: 1. Understand emerging and latest technologies 2. Understand the associated risk issues 3. Understand how to reduce and manage the risks from a business perspective 35 Risk Management
36 Humor for the day. 36 Risk Management
37 Humor for the day. A Pessimist Is An Optimist With Experience 37 Risk Management
38 Thank you! Please fill out and return the feedback forms Willie (William) Wong Market Manager, ENTERPRISE SERVICES IBM Security, Business Continuity/Resiliency(BCRS) & Integrated Communications 3600 Steeles Ave E., Markham, L3R 9Z7, Canada IBM Global Technology Services Phone: Risk Management
39 Appendix 1: Supporting material 39 Risk Management
40 Speaker Introduction Willie Wong Professional Profile NOT TO BE CONFUSED with Willy Wonka as the fictional character in the 1964 Roald Dahl novel Charlie and the Chocolate Factory Willie Wong is currently the IBM Global Technology Services Market Manager for Security Services, Business Continuity & Resiliency Services and Integrated Communications Services (Networking) for IBM Canada. He has over Twenty five years of information technology experience. During this time, he has worked in many domains including Sales and Marketing, Security Consulting, resource deployment, application development, programming, systems analysis, architecture and design, network services, systems management, systems integration, Bulletin Board Service (BBS) and Internet Service Provider (ISP) services and process re-engineering. Willie holds a Government of Canada(GoC) security clearance level of SECRET (Level II). Professional Experience relevant to seminar While in a previous role as a IBM Security Principal, his focus was on assisting organizations, across all industries(financial, Government, Manufacturing, Retail, Distribution, Communications, Utilities etc.), to address their IT security needs (with Security/Privacy/Identity Management solutions) as it was related to their business strategy and goals. His security consulting experience includes a broad range of security areas: Security Program Development; Security Return On Investment(ROI) Workshops; Security product research, business casing and selection; Security Management (including day to day operations, incident management, processes and standards development, documentation); Risk assessment and mitigation of risk; Security Health Checks (based on ISO17799); Security Awareness Management program development and delivery; Information Classification methodology development; Secure Architecture Risk Analysis (SARA) workshops; Enterprise Privacy Classification Development; Security policy, standards and process, development and documentation; Communicating Security issues effectively to Executive management; Host Vulnerability Assessments (Windows and Unix) using various technical tools. Applied to various types of businesses and organizations; Project Managing Security Engagements; and Enterprise Security Architecture. 40 Risk Management
41 Additional Resources New IBM 2011 Global Risk Study New X-Force Report IBM Events website IBM Risk Resources/Solutions: Security and BCRS BCRS - Security - IBM Security Products ibm.com/security/products/?cm_sp=MTE16345 IBM ISS Quarterly Threat Insight Report ibm.com/services/us/iss/xforce/ IBM ICS - Networking/Mobility Resources/Solutions Integrated Communications (ICS) - services/integrated-communications-services.html?cm_re=masthead-_- itservices-_-communications 41 Risk Management
42 Content Contributors Willie Wong, IBM Canada, Market Manager Security, BCRS & ICS(Networks) 2012 Scott C Van Valkenburgh, Market Manager, IBM Security Solutions 2011 David Puzas, IBM US, World Wide Marketing Executive, Enterprise Services 2011 Tom Vasso, IBM Canada, Market Manager, AIS and Mobile Solutions Practice 2011 David M. Smith, IBM Canada, Marketing Executive, GTS, GBS & Industry Solutions 2011 Jay Safer, IBM Canada, Vice President, General Counsel and Secretary 2011 Suzanne Conner, IBM Canada, Territory Marketing Manager, GBE 2011 Ray Evans, IBM Switzerland, Global Penetration Testing, Apps Assessment Manager 2011 Don Singh, FundSERV, Security Analyst 2011 Heather Young, IBM Canada, Product Owner, Integrated Communications Services 2011 Linda Betz, IBM US, Global Chief Information Security Officer 2011 Bobby Singh, Rogers, Chief Information Security Officer 2010 Stewart Cawthray, IBM Canada, Senior IT Security Strategist/Architect 2010 Maureen Rourke, IBM Canada, Web Editor-in-Chief (Canada) 2010 Gary McIntyre, IBM Canada, Senior Security Architect, Project Executive 42 Risk Management
Security Metrics & The Boardroom How does security articulate business value. Rick Miller IBM, Director Managed Security Services
Security Metrics & The Boardroom How does security articulate business value Rick Miller IBM, Director Managed Security Services Session ID: SECT-203 Session Classification: General Interest 2011 The Year
More informationCybercrime: the New Reality of Information Security
Cybercrime: the New Reality of Information Security Christina Peters, Senior Counsel, Security and Privacy IBM Jack Danahy, Director for Advanced Security, IBM Security Systems Thomas X. Grasso, Jr. Supervisory
More informationRisk Management. October 2014. Willie (William) Wong Enterprise Services, IBM Security, Mobility & BCRS (Advisory), IBM Canada. 2012 IBM Corporation
Risk Management Information Technology Risk Cyber Risk: An Executive Business Perspective Thought Leadership Insights, real-world scenarios and risk strategy October 2014 Willie (William) Wong Enterprise
More informationData Security: Fight Insider Threats & Protect Your Sensitive Data
Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand
More informationCYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More informationA HELPING HAND TO PROTECT YOUR REPUTATION
OVERVIEW SECURITY SOLUTIONS A HELPING HAND TO PROTECT YOUR REPUTATION CONTENTS INFORMATION SECURITY MATTERS 01 TAKE NOTE! 02 LAYERS OF PROTECTION 04 ON GUARD WITH OPTUS 05 THREE STEPS TO SECURITY PROTECTION
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationIBM Smarter Cities Cybersecurity Update
IBM Smarter Cities Cybersecurity Update October 2012 Kent Blossom, Vice President, IBM Security Solutions kblossom@us.ibm.com 1 Discussion Topics IBM Security Systems Evolving Client Priorities & Approaches
More informationRETHINKING CYBER SECURITY Changing the Business Conversation
RETHINKING CYBER SECURITY Changing the Business Conversation October 2015 Introduction: Diane Smith Michigan Delegate Higher Education Conference Speaker Board Member 2 1 1. Historical Review Agenda 2.
More informationSecurity strategies to stay off the Børsen front page
Security strategies to stay off the Børsen front page Steve Durkin, Channel Director for Europe, Q1 Labs, an IBM Company 1 2012 IBM Corporation Given the dynamic nature of the challenge, measuring the
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationWHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks
WHITE PAPER The Need for Wireless Intrusion Prevention in Retail Networks The Need for Wireless Intrusion Prevention in Retail Networks Firewalls and VPNs are well-established perimeter security solutions.
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationSECURING YOUR SMALL BUSINESS. Principles of information security and risk management
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationHow To Secure Your Store Data With Fortinet
Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Introduction In the wake of many well-documented data breaches, standards such as the
More informationCompliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:
Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services
More informationIBM Security Systems Trends and IBM Framework
IBM Security Systems Trends and IBM Framework Alex Kioni CISSP, CISM, CEH, ITILv3 Security Systems Lead Technical Consultant Central, East & West Africa Region 1 Agenda IBM X-Force 2013 Mid Year Trend
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationsecurity changes with Orange focus on your business, we focus on your security
security changes with Orange focus on your business, we focus on your security the only constant in security is change New uses and new technologies, proliferation of platforms and new workspaces in a
More informationDeveloping National Frameworks & Engaging the Private Sector
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationEncyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.
Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted. Administrative Awareness Case Study: Government Offices Certification and Accreditation:
More informationCloud and Critical Infrastructures how Cloud services are factored in from a risk perspective
Cloud and Critical Infrastructures how Cloud services are factored in from a risk perspective Reaching the Cloud era in the EU Riga 16 June 2015 Jonathan Sage Government and Regulatory Affairs Cyber Security
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationAhead of the threat with Security Intelligence
Ahead of the threat with Security Intelligence PITB Information Security Conference 2013 Zoaib Nafar Brand Technical Sales Lead 2012 IBM Corporation 1 The world is becoming more digitized and interconnected,
More informationInformation Security It s Everyone s Responsibility
Information Security It s Everyone s Responsibility The University of Texas at Dallas Information Security Office (ISO) Purpose of Training Information generated, used, and/or owned by UTD has value. Because
More informationThrough the Security Looking Glass. Presented by Steve Meek, CISSP
Through the Security Looking Glass Presented by Steve Meek, CISSP Agenda Presentation Goal Quick Survey of audience Security Basics Overview Risk Management Overview Organizational Security Tools Secure
More informationWAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales
WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationCyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention
Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationSecurity Risk Management Strategy in a Mobile and Consumerised World
Security Risk Management Strategy in a Mobile and Consumerised World RYAN RUBIN (Msc, CISSP, CISM, QSA, CHFI) PROTIVITI Session ID: GRC-308 Session Classification: Intermediate AGENDA Current State Key
More informationIBM Security Strategy
IBM Security Strategy Intelligence, Integration and Expertise Kate Scarcella CISSP Security Tiger Team Executive M.S. Information Security IBM Security Systems IBM Security: Delivering intelligence, integration
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationSecuring Smart City Platforms IoT, M2M, Cloud and Big Data
SESSION ID: SSC-W10 Securing Smart City Platforms IoT, M2M, Cloud and Big Data Ibrahim Al Mallouhi Vice President - Operations Emirates Integrated Telecommunication Company (du) Roshan Daluwakgoda Senior
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More informationThis session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.
The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com
More informationJort Kollerie SonicWALL
Jort Kollerie Cloud 85% of businesses said their organizations will use cloud tools moderately to extensively in the next 3 years. 68% of spend in private cloud solutions. - Bain and Dell 3 Confidential
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More information8 Ways to Better Monitor Network Security Threats in the Age of BYOD January 2014
8 Ways to Better Monitor Network Security Threats in the Age of BYOD January 2014 8 Ways to Better Monitor Network Security Threats in the Age of BYOD 2 Unless you operate out of a cave, chances are your
More informationPreparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS
Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS CONTENTS PAGE RECONNAISSANCE STAGE 4 INCURSION STAGE 5 DISCOVERY STAGE 6 CAPTURE STAGE 7 EXFILTRATION STAGE
More informationEnd-user Security Analytics Strengthens Protection with ArcSight
Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationThe Impact of Cybercrime on Business
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
More informationTop Five Ways to Protect Your Network. A MainNerve Whitepaper
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
More informationCyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014
Cyber Security, Fraud and Corporate Account Takeovers LBA Bank Counsel Conference December 2014 Lisa D. Traina, CPA, CITP, CGMA Lisa Traina utilizes her 30+ years of experience as a CPA, CITP and CGMA
More informationEl costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada
El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada The Traditional Approach is Changing. Security is no longer controlled and enforced through the
More informationRE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC
RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure
More informationBest Practices for Outdoor Wireless Security
Best Practices for Outdoor Wireless Security This paper describes security best practices for deploying an outdoor wireless LAN. This is standard body copy, style used is Body. Customers are encouraged
More informationdefending against advanced persistent threats: strategies for a new era of attacks agility made possible
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
More information2012 Bit9 Cyber Security Research Report
2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by
More informationSecurity and Employee Monitoring Security and
Security and Employee Monitoring 2 Security & Employee Monitoring Firewalls and anti- virus solutions are fine for protecting your perimeter, but they won t help if your Employees let your business get
More informationWho Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015
Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders
More informationMarble & MobileIron Mobile App Risk Mitigation
Marble & MobileIron Mobile App Risk Mitigation SOLUTION GUIDE Enterprise users routinely expose their employers data and threaten network security by unknowingly installing malicious mobile apps onto their
More informationBYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager
BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager 1 AGENDA Mobile Explosion Mobile Trends BYOD Benefits, Challenges and Threats BYOD Security BYOD Strategy
More information2012 NCSA / Symantec. National Small Business Study
2012 NCSA / Symantec National Small Business Study National Cyber Security Alliance Symantec JZ Analytics October 2012 Methodology and Sample Characteristics JZ Analytics was commissioned by the National
More informationCyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things
Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations
More informationLeveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs
IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government
More informationCyber security in healthcare
Cyber security in healthcare Julian Meyrick, Vice President IBM Security Services Europe julian_meyrick@uk.ibm.com Healthcare is one of the top 5 industries that continue to offer attackers the most significant
More information2015 VORMETRIC INSIDER THREAT REPORT
Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security RETAIL EDITION #2015InsiderThreat RESEARCH BRIEF RETAIL CUSTOMERS AT RISK ABOUT THIS RESEARCH BRIEF
More informationSimplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls
Simplifying Security & Compliance Innovating IT Managed Services Data Security Threat Landscape and IT General Controls Audit Standards and IT General Controls General IT controls discussed in AUC Section
More informationISS X-Force. IBM Global Services. Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems
IBM Global Services ISS X-Force Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems Internet Security Systems, an IBM Company Security Market Overview Companies face sophisticated
More informationUnified Threat Management, Managed Security, and the Cloud Services Model
Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical
More informationGlasnost or Tyranny? You Can Have Secure and Open Networks!
AT&T is a proud sponsor of StaySafe Online Glasnost or Tyranny? You Can Have Secure and Open Networks! Steven Hurst CISSP Director - AT&T Security Services and Technology AT&T Chief Security Office 2009
More informationPractical Steps To Securing Process Control Networks
Practical Steps To Securing Process Control Networks Villanova University Seminar Rich Mahler Director, Commercial Cyber Solutions Lockheed Martin Lockheed Martin Corporation 2014. All Rights Reserved.
More informationCyber Risk Mitigation via Security Monitoring. Enhanced by Managed Services
Cyber Risk Mitigation via Security Monitoring Enhanced by Managed Services Focus: Up to But Not Including Corporate and 3 rd Party Networks Level 4 Corporate and 3 rd Party/Vendor/Contractor/Maintenance
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationPresented by Evan Sylvester, CISSP
Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information
More information10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group
10 Best Practices to Protect Your Network presented by Saalex Information Technology and Citadel Group Presented by: Michael Flavin and Stan Stahl Saalex Information Technology Overview Saalex Information
More informationInjazat s Managed Services Portfolio
Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.
More informationBest Practices for a BYOD World
Face Today s Threats Head-On: Best Practices for a BYOD World Chris Vernon CISSP, VTSP Security Specialist Agenda Mobile Threats Overview 2013 State of Mobility Survey Canada BYOD Best Practices 2 Mobile
More informationNetwork Security. Intertech Associates, Inc.
Network Security Intertech Associates, Inc. Agenda IT Security - Past to Future Security Vulnerabilities Protecting the Enterprise What do we need in each site? Requirements for a Security Architecture
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationBelmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.
Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.
More informationCYBERSECURITY: ISSUES AND ISACA S RESPONSE
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationWearable Technology Evolution & Security: Grant Brown - Security Strategist Symantec
Wearable Technology Evolution & Security: Grant Brown - Security Strategist Symantec 3.58 KM 12.11 KPH 493 Calories 114 BPM WEARABLE TECH EVOLUTION AND SECURITY GRANT BROWN SECURITY STRATEGIST @thegrantbrown
More informationIBM Australia. Integrated Network Security with IBM Global Technology Services
IBM Australia Integrated Network Security with IBM Global Technology Services Highlights Security must be integrated into every facet of your network Layered defences provide robust security safeguards
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationReadiness Assessments: Vital to Secure Mobility
White Paper Readiness Assessments: Vital to Secure Mobility What You Will Learn Mobile devices have been proven to increase employee productivity and job satisfaction, but can also pose significant threats
More informationOCR LEVEL 3 CAMBRIDGE TECHNICAL
Cambridge TECHNICALS OCR LEVEL 3 CAMBRIDGE TECHNICAL CERTIFICATE/DIPLOMA IN IT NETWORKED SYSTEMS SECURITY J/601/7332 LEVEL 3 UNIT 28 GUIDED LEARNING HOURS: 60 UNIT CREDIT VALUE: 10 NETWORKED SYSTEMS SECURITY
More informationUniversities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence
Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence About ERM About The Speaker Information Security Expert at ERM B.S. Software Engineering and Information Technology
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationSecurity Practices for Online Collaboration and Social Media
Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.
More informationCyber Risk in Healthcare AOHC, 3 June 2015
Cyber Risk in Healthcare AOHC, 3 June 2015 Kopiha Nathan, Senior Healthcare Risk Management and Data Specialist James Penafiel, Underwriting Supervisor, Insurance Operations CFPC Conflict of Interest -
More informationInternal audit of cybersecurity. Presentation to the Atlanta IIA Chapter January 2015
Internal audit of cybersecurity Presentation to the Atlanta IIA Chapter January 2015 Agenda Executive summary Why is this topic important? Cyber attacks: increasing complexity arket insights: What are
More informationWHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION
WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the
More informationPhone: +44 20 8123 2220 Fax: +44 207 900 3970 office@marketpublishers.com https://marketpublishers.com
Cyber Security Market by Solution (IAM, Encryption, DLP, Risk and Compliance Management, IDS/IPS, UTM, Firewall, Antivirus/Antimalware, SIEM, Disaster Recovery, DDOS Mitigation, Web Filtering, and Security
More informationCORE Security and the Payment Card Industry Data Security Standard (PCI DSS)
CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com
More informationPenta Security 3rd Generation Web Application Firewall No Signature Required. www.gasystems.com.au
Penta Security 3rd Generation Web Application Firewall No Signature Required www.gasystems.com.au 1 1 The Web Presence Demand The Web Still Grows INTERNET USERS 2006 1.2B Internet Users - 18% of 6.5B people
More informationSecurity Challenges and Solutions for Higher Education. May 2011
Security Challenges and Solutions for Higher Education May 2011 Discussion Topics Security Threats and Challenges Education Risks and Trends ACH and Wire Fraud Malware and Phishing Techniques Prevention
More informationProfessional Services Overview
Professional Services Overview INFORMATION SECURITY ASSESSMENT AND ADVISORY NETWORK APPLICATION MOBILE CLOUD IOT Praetorian Company Overview HISTORY Founded in 2010 Headquartered in Austin, TX Self-funded
More informationINDUSTRY OVERVIEW: HEALTHCARE
ii IBM MSS INDUSTRY OVERVIEW: HEALTHCARE RESEARCH AND INTELLIGENCE REPORT RELEASE DATE: OCTOBER 7, 2014 BY: JOHN KUHN, SENIOR THREAT RESEARCHER iii TABLE OF CONTENTS EXECUTIVE OVERVIEW/KEY FINDINGS...
More information