SlideShare une entreprise Scribd logo

Cyber security and the mainframe (v1.3)

Rui Miguel Feio
Rui Miguel Feio

In a digital age of cloud computing and mobile systems; where cyber security, cyber crime and cyber war are part of the day-to-day vocabulary, how secure is the mainframe? Is it safe to assume that the mainframe is secure by default? Can we ignore the fact that the mainframe is just another platform in the great scheme of things? How vital is the mainframe and the data that it stores for you and your company?

Technologie
1  sur  36
Télécharger pour lire hors ligne
Cyber  Security  and  the   Mainframe   Rui  Miguel  Feio   RSM  Partners     Date  of  presenta<on  (03/11/2015)   Session  <FC>  
Delivering  the  best  in  z  services,  soJware,  hardware  and  training.  Delivering  the  best  in  z  services,  soJware,  hardware  and  training.   World  Class,  Full  Spectrum,  z  Services   Cyber  Security  and  the  Mainframe   Rui  Miguel  Feio   Security  Lead  
Agenda     •  Introduc<on   •  Cyber  Crime   •  Recent  APacks   •  The  Mainframe   •  What  to  Do   •  World  Wide  Real-­‐Time  Cyber  APacks   •  References  and  Resources   •  Ques<ons?  
Introduc<on   Rui  Miguel  Feio  is…   –  Security  lead  at  RSM  Partners   –  Mainframe  technician  specialising  in  mainframe  security   –  Has  been  working  with  mainframes  for  the  past  16  years   –  Started  as  an  MVS  Systems  Programmer   –  Experience  in  other  plaorms  as  well  
Cyber  Crime  
Cyber  Crime  –  The  Actors   •  Cyber  Crime  is  any  criminal  act  dealing  with  electronic  devices  and   networks.  Cyber  crime  also  includes  tradi<onal  crimes  conducted   through  the  Internet.     •  The  typical  actors  of  cyber  crime  ac<vi<es:   –  Hackers   –  Organised  Criminal  Gangs   –  Hack<vists   –  Terrorists   –  Na<on-­‐States   –  Internal  Threats  
2015  Cost  of  Cyber  Crime  Study   •  Ponemon  Ins<tute  report  sponsored  by  HP  Enterprise  published  in   October  2015:   –  “2015  Cost  of  Cyber  Crime  Study:  Global”   •  Global  study  at  a  glance:   –  252  companies  in  7  countries:   •  United  States,  UK,  Germany,  Australia,  Japan,  Russia  and  Brazil   –  2,128  interviews  with  company  personnel   –  1,928  total  aPacks  used  to  measure  total  cost   –  $7.7  million  USD  is  the  average  annualised  cost   –  1.9%  net  increase  over  the  past  year  
Average  Cost  of  Cyber  Crime  2015   **  Cost  in  millions  of  US  Dollars   Although  we  see  a  cost  decrease   in  some  of  the  countries,  this  is   due  to  exchange  rate  differences   over  the  past  year  resul<ng  from   a  strong  USD.     Adjus<ng  for  exchange  rate   differences  we  actually  see  a  net   increase  in  all  countries.  
Average  Cost  by  Industry  2015   *  Cost  in  millions  of   US  dollars    
Types  of  Cyber  APacks  in  2015  
Cyber  Crime  Cost  by  APack  2015  
Report  Summary  Highlights   •  Cyber  crime  con<nues  to  be  on  the  rise  for  organisa<ons:   –  Cost  ranges  $310  K  -­‐  $65  million  with  an  average  of  $7.7  million   •  The  most  costly  cyber  crimes  are  those  caused  by  malicious   insiders,  denial  of  services  (DoS)  and  web-­‐based  aPacks.   •  Cyber  aPacks  can  get  costly  if  not  resolved  quickly   –  The  mean  number  of  days  to  resolve  is  46  with  an  average  cost  of  $21,155  per   day   –  Total  cost  of  $973,130  over  the  46  day  remedia<on  period  
Report  Summary  Highlights   •  Business  disrup<on  represents  39%  of  total  external  costs,  followed   by  the  costs  associated  with  informa<on  loss.   •  Deployment  of  security  intelligence  systems  (SIEM)  represents  an   average  cost  savings  of  $1.9  million  
Recent  APacks  
Recent  APacks   *  Informa>on  is  Beau>ful  (hAp://www.informa>onisbeau>ful.net/visualiza>ons/worlds-­‐biggest-­‐data-­‐breaches-­‐hacks/)  
The  Mainframe  
  “If  you  give  an  hacker  a  new  toy,   the  first  thing  he'll  do  is  take  it   apart  to  figure  out  how  it  works.”   Jamie  Zawinski  
How  Secure  is  the  Mainframe?   •  “The  mainframe  is  the  most  secured  plaorm  there  is!”   •  “No  one  Hacks  the  mainframe!”   •  “Only  mainframers  know  how  a  mainframe  works!”   •  “You  would  need  to  work  for  the  company  to  be  able  to  do  some   harm  to  the  mainframe,  and  no  one  does  it.”   •  “Hackers  are  not  interested  in  the  mainframe!”  
How  Secure  is  the  Mainframe?   •  “The  mainframe  is  the  most  secured  plaorm  there  is!”   –  It’s  definitely  highly  securable  but  that  requires  work  and  focus   •  “No  one  Hacks  the  mainframe!”   –  There  are  several  documented  cases  of  mainframes  being  hacked   •  “Only  mainframers  know  how  a  mainframe  works!”   –  Mainframe  documenta>on  is  available  for  free  on  the  internet?!   •  “You  would  need  to  work  for  the  company  to  be  able  to  do  some   harm  to  the  mainframe,  and  no  one  does  it.”   –  Given  the  opportunity  any  employee  may  take  advantage  (and  they  have!)   •  “Hackers  are  not  interested  in  the  mainframe!”   –  Oh  boy,  you  are  coming  for  a  surprise!!  
“There  are  regular  ac>ons  that  an  aAacker  takes   because  they  are  aAackers.  They  don’t  know  your   network  the  way  you  do.  They  don’t  know  which   accounts  have  greater  access.  They  don’t  know  which   file  servers  contain  more  data.  They  have  to  discover   it  all.”   ScoP  Kennedy,  Cloudshield  blog  
A  Typical  Company   Mainframe   “Shared”  Servers   Servers   Service  Providers   Customers   Company  Servers   Unaccounted     Servers   Decommissioned   Servers  
“Shared”  Servers  –  Candy  Shops   •  Technical  documenta<on   •  Processes  &  Procedures   •  Instruc<ons   •  Training  material   •  Contacts   •  Departments/teams  structure   •  Confiden<al  documenta<on   •  Team  backups   •  Personal  backups…  
Personal  Backups…   •  Technical  notes     •  Technical  documents   •  Confiden<al  informa<on   •  Personal  informa<on   •  Contacts   •  Passwords   •  Email  account  backups   •  Pics  of  girls  in  bikini!!  
  “The  hacker  is  going  to  look  for   the  crack  in  the  wall…”     Kevin  Mitnick  in  “The  Art  of  Intrusion”  
What  to  Do?  
How  to  Prevent?   •  Security  must  be  seen  as  a  whole   •  Company  needs  to  work  as  One   •  Review  en<re  technological  estate   •  Review  processes  /  procedures   •  Educate  employees  and  externals   •  Get  external  expert  help  and  support   •  Keep  updated  and  up-­‐to-­‐date   •  Repeat  all  these  steps  on  a  regular  basis   •  OR  You  can  get  Chuck  and  his  seal  of  approval  
For  those  of  you  who  are  going  senile…  
Contact  Chuck  via  Gmail  
World  Wide     Real-­‐Time  Cyber  APacks    
*  NORSE  IPViking  (hAp://map.ipviking.com/)   Cyber  APacks  –  Norse  IPViking  
Cyber  APacks  –  Blitzortung   *  Blitzortung  (hAp://www.blitzortung.org/Webpages/index.php?lang=en)  
References  &  Resources  
References  &  Resources   •  “2015  Cost  of  Cyber  Crime  Study:  Global”,  Ponemon  Ins<tute   •  “The  Art  of  Intrusion”,  Kevin  Mitnick  -­‐  John  Wiley  &  Sons  (2005)   •  “Future  Crimes”,  Marc  Goodman  -­‐  Bantam  Press  (2015)   •  “How  to  Think  Like  a  Cyber  APacker”,  ScoP  Kennedy  –  Cloudshield  blog   •  Ponemon  Ins<tute:  www.ponemon.org   •  Informa<on  is  Beau<ful:  www.informa<onisbeau<ful.net   •  NORSE  –  IPViking:  map.ipviking.com   •  Blitzortung:  www.blitzortung.org/Webpages/index.php?lang=en   •  Jamie  Zawinski:  en.wikipedia.org/wiki/Jamie_Zawinski   •  Kevin  Mitnick:  en.wikipedia.org/wiki/Kevin_Mitnick  
Ques<ons?     Ask  now  or  forever  be  quiet!!  
Rui  Miguel  Feio,  RSM  Partners     ruif@rsmpartners.com   mobile:  +44  (0)  7570  911459   linkedin:  www.linkedin.com/in/rfeio   www.rsmpartners.com   Contact  
Session feedback – Do it online at conferences.gse.org.uk/2015/feedback/nn Session feedback •  Please submit your feedback at http://conferences.gse.org.uk/2015/feedback/FC •  Session is <FC> This is the last slide in the deck 36

Recommandé

Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Rui Miguel Feio
 
How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)Rui Miguel Feio
 
Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Rui Miguel Feio
 
Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)Rui Miguel Feio
 
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.22017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2Rui Miguel Feio
 
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2Rui Miguel Feio
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)Rui Miguel Feio
 
(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)Rui Miguel Feio
 

Recommandé

Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)
Share 2015 - 5 Myths that can put your Mainframe at risk (v1.3)Rui Miguel Feio
 
How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)Rui Miguel Feio
 
Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Mainframe Security - It's not just about your ESM v2.2
Mainframe Security - It's not just about your ESM v2.2Rui Miguel Feio
 
Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)Security Audit on the Mainframe (v1.0 - 2016)
Security Audit on the Mainframe (v1.0 - 2016)Rui Miguel Feio
 
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.22017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2Rui Miguel Feio
 
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2Rui Miguel Feio
 
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)Rui Miguel Feio
 
(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)(2017) Cybercrime, Inc. (v3.2)
(2017) Cybercrime, Inc. (v3.2)Rui Miguel Feio
 
Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Rui Miguel Feio
 
2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)Rui Miguel Feio
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)Rui Miguel Feio
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Rightpvanwoud
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_designNCC Group
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
Common WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemCommon WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemEoin Woods
 
Data Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetData Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetFlaskdata.io
 
Qualys user group presentation - vulnerability management - November 2009 v1 3
Qualys user group presentation - vulnerability management - November 2009 v1 3Qualys user group presentation - vulnerability management - November 2009 v1 3
Qualys user group presentation - vulnerability management - November 2009 v1 3Tom King
 
12 Simple Cybersecurity Rules For Your Small Business
12 Simple Cybersecurity Rules For Your Small Business 12 Simple Cybersecurity Rules For Your Small Business
12 Simple Cybersecurity Rules For Your Small Business NSUGSCIS
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017Etienne Liebetrau
 
7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations7 Habits of Highly Secure Organizations
7 Habits of Highly Secure OrganizationsHelpSystems
 
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...Sreejesh Madonandy
 
BITZ BOOTCAMP DC: Expo Showcase - U2Cloud
BITZ BOOTCAMP DC: Expo Showcase - U2CloudBITZ BOOTCAMP DC: Expo Showcase - U2Cloud
BITZ BOOTCAMP DC: Expo Showcase - U2CloudLocalogy
 
The Cloud Security Landscape
The Cloud Security LandscapeThe Cloud Security Landscape
The Cloud Security LandscapePeter Wood
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class TenFRSecure
 
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554TISA
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
Fortify technology
Fortify technologyFortify technology
Fortify technologyImad Nom de famille
 

Contenu connexe

Tendances

Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Rui Miguel Feio
 
2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)Rui Miguel Feio
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)Rui Miguel Feio
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Rightpvanwoud
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_designNCC Group
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
Common WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemCommon WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemEoin Woods
 
Data Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetData Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetFlaskdata.io
 
Qualys user group presentation - vulnerability management - November 2009 v1 3
Qualys user group presentation - vulnerability management - November 2009 v1 3Qualys user group presentation - vulnerability management - November 2009 v1 3
Qualys user group presentation - vulnerability management - November 2009 v1 3Tom King
 
12 Simple Cybersecurity Rules For Your Small Business
12 Simple Cybersecurity Rules For Your Small Business 12 Simple Cybersecurity Rules For Your Small Business
12 Simple Cybersecurity Rules For Your Small Business NSUGSCIS
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations7 Habits of Highly Secure Organizations
7 Habits of Highly Secure OrganizationsHelpSystems
 
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...Sreejesh Madonandy
 
BITZ BOOTCAMP DC: Expo Showcase - U2Cloud
BITZ BOOTCAMP DC: Expo Showcase - U2CloudBITZ BOOTCAMP DC: Expo Showcase - U2Cloud
BITZ BOOTCAMP DC: Expo Showcase - U2CloudLocalogy
 
The Cloud Security Landscape
The Cloud Security LandscapeThe Cloud Security Landscape
The Cloud Security LandscapePeter Wood
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class TenFRSecure
 
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554TISA
 

Tendances (20)

Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)Network and Endpoint Security v1.0 (2017)
Network and Endpoint Security v1.0 (2017)
 
2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)2017 - Data Privacy and GDPR (v1.1)
2017 - Data Privacy and GDPR (v1.1)
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)How to Improve RACF Performance (v0.2 - 2016)
How to Improve RACF Performance (v0.2 - 2016)
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
Application Security Done Right
Application Security Done RightApplication Security Done Right
Application Security Done Right
 
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
2012 06-19 --ncc_group_-_iet_seminar_-_mobile_apps_and_secure_by_design
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2
 
Common WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About ThemCommon WebApp Vulnerabilities and What to Do About Them
Common WebApp Vulnerabilities and What to Do About Them
 
Data Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetData Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budget
 
Qualys user group presentation - vulnerability management - November 2009 v1 3
Qualys user group presentation - vulnerability management - November 2009 v1 3Qualys user group presentation - vulnerability management - November 2009 v1 3
Qualys user group presentation - vulnerability management - November 2009 v1 3
 
12 Simple Cybersecurity Rules For Your Small Business
12 Simple Cybersecurity Rules For Your Small Business 12 Simple Cybersecurity Rules For Your Small Business
12 Simple Cybersecurity Rules For Your Small Business
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
Security challenges in 2017
Security challenges in 2017Security challenges in 2017
Security challenges in 2017
 
7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations7 Habits of Highly Secure Organizations
7 Habits of Highly Secure Organizations
 
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
 
BITZ BOOTCAMP DC: Expo Showcase - U2Cloud
BITZ BOOTCAMP DC: Expo Showcase - U2CloudBITZ BOOTCAMP DC: Expo Showcase - U2Cloud
BITZ BOOTCAMP DC: Expo Showcase - U2Cloud
 
The Cloud Security Landscape
The Cloud Security LandscapeThe Cloud Security Landscape
The Cloud Security Landscape
 
2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten2019 FRSecure CISSP Mentor Program: Class Ten
2019 FRSecure CISSP Mentor Program: Class Ten
 
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554Top 5 myths of it security in the light of current events tisa pro talk 4 2554
Top 5 myths of it security in the light of current events tisa pro talk 4 2554
 

Similaire à Cyber security and the mainframe (v1.3)

Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...SaraPia5
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessJoAnna Cheshire
 
Learnings from 7 Years of Integrating Mission-Critical IBM Z® and IBM i with ...
Learnings from 7 Years of Integrating Mission-Critical IBM Z® and IBM i with ...Learnings from 7 Years of Integrating Mission-Critical IBM Z® and IBM i with ...
Learnings from 7 Years of Integrating Mission-Critical IBM Z® and IBM i with ...Precisely
 
Protecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyProtecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyShawn Tuma
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Wen-Pai Lu
 
Security in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of SoftwareSecurity in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of SoftwareMichael Coates
 
Ransomware: The Impact is Real
Ransomware: The Impact is RealRansomware: The Impact is Real
Ransomware: The Impact is RealNICSA
 
Testing Is How You Avoid Looking Stupid
Testing Is How You Avoid Looking StupidTesting Is How You Avoid Looking Stupid
Testing Is How You Avoid Looking StupidSteve Branam
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
Understanding Technology Stakeholders
Understanding Technology StakeholdersUnderstanding Technology Stakeholders
Understanding Technology StakeholdersJohn Gilligan
 
Understanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and ChallengesUnderstanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and ChallengesJohn Gilligan
 
Cyber Security: Past and Future
Cyber Security: Past and FutureCyber Security: Past and Future
Cyber Security: Past and FutureJohn Gilligan
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_finalPacSecJP
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022PECB
 
Cyber Security: Past and Future
Cyber Security: Past and FutureCyber Security: Past and Future
Cyber Security: Past and FutureJohn Gilligan
 

Similaire à Cyber security and the mainframe (v1.3) (20)

Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
 
Fortify technology
Fortify technologyFortify technology
Fortify technology
 
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
TIC-TOC: Disrupt the Threat Management Conversation with Dominique Singer and...
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
 
Learnings from 7 Years of Integrating Mission-Critical IBM Z® and IBM i with ...
Learnings from 7 Years of Integrating Mission-Critical IBM Z® and IBM i with ...Learnings from 7 Years of Integrating Mission-Critical IBM Z® and IBM i with ...
Learnings from 7 Years of Integrating Mission-Critical IBM Z® and IBM i with ...
 
Protecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyProtecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software Technology
 
Cloud security
Cloud securityCloud security
Cloud security
 
Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2Browser isolation (isc)2 may presentation v2
Browser isolation (isc)2 may presentation v2
 
Security in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of SoftwareSecurity in an Interconnected and Complex World of Software
Security in an Interconnected and Complex World of Software
 
Ransomware: The Impact is Real
Ransomware: The Impact is RealRansomware: The Impact is Real
Ransomware: The Impact is Real
 
Testing Is How You Avoid Looking Stupid
Testing Is How You Avoid Looking StupidTesting Is How You Avoid Looking Stupid
Testing Is How You Avoid Looking Stupid
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
Understanding Technology Stakeholders
Understanding Technology StakeholdersUnderstanding Technology Stakeholders
Understanding Technology Stakeholders
 
Understanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and ChallengesUnderstanding Technology Stakeholders: Their Progress and Challenges
Understanding Technology Stakeholders: Their Progress and Challenges
 
Cyber Security: Past and Future
Cyber Security: Past and FutureCyber Security: Past and Future
Cyber Security: Past and Future
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_final
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
 
Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022Ethical Hacking and Cybersecurity – Key Trends in 2022
Ethical Hacking and Cybersecurity – Key Trends in 2022
 
CRI Cyber Board Briefing
CRI Cyber Board Briefing CRI Cyber Board Briefing
CRI Cyber Board Briefing
 
Cyber Security: Past and Future
Cyber Security: Past and FutureCyber Security: Past and Future
Cyber Security: Past and Future
 

Plus de Rui Miguel Feio

RACF - The Basics (v1.2)
RACF - The Basics (v1.2)RACF - The Basics (v1.2)
RACF - The Basics (v1.2)Rui Miguel Feio
 
2017 - Ciberseguranca v1.0 (versao em Portugues)
2017 - Ciberseguranca v1.0 (versao em Portugues)2017 - Ciberseguranca v1.0 (versao em Portugues)
2017 - Ciberseguranca v1.0 (versao em Portugues)Rui Miguel Feio
 
2017 - Cibersecurity v1.0 (English version)
2017 - Cibersecurity v1.0 (English version)2017 - Cibersecurity v1.0 (English version)
2017 - Cibersecurity v1.0 (English version)Rui Miguel Feio
 
Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)Rui Miguel Feio
 
Cyber Crime - The New World Order (v1.0 - 2016)
Cyber Crime - The New World Order (v1.0 - 2016)Cyber Crime - The New World Order (v1.0 - 2016)
Cyber Crime - The New World Order (v1.0 - 2016)Rui Miguel Feio
 
Challenges of Outsourcing the Mainframe (v1.2)
Challenges of Outsourcing the Mainframe (v1.2)Challenges of Outsourcing the Mainframe (v1.2)
Challenges of Outsourcing the Mainframe (v1.2)Rui Miguel Feio
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)Rui Miguel Feio
 
The Billion Dollar Product - Online Privacy (v2.2)
The Billion Dollar Product - Online Privacy (v2.2)The Billion Dollar Product - Online Privacy (v2.2)
The Billion Dollar Product - Online Privacy (v2.2)Rui Miguel Feio
 
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Rui Miguel Feio
 

Plus de Rui Miguel Feio (10)

RACF - The Basics (v1.2)
RACF - The Basics (v1.2)RACF - The Basics (v1.2)
RACF - The Basics (v1.2)
 
2017 - Ciberseguranca v1.0 (versao em Portugues)
2017 - Ciberseguranca v1.0 (versao em Portugues)2017 - Ciberseguranca v1.0 (versao em Portugues)
2017 - Ciberseguranca v1.0 (versao em Portugues)
 
2017 - Cibersecurity v1.0 (English version)
2017 - Cibersecurity v1.0 (English version)2017 - Cibersecurity v1.0 (English version)
2017 - Cibersecurity v1.0 (English version)
 
Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)Tackling the cyber security threat (2016 - v1.0)
Tackling the cyber security threat (2016 - v1.0)
 
Cyber Crime - The New World Order (v1.0 - 2016)
Cyber Crime - The New World Order (v1.0 - 2016)Cyber Crime - The New World Order (v1.0 - 2016)
Cyber Crime - The New World Order (v1.0 - 2016)
 
Cybercrime Inc. v2.2
Cybercrime Inc. v2.2Cybercrime Inc. v2.2
Cybercrime Inc. v2.2
 
Challenges of Outsourcing the Mainframe (v1.2)
Challenges of Outsourcing the Mainframe (v1.2)Challenges of Outsourcing the Mainframe (v1.2)
Challenges of Outsourcing the Mainframe (v1.2)
 
IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)IOT & BYOD – The New Security Risks (v1.1)
IOT & BYOD – The New Security Risks (v1.1)
 
The Billion Dollar Product - Online Privacy (v2.2)
The Billion Dollar Product - Online Privacy (v2.2)The Billion Dollar Product - Online Privacy (v2.2)
The Billion Dollar Product - Online Privacy (v2.2)
 
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
 

Dernier

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Dernier (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

Cyber security and the mainframe (v1.3)

  • 1. Cyber  Security  and  the   Mainframe   Rui  Miguel  Feio   RSM  Partners     Date  of  presenta<on  (03/11/2015)   Session  <FC>  
  • 2. Delivering  the  best  in  z  services,  soJware,  hardware  and  training.  Delivering  the  best  in  z  services,  soJware,  hardware  and  training.   World  Class,  Full  Spectrum,  z  Services   Cyber  Security  and  the  Mainframe   Rui  Miguel  Feio   Security  Lead  
  • 3. Agenda     •  Introduc<on   •  Cyber  Crime   •  Recent  APacks   •  The  Mainframe   •  What  to  Do   •  World  Wide  Real-­‐Time  Cyber  APacks   •  References  and  Resources   •  Ques<ons?  
  • 4. Introduc<on   Rui  Miguel  Feio  is…   –  Security  lead  at  RSM  Partners   –  Mainframe  technician  specialising  in  mainframe  security   –  Has  been  working  with  mainframes  for  the  past  16  years   –  Started  as  an  MVS  Systems  Programmer   –  Experience  in  other  plaorms  as  well  
  • 6. Cyber  Crime  –  The  Actors   •  Cyber  Crime  is  any  criminal  act  dealing  with  electronic  devices  and   networks.  Cyber  crime  also  includes  tradi<onal  crimes  conducted   through  the  Internet.     •  The  typical  actors  of  cyber  crime  ac<vi<es:   –  Hackers   –  Organised  Criminal  Gangs   –  Hack<vists   –  Terrorists   –  Na<on-­‐States   –  Internal  Threats  
  • 7. 2015  Cost  of  Cyber  Crime  Study   •  Ponemon  Ins<tute  report  sponsored  by  HP  Enterprise  published  in   October  2015:   –  “2015  Cost  of  Cyber  Crime  Study:  Global”   •  Global  study  at  a  glance:   –  252  companies  in  7  countries:   •  United  States,  UK,  Germany,  Australia,  Japan,  Russia  and  Brazil   –  2,128  interviews  with  company  personnel   –  1,928  total  aPacks  used  to  measure  total  cost   –  $7.7  million  USD  is  the  average  annualised  cost   –  1.9%  net  increase  over  the  past  year  
  • 8. Average  Cost  of  Cyber  Crime  2015   **  Cost  in  millions  of  US  Dollars   Although  we  see  a  cost  decrease   in  some  of  the  countries,  this  is   due  to  exchange  rate  differences   over  the  past  year  resul<ng  from   a  strong  USD.     Adjus<ng  for  exchange  rate   differences  we  actually  see  a  net   increase  in  all  countries.  
  • 9. Average  Cost  by  Industry  2015   *  Cost  in  millions  of   US  dollars    
  • 10. Types  of  Cyber  APacks  in  2015  
  • 11. Cyber  Crime  Cost  by  APack  2015  
  • 12. Report  Summary  Highlights   •  Cyber  crime  con<nues  to  be  on  the  rise  for  organisa<ons:   –  Cost  ranges  $310  K  -­‐  $65  million  with  an  average  of  $7.7  million   •  The  most  costly  cyber  crimes  are  those  caused  by  malicious   insiders,  denial  of  services  (DoS)  and  web-­‐based  aPacks.   •  Cyber  aPacks  can  get  costly  if  not  resolved  quickly   –  The  mean  number  of  days  to  resolve  is  46  with  an  average  cost  of  $21,155  per   day   –  Total  cost  of  $973,130  over  the  46  day  remedia<on  period  
  • 13. Report  Summary  Highlights   •  Business  disrup<on  represents  39%  of  total  external  costs,  followed   by  the  costs  associated  with  informa<on  loss.   •  Deployment  of  security  intelligence  systems  (SIEM)  represents  an   average  cost  savings  of  $1.9  million  
  • 15. Recent  APacks   *  Informa>on  is  Beau>ful  (hAp://www.informa>onisbeau>ful.net/visualiza>ons/worlds-­‐biggest-­‐data-­‐breaches-­‐hacks/)  
  • 17.   “If  you  give  an  hacker  a  new  toy,   the  first  thing  he'll  do  is  take  it   apart  to  figure  out  how  it  works.”   Jamie  Zawinski  
  • 18. How  Secure  is  the  Mainframe?   •  “The  mainframe  is  the  most  secured  plaorm  there  is!”   •  “No  one  Hacks  the  mainframe!”   •  “Only  mainframers  know  how  a  mainframe  works!”   •  “You  would  need  to  work  for  the  company  to  be  able  to  do  some   harm  to  the  mainframe,  and  no  one  does  it.”   •  “Hackers  are  not  interested  in  the  mainframe!”  
  • 19. How  Secure  is  the  Mainframe?   •  “The  mainframe  is  the  most  secured  plaorm  there  is!”   –  It’s  definitely  highly  securable  but  that  requires  work  and  focus   •  “No  one  Hacks  the  mainframe!”   –  There  are  several  documented  cases  of  mainframes  being  hacked   •  “Only  mainframers  know  how  a  mainframe  works!”   –  Mainframe  documenta>on  is  available  for  free  on  the  internet?!   •  “You  would  need  to  work  for  the  company  to  be  able  to  do  some   harm  to  the  mainframe,  and  no  one  does  it.”   –  Given  the  opportunity  any  employee  may  take  advantage  (and  they  have!)   •  “Hackers  are  not  interested  in  the  mainframe!”   –  Oh  boy,  you  are  coming  for  a  surprise!!  
  • 20. “There  are  regular  ac>ons  that  an  aAacker  takes   because  they  are  aAackers.  They  don’t  know  your   network  the  way  you  do.  They  don’t  know  which   accounts  have  greater  access.  They  don’t  know  which   file  servers  contain  more  data.  They  have  to  discover   it  all.”   ScoP  Kennedy,  Cloudshield  blog  
  • 21. A  Typical  Company   Mainframe   “Shared”  Servers   Servers   Service  Providers   Customers   Company  Servers   Unaccounted     Servers   Decommissioned   Servers  
  • 22. “Shared”  Servers  –  Candy  Shops   •  Technical  documenta<on   •  Processes  &  Procedures   •  Instruc<ons   •  Training  material   •  Contacts   •  Departments/teams  structure   •  Confiden<al  documenta<on   •  Team  backups   •  Personal  backups…  
  • 23. Personal  Backups…   •  Technical  notes     •  Technical  documents   •  Confiden<al  informa<on   •  Personal  informa<on   •  Contacts   •  Passwords   •  Email  account  backups   •  Pics  of  girls  in  bikini!!  
  • 24.   “The  hacker  is  going  to  look  for   the  crack  in  the  wall…”     Kevin  Mitnick  in  “The  Art  of  Intrusion”  
  • 26. How  to  Prevent?   •  Security  must  be  seen  as  a  whole   •  Company  needs  to  work  as  One   •  Review  en<re  technological  estate   •  Review  processes  /  procedures   •  Educate  employees  and  externals   •  Get  external  expert  help  and  support   •  Keep  updated  and  up-­‐to-­‐date   •  Repeat  all  these  steps  on  a  regular  basis   •  OR  You  can  get  Chuck  and  his  seal  of  approval  
  • 27. For  those  of  you  who  are  going  senile…  
  • 28. Contact  Chuck  via  Gmail  
  • 29. World  Wide     Real-­‐Time  Cyber  APacks    
  • 30. *  NORSE  IPViking  (hAp://map.ipviking.com/)   Cyber  APacks  –  Norse  IPViking  
  • 31. Cyber  APacks  –  Blitzortung   *  Blitzortung  (hAp://www.blitzortung.org/Webpages/index.php?lang=en)  
  • 33. References  &  Resources   •  “2015  Cost  of  Cyber  Crime  Study:  Global”,  Ponemon  Ins<tute   •  “The  Art  of  Intrusion”,  Kevin  Mitnick  -­‐  John  Wiley  &  Sons  (2005)   •  “Future  Crimes”,  Marc  Goodman  -­‐  Bantam  Press  (2015)   •  “How  to  Think  Like  a  Cyber  APacker”,  ScoP  Kennedy  –  Cloudshield  blog   •  Ponemon  Ins<tute:  www.ponemon.org   •  Informa<on  is  Beau<ful:  www.informa<onisbeau<ful.net   •  NORSE  –  IPViking:  map.ipviking.com   •  Blitzortung:  www.blitzortung.org/Webpages/index.php?lang=en   •  Jamie  Zawinski:  en.wikipedia.org/wiki/Jamie_Zawinski   •  Kevin  Mitnick:  en.wikipedia.org/wiki/Kevin_Mitnick  
  • 34. Ques<ons?     Ask  now  or  forever  be  quiet!!  
  • 35. Rui  Miguel  Feio,  RSM  Partners     ruif@rsmpartners.com   mobile:  +44  (0)  7570  911459   linkedin:  www.linkedin.com/in/rfeio   www.rsmpartners.com   Contact  
  • 36. Session feedback – Do it online at conferences.gse.org.uk/2015/feedback/nn Session feedback •  Please submit your feedback at http://conferences.gse.org.uk/2015/feedback/FC •  Session is <FC> This is the last slide in the deck 36