SlideShare une entreprise Scribd logo

IT Security Essentials

Télécharger en tant que PPTX, PDF
Skoda Minotti
Skoda Minotti

This document provides an overview of IT security essentials and data security best practices. It discusses common data security concerns, including access controls, encryption, APIs, auditing and more. Specific frameworks and standards are also reviewed, such as PCI DSS, NIST and ISO. The document outlines steps for conducting a risk assessment and implementing controls. It emphasizes quick wins can be achieved through controls in areas like access management, encryption, patching and monitoring. Overall the document serves to educate about the threat landscape, compliance obligations and how to establish an effective data security program.

Business
1  sur  35
- 1 - WELCOME! IT Security Essentials Linkedin.com/company/skoda-minotti Twitter.com/SkodaMinotti Facebook.com/SkodaMinotti
IT Security Essentials Joseph Compton, CISSP, CISA, QSA Gregory Skoda, Jr., CISA November 9, 2015
- 3 - • Threat landscape • Understanding your risks • Implementing a data security program • Testing your data security program AGENDA
- 4 - DATA BREACHES
- 5 - DATA BREACHES
- 6 - DATA BREACHES
- 7 - DATA BREACHES
- 8 - DATA BREACHES
- 9 - DATA BREACHES
- 10 - DATA BREACHES
- 11 - DATA BREACHES
- 12 - DATA SECURITY CONCERNS  Access Controls (both Physical and Logical)  Data Jurisdiction  Data Backup, Recovery and Destruction (Exit Strategy)  eDiscovery and Legal Hold issues  Audit frequency and responsibilities  Co-mingling of data  Insecure interfaces and APIs (application development)  Insufficient due diligence by cloud provider  Shared technology vulnerabilities (Denial of Service attacks)  Data breach response and forensics  Poor or no encryption of sensitive data  Account or service hijacking  Readiness for cloud services - every cloud service is different, each one must be evaluated individually
- 13 - LEGAL CONCERNS COMPLIANCE  Application ownership can be unclear  Regulatory controls for cloud (HITECT, PCI, GLBA, FERPA, HIPAA)  Data return/destruction at the end of contracts  Lack of SLA’s – slow or no service  Lack of recourse for lost data  Jurisdictional issues (data stored across multiple states or countries)  e-Discovery and legal hold issues (data stored across multiple servers)  Breach notification timeframes and forensics in a shared environment  Client vs. Cloud Provider responsibilities  Subcontracting and third parties
- 14 - Source: Verizon 2015 Data Breach Investigation Report THREAT ACTIONS
- 15 - THREAT ACTIONS Source: Verizon 2015 Data Breach Investigation Report
- 16 - BREACH DISCOVERY Source: Verizon 2015 Data Breach Investigation Report
- 17 - DATA BREACHES • SnapChat – 4.5 million compromised names and phone numbers • Kickstarter – 5.6 million victims • Korean Telecom – One of the year’s largest breaches affected 12 million customers • Heartbleed – First of three open-source vulnerabilities in 2014 • eBay – Database of 145 million customers compromised
- 18 - • PF Chang’s • Energetic Bear – Cyber spying operation targeted the energy industry • Cybervor – 1.2 billion compromised credentials • iCloud – Celebrity accounts hacked • Sandword – Attached a Windows vulnerability • Sony Pictures Entertainment – Highest-profile hack of the year • Inception Framework – Cyber-Espionage attached targeted the public sector DATA BREACHES
- 19 - • 75% say their organizations are as or more vulnerable to malicious code attacks and security breaches compared with a year ago. And in the face of a crushing skills shortage, 40% subsist on no more than 5% of the IT budget. • "Managing the complexity of security" reclaimed the No. 1 spot among 10 challenges facing the respondents to our security survey, all from organizations with 100 or more employees INSIDER THREAT Source: InformationWeek 2014 Strategic Security Survey
- 20 - • 58% see an infected personal device connecting to the corporate network as a top endpoint security concern, making it the No. 1 response, ahead of phishing and lost devices • 56% say cyber-criminals pose the greatest threat to their organizations this year, the top answer, ahead of authorized users and employees at 49% • 23% have experienced a security breach or espionage in the past year INSIDER THREAT Source: InformationWeek 2014 Strategic Security Survey
- 21 - Source: SpectorSoft Insider Threat Survey Report INSIDER THREAT SURVEY 53% of enterprise respondents have discovered that employees use company-issued devices to send company information to personal email and cloud-based file-sharing accounts such as Yahoo! or Gmail and cloud-based file sharing accounts such as Box, DropBox or Hightail (419 enterprise respondents) 23% of end-user employee respondents reported that they transfer corporate information using Box, DropBox or Hightail (200 end-user employee respondents)
- 22 - INSIDER THREAT SURVEY Source: SpectorSoft Insider Threat Survey Report 33% of end-user employee respondents reported that they transfer corporate information via personal Yahoo! and Gmail accounts (200 end-user employee respondents) 49% of enterprise respondents have discovered that employees are copying corporate data to USB flash storage devices (419 enterprise respondents)
- 23 - MANAGER ISSUES CURRENT RISK • 55% of risk managers feel they have not dedicated enough resources to combat the evolution of hacking techniques • 76% of risk managers feel the biggest risk of cloud technology is the loss of confidentiality of information Source: The Hartford Steam Boiler Inspection and Insurance Company (HSB) Cyber Risk Survey
- 24 - SMALL BUSINESSES THREATS TO Small businesses can be forced to close down due to a data breach Four common company weak points: 1. Intrusion detection software 2. Encryption of private data 3. Patch management 4. Vendor mismanagement Source: PropertyCasualty360.com
- 25 - WHERE DO I START?
- 26 - COMPLIANCE LIFE CYCLE
- 27 - RISK ASSESSMENT
- 28 - RISK ASSESSMENT Understand organizational risks Key risk prioritization Identify high risk areas • Gain an understanding of the high risk areas and underlying rationales by conducting interviews with members of Senior Management, Legal and your Trust Advisors • Identify key risks based on the threats and vulnerabilities relevant to the organization and ranked these items based upon on their overall impact (environment, system and technical analysis) and expected likelihood of occurrence. • Identified the top risks to the Company based on inherent risk ranking. Threat Categories A B C D E External attack 2 3 Internal misuse and abuse 6 2 Theft 2 System malfunction 2 1 Service interruption 1 5 Customer 4 Information Risk Ratings: A-Verify High, B-High, C-Medium, D-Low, E-Very Low
- 29 - CONTROL FRAMEWORKS • CSA Star – Cloud Security Alliance • COBIT – Control Objectives for Information and Related Technology • FEDRAMP – Federal Risk and Authorization Management Program • FISMA – Federal Information Security Management Act • HIPAA – Health Insurance Portability and Accountability Act • ISO – International Organization for Standardization • ITIL – Information Technology Infrastructure Library • PCI DSS – Payment Card Industry Data Security Standard • NIST – National Institute of Standards and Technology • SOC 2 (AT 101) – Service Organization Control Reports
- 30 - SECURITY STANDARDS PCI DATA Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software or programs 6. Develop and maintain secure systems and applications
- 31 - SECURITY STANDARDS PCI DATA Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need to know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel
- 32 - VALIDATE Independent auditor assessments and attestations • Review of policies and administrative procedures • Inspection of configurations and settings • Testing of manual procedures • Observation of control activities
- 33 - Security Testing • Vulnerability Assessments Internal and external testing • Internal and external penetration testing Network penetration testing Web application testing Social engineering VALIDATE
- 34 - WHAT CAN I DO FIRST? • 40% of the controls determined to be most effective against data breaches fall into the “Quick Win” Category Source: Verizon 2015 Data Breach Investigation Report
- 35 - CONTACT Joe Compton, CISSP, CISA, QSA (440) 605-7252 jcompton@skodaminotti.com Greg Skoda, Jr., CISA (440) 605-7176 gskodajr@skodaminotti.com

Recommandé

ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security ChallengesJorge Sebastiao
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in HealthcareQuick Heal Technologies Ltd.
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015Security Innovation
 

Recommandé

ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Top 10 Security Challenges
Top 10 Security ChallengesTop 10 Security Challenges
Top 10 Security ChallengesJorge Sebastiao
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsNowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network InsightsIBM Security
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryWilliam McBorrough
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in HealthcareQuick Heal Technologies Ltd.
 
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
 
The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015The Future of Cybersecurity - October 2015
The Future of Cybersecurity - October 2015Security Innovation
 
See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyGovernment Technology and Services Coalition
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
 
Using Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital RiskUsing Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital RiskSurfWatch Labs
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security RiskMurray Security Services
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Phil Agcaoili
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust DesignationMurray Security Services
 
Cyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetCyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetRichardus Indrajit
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionIBM Security
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Joseph White MPA CPM
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central BanksCommunity Protection Forum
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsEnterprise Management Associates
 
Is it time to remove IT from the boardroom agenda?
Is it time to remove IT from the boardroom agenda?Is it time to remove IT from the boardroom agenda?
Is it time to remove IT from the boardroom agenda?VMwareUK
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 

Contenu connexe

Tendances

See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsIBM Security
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
 
Using Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital RiskUsing Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital RiskSurfWatch Labs
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Phil Agcaoili
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Cyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetCyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetRichardus Indrajit
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionIBM Security
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Joseph White MPA CPM
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsEnterprise Management Associates
 

Tendances (20)

See How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile MetricsSee How You Measure Up With MaaS360 Mobile Metrics
See How You Measure Up With MaaS360 Mobile Metrics
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Key Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence IndexKey Findings from the 2015 IBM Cyber Security Intelligence Index
Key Findings from the 2015 IBM Cyber Security Intelligence Index
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
 
Final presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit planFinal presentation january iia cybersecurity securing your 2016 audit plan
Final presentation january iia cybersecurity securing your 2016 audit plan
 
Using Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital RiskUsing Threat Intelligence to Address Your Growing Digital Risk
Using Threat Intelligence to Address Your Growing Digital Risk
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
 
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
Cyber Six: Managing Security in Internet
Cyber Six: Managing Security in InternetCyber Six: Managing Security in Internet
Cyber Six: Managing Security in Internet
 
Top 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS SolutionTop 5 Things to Look for in an IPS Solution
Top 5 Things to Look for in an IPS Solution
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
 
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
Ncma saguaro cyber security 2016 law & regulations asis phoenix dely fina...
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
How to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-ToolsHow to Reduce the Attack Surface Created by Your Cyber-Tools
How to Reduce the Attack Surface Created by Your Cyber-Tools
 

En vedette

Is it time to remove IT from the boardroom agenda?
Is it time to remove IT from the boardroom agenda?Is it time to remove IT from the boardroom agenda?
Is it time to remove IT from the boardroom agenda?VMwareUK
 
Information Security Lesson 3 - Basics - Eric Vanderburg
Information Security Lesson 3 - Basics - Eric VanderburgInformation Security Lesson 3 - Basics - Eric Vanderburg
Information Security Lesson 3 - Basics - Eric VanderburgEric Vanderburg
 
Affordable Care Act Update
Affordable Care Act UpdateAffordable Care Act Update
Affordable Care Act UpdateSkoda Minotti
 
12 More Great Ideas
12 More Great Ideas 12 More Great Ideas
12 More Great Ideas Skoda Minotti
 
Ohio Municipal Reform Update
Ohio Municipal Reform UpdateOhio Municipal Reform Update
Ohio Municipal Reform UpdateSkoda Minotti
 
12 (More) Great Ideas
12 (More) Great Ideas 12 (More) Great Ideas
12 (More) Great Ideas Skoda Minotti
 
Preparing for the ACA
Preparing for the ACAPreparing for the ACA
Preparing for the ACASkoda Minotti
 
7 Tips to Help Uncover Hidden Blog Content in Your CPA Firm
7 Tips to Help Uncover Hidden Blog Content in Your CPA Firm7 Tips to Help Uncover Hidden Blog Content in Your CPA Firm
7 Tips to Help Uncover Hidden Blog Content in Your CPA FirmSkoda Minotti
 
Income Tax Refund Fraud
Income Tax Refund FraudIncome Tax Refund Fraud
Income Tax Refund FraudSkoda Minotti
 
Post-Election: What You Need to Know for Tax Planning
Post-Election: What You Need to Know for Tax PlanningPost-Election: What You Need to Know for Tax Planning
Post-Election: What You Need to Know for Tax PlanningSkoda Minotti
 
State and Local Tax Issues Facing the Real Estate and Construction Industry
State and Local Tax Issues Facing the Real Estate and Construction IndustryState and Local Tax Issues Facing the Real Estate and Construction Industry
State and Local Tax Issues Facing the Real Estate and Construction IndustrySkoda Minotti
 
Valuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell AgreementsValuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell AgreementsSkoda Minotti
 
Common 401(k) Plan Operational Deficiencies
Common 401(k) Plan Operational DeficienciesCommon 401(k) Plan Operational Deficiencies
Common 401(k) Plan Operational DeficienciesSkoda Minotti
 
Forensic Autopsies: Inside Real-Life Fraud Investigations
Forensic Autopsies: Inside Real-Life Fraud InvestigationsForensic Autopsies: Inside Real-Life Fraud Investigations
Forensic Autopsies: Inside Real-Life Fraud InvestigationsSkoda Minotti
 
Accounting Standards Update
Accounting Standards Update Accounting Standards Update
Accounting Standards Update Skoda Minotti
 
International Tax and Transfer Pricing Topics
International Tax and Transfer Pricing TopicsInternational Tax and Transfer Pricing Topics
International Tax and Transfer Pricing TopicsSkoda Minotti
 
Developing Your Business Through Internal Controls
Developing Your Business Through Internal ControlsDeveloping Your Business Through Internal Controls
Developing Your Business Through Internal ControlsSkoda Minotti
 

En vedette (18)

Is it time to remove IT from the boardroom agenda?
Is it time to remove IT from the boardroom agenda?Is it time to remove IT from the boardroom agenda?
Is it time to remove IT from the boardroom agenda?
 
Information security
Information securityInformation security
Information security
 
Information Security Lesson 3 - Basics - Eric Vanderburg
Information Security Lesson 3 - Basics - Eric VanderburgInformation Security Lesson 3 - Basics - Eric Vanderburg
Information Security Lesson 3 - Basics - Eric Vanderburg
 
Affordable Care Act Update
Affordable Care Act UpdateAffordable Care Act Update
Affordable Care Act Update
 
12 More Great Ideas
12 More Great Ideas 12 More Great Ideas
12 More Great Ideas
 
Ohio Municipal Reform Update
Ohio Municipal Reform UpdateOhio Municipal Reform Update
Ohio Municipal Reform Update
 
12 (More) Great Ideas
12 (More) Great Ideas 12 (More) Great Ideas
12 (More) Great Ideas
 
Preparing for the ACA
Preparing for the ACAPreparing for the ACA
Preparing for the ACA
 
7 Tips to Help Uncover Hidden Blog Content in Your CPA Firm
7 Tips to Help Uncover Hidden Blog Content in Your CPA Firm7 Tips to Help Uncover Hidden Blog Content in Your CPA Firm
7 Tips to Help Uncover Hidden Blog Content in Your CPA Firm
 
Income Tax Refund Fraud
Income Tax Refund FraudIncome Tax Refund Fraud
Income Tax Refund Fraud
 
Post-Election: What You Need to Know for Tax Planning
Post-Election: What You Need to Know for Tax PlanningPost-Election: What You Need to Know for Tax Planning
Post-Election: What You Need to Know for Tax Planning
 
State and Local Tax Issues Facing the Real Estate and Construction Industry
State and Local Tax Issues Facing the Real Estate and Construction IndustryState and Local Tax Issues Facing the Real Estate and Construction Industry
State and Local Tax Issues Facing the Real Estate and Construction Industry
 
Valuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell AgreementsValuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell Agreements
 
Common 401(k) Plan Operational Deficiencies
Common 401(k) Plan Operational DeficienciesCommon 401(k) Plan Operational Deficiencies
Common 401(k) Plan Operational Deficiencies
 
Forensic Autopsies: Inside Real-Life Fraud Investigations
Forensic Autopsies: Inside Real-Life Fraud InvestigationsForensic Autopsies: Inside Real-Life Fraud Investigations
Forensic Autopsies: Inside Real-Life Fraud Investigations
 
Accounting Standards Update
Accounting Standards Update Accounting Standards Update
Accounting Standards Update
 
International Tax and Transfer Pricing Topics
International Tax and Transfer Pricing TopicsInternational Tax and Transfer Pricing Topics
International Tax and Transfer Pricing Topics
 
Developing Your Business Through Internal Controls
Developing Your Business Through Internal ControlsDeveloping Your Business Through Internal Controls
Developing Your Business Through Internal Controls
 

Similaire à IT Security Essentials

Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack SurvivalSkoda Minotti
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldiMIS
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShowAdam Heller
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsSolarWinds
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in ManufacturingCentraComm
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar PresentationCertrec
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkPrecisely
 

Similaire à IT Security Essentials (20)

Cyber Attack Survival
Cyber Attack SurvivalCyber Attack Survival
Cyber Attack Survival
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
CIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile WorldCIO Summit: Data Security in a Mobile World
CIO Summit: Data Security in a Mobile World
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Fortify technology
Fortify technologyFortify technology
Fortify technology
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
 
Cyber Security in Manufacturing
Cyber Security in ManufacturingCyber Security in Manufacturing
Cyber Security in Manufacturing
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Power Plants Security Webinar Presentation
Power Plants Security Webinar PresentationPower Plants Security Webinar Presentation
Power Plants Security Webinar Presentation
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloud
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 

Plus de Skoda Minotti

Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020Skoda Minotti
 
Elevate 2019: Business Leader Slides
Elevate 2019: Business Leader SlidesElevate 2019: Business Leader Slides
Elevate 2019: Business Leader SlidesSkoda Minotti
 
Elevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional SlidesElevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional SlidesSkoda Minotti
 
Smart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv SessionSmart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv SessionSkoda Minotti
 
Navigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of CryptocurrenciesNavigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of CryptocurrenciesSkoda Minotti
 
Performance and Rewards
Performance and RewardsPerformance and Rewards
Performance and RewardsSkoda Minotti
 
Non-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private CompaniesNon-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private CompaniesSkoda Minotti
 
ABC Presents: Interviewing Skills
ABC Presents: Interviewing SkillsABC Presents: Interviewing Skills
ABC Presents: Interviewing SkillsSkoda Minotti
 
Valuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell AgreementsValuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell AgreementsSkoda Minotti
 
ABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top TalentABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top TalentSkoda Minotti
 
State and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and AcquisitionsState and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and AcquisitionsSkoda Minotti
 
Future-Proofing Your Business with Technology
Future-Proofing Your Business with TechnologyFuture-Proofing Your Business with Technology
Future-Proofing Your Business with TechnologySkoda Minotti
 
Manufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re HeadedManufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re HeadedSkoda Minotti
 
Recruiting and Retaining Top Talent
Recruiting and Retaining Top TalentRecruiting and Retaining Top Talent
Recruiting and Retaining Top TalentSkoda Minotti
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsSkoda Minotti
 
Understanding Medicare
Understanding MedicareUnderstanding Medicare
Understanding MedicareSkoda Minotti
 
Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019Skoda Minotti
 
Business Valuation Basics
Business Valuation BasicsBusiness Valuation Basics
Business Valuation BasicsSkoda Minotti
 
The Importance of State and Local Tax Nexus
The Importance of State and Local Tax NexusThe Importance of State and Local Tax Nexus
The Importance of State and Local Tax NexusSkoda Minotti
 

Plus de Skoda Minotti (20)

Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020
 
Elevate 2019: Business Leader Slides
Elevate 2019: Business Leader SlidesElevate 2019: Business Leader Slides
Elevate 2019: Business Leader Slides
 
Elevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional SlidesElevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional Slides
 
Smart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv SessionSmart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv Session
 
Managing Risk
Managing RiskManaging Risk
Managing Risk
 
Navigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of CryptocurrenciesNavigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of Cryptocurrencies
 
Performance and Rewards
Performance and RewardsPerformance and Rewards
Performance and Rewards
 
Non-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private CompaniesNon-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private Companies
 
ABC Presents: Interviewing Skills
ABC Presents: Interviewing SkillsABC Presents: Interviewing Skills
ABC Presents: Interviewing Skills
 
Valuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell AgreementsValuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell Agreements
 
ABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top TalentABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top Talent
 
State and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and AcquisitionsState and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
 
Future-Proofing Your Business with Technology
Future-Proofing Your Business with TechnologyFuture-Proofing Your Business with Technology
Future-Proofing Your Business with Technology
 
Manufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re HeadedManufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
 
Recruiting and Retaining Top Talent
Recruiting and Retaining Top TalentRecruiting and Retaining Top Talent
Recruiting and Retaining Top Talent
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
 
Understanding Medicare
Understanding MedicareUnderstanding Medicare
Understanding Medicare
 
Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019
 
Business Valuation Basics
Business Valuation BasicsBusiness Valuation Basics
Business Valuation Basics
 
The Importance of State and Local Tax Nexus
The Importance of State and Local Tax NexusThe Importance of State and Local Tax Nexus
The Importance of State and Local Tax Nexus
 

Dernier

Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfOnline Income Engine
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessAggregage
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in managementchhavia330
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 

Dernier (20)

Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdf
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for SuccessSales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in management
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 

IT Security Essentials

  • 1. - 1 - WELCOME! IT Security Essentials Linkedin.com/company/skoda-minotti Twitter.com/SkodaMinotti Facebook.com/SkodaMinotti
  • 2. IT Security Essentials Joseph Compton, CISSP, CISA, QSA Gregory Skoda, Jr., CISA November 9, 2015
  • 3. - 3 - • Threat landscape • Understanding your risks • Implementing a data security program • Testing your data security program AGENDA
  • 4. - 4 - DATA BREACHES
  • 5. - 5 - DATA BREACHES
  • 6. - 6 - DATA BREACHES
  • 7. - 7 - DATA BREACHES
  • 8. - 8 - DATA BREACHES
  • 9. - 9 - DATA BREACHES
  • 10. - 10 - DATA BREACHES
  • 11. - 11 - DATA BREACHES
  • 12. - 12 - DATA SECURITY CONCERNS  Access Controls (both Physical and Logical)  Data Jurisdiction  Data Backup, Recovery and Destruction (Exit Strategy)  eDiscovery and Legal Hold issues  Audit frequency and responsibilities  Co-mingling of data  Insecure interfaces and APIs (application development)  Insufficient due diligence by cloud provider  Shared technology vulnerabilities (Denial of Service attacks)  Data breach response and forensics  Poor or no encryption of sensitive data  Account or service hijacking  Readiness for cloud services - every cloud service is different, each one must be evaluated individually
  • 13. - 13 - LEGAL CONCERNS COMPLIANCE  Application ownership can be unclear  Regulatory controls for cloud (HITECT, PCI, GLBA, FERPA, HIPAA)  Data return/destruction at the end of contracts  Lack of SLA’s – slow or no service  Lack of recourse for lost data  Jurisdictional issues (data stored across multiple states or countries)  e-Discovery and legal hold issues (data stored across multiple servers)  Breach notification timeframes and forensics in a shared environment  Client vs. Cloud Provider responsibilities  Subcontracting and third parties
  • 14. - 14 - Source: Verizon 2015 Data Breach Investigation Report THREAT ACTIONS
  • 15. - 15 - THREAT ACTIONS Source: Verizon 2015 Data Breach Investigation Report
  • 16. - 16 - BREACH DISCOVERY Source: Verizon 2015 Data Breach Investigation Report
  • 17. - 17 - DATA BREACHES • SnapChat – 4.5 million compromised names and phone numbers • Kickstarter – 5.6 million victims • Korean Telecom – One of the year’s largest breaches affected 12 million customers • Heartbleed – First of three open-source vulnerabilities in 2014 • eBay – Database of 145 million customers compromised
  • 18. - 18 - • PF Chang’s • Energetic Bear – Cyber spying operation targeted the energy industry • Cybervor – 1.2 billion compromised credentials • iCloud – Celebrity accounts hacked • Sandword – Attached a Windows vulnerability • Sony Pictures Entertainment – Highest-profile hack of the year • Inception Framework – Cyber-Espionage attached targeted the public sector DATA BREACHES
  • 19. - 19 - • 75% say their organizations are as or more vulnerable to malicious code attacks and security breaches compared with a year ago. And in the face of a crushing skills shortage, 40% subsist on no more than 5% of the IT budget. • "Managing the complexity of security" reclaimed the No. 1 spot among 10 challenges facing the respondents to our security survey, all from organizations with 100 or more employees INSIDER THREAT Source: InformationWeek 2014 Strategic Security Survey
  • 20. - 20 - • 58% see an infected personal device connecting to the corporate network as a top endpoint security concern, making it the No. 1 response, ahead of phishing and lost devices • 56% say cyber-criminals pose the greatest threat to their organizations this year, the top answer, ahead of authorized users and employees at 49% • 23% have experienced a security breach or espionage in the past year INSIDER THREAT Source: InformationWeek 2014 Strategic Security Survey
  • 21. - 21 - Source: SpectorSoft Insider Threat Survey Report INSIDER THREAT SURVEY 53% of enterprise respondents have discovered that employees use company-issued devices to send company information to personal email and cloud-based file-sharing accounts such as Yahoo! or Gmail and cloud-based file sharing accounts such as Box, DropBox or Hightail (419 enterprise respondents) 23% of end-user employee respondents reported that they transfer corporate information using Box, DropBox or Hightail (200 end-user employee respondents)
  • 22. - 22 - INSIDER THREAT SURVEY Source: SpectorSoft Insider Threat Survey Report 33% of end-user employee respondents reported that they transfer corporate information via personal Yahoo! and Gmail accounts (200 end-user employee respondents) 49% of enterprise respondents have discovered that employees are copying corporate data to USB flash storage devices (419 enterprise respondents)
  • 23. - 23 - MANAGER ISSUES CURRENT RISK • 55% of risk managers feel they have not dedicated enough resources to combat the evolution of hacking techniques • 76% of risk managers feel the biggest risk of cloud technology is the loss of confidentiality of information Source: The Hartford Steam Boiler Inspection and Insurance Company (HSB) Cyber Risk Survey
  • 24. - 24 - SMALL BUSINESSES THREATS TO Small businesses can be forced to close down due to a data breach Four common company weak points: 1. Intrusion detection software 2. Encryption of private data 3. Patch management 4. Vendor mismanagement Source: PropertyCasualty360.com
  • 25. - 25 - WHERE DO I START?
  • 26. - 26 - COMPLIANCE LIFE CYCLE
  • 27. - 27 - RISK ASSESSMENT
  • 28. - 28 - RISK ASSESSMENT Understand organizational risks Key risk prioritization Identify high risk areas • Gain an understanding of the high risk areas and underlying rationales by conducting interviews with members of Senior Management, Legal and your Trust Advisors • Identify key risks based on the threats and vulnerabilities relevant to the organization and ranked these items based upon on their overall impact (environment, system and technical analysis) and expected likelihood of occurrence. • Identified the top risks to the Company based on inherent risk ranking. Threat Categories A B C D E External attack 2 3 Internal misuse and abuse 6 2 Theft 2 System malfunction 2 1 Service interruption 1 5 Customer 4 Information Risk Ratings: A-Verify High, B-High, C-Medium, D-Low, E-Very Low
  • 29. - 29 - CONTROL FRAMEWORKS • CSA Star – Cloud Security Alliance • COBIT – Control Objectives for Information and Related Technology • FEDRAMP – Federal Risk and Authorization Management Program • FISMA – Federal Information Security Management Act • HIPAA – Health Insurance Portability and Accountability Act • ISO – International Organization for Standardization • ITIL – Information Technology Infrastructure Library • PCI DSS – Payment Card Industry Data Security Standard • NIST – National Institute of Standards and Technology • SOC 2 (AT 101) – Service Organization Control Reports
  • 30. - 30 - SECURITY STANDARDS PCI DATA Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software or programs 6. Develop and maintain secure systems and applications
  • 31. - 31 - SECURITY STANDARDS PCI DATA Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need to know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel
  • 32. - 32 - VALIDATE Independent auditor assessments and attestations • Review of policies and administrative procedures • Inspection of configurations and settings • Testing of manual procedures • Observation of control activities
  • 33. - 33 - Security Testing • Vulnerability Assessments Internal and external testing • Internal and external penetration testing Network penetration testing Web application testing Social engineering VALIDATE
  • 34. - 34 - WHAT CAN I DO FIRST? • 40% of the controls determined to be most effective against data breaches fall into the “Quick Win” Category Source: Verizon 2015 Data Breach Investigation Report
  • 35. - 35 - CONTACT Joe Compton, CISSP, CISA, QSA (440) 605-7252 jcompton@skodaminotti.com Greg Skoda, Jr., CISA (440) 605-7176 gskodajr@skodaminotti.com

Notes de l'éditeur

  1. Thank you for coming out
  2. [With the mass proliferation of technology and the Internet of Things, this should be no surprise and will not be trending downward any time soon.]
  3. [This is reason number one to implement a REAL BYOD program.] [The big breaches reported this year all involved outsiders taking advantage of insiders. I’d really recommend company’s reconsider what technology employees actually need as opposed to want for starters.] [Additional data suggests that only about 33% of all breaches are even reported to law enforcement. It’s safe to assume that of all entities out there, 67% are unaware, negligent, incompetent and or willful; take your pick!]
  4. 53% of 419 enterprise respondents report employees using Dropbox, Google Drive, or some other file sharing scheme 23% of 200 end user respondents report the same What does all this mean? Ask audience for their thoughts.
  5. 49% report employees using USB flash storage Out of 200 end-user employee respondents 33% transfer corporate data using personal email accounts i.e.