SlideShare a Scribd company logo

Nsa spying gem_2013_final

Download as PPTX, PDF
Claus Cramon Houmann
Claus Cramon Houmann

A presentation describing why companies should take the consequences of the global spying & encryption weakening into account when assessing risks

TechnologyBusiness
1 of 15
Banque Öhman The potential consequences of the NSA (and GHCQ) spying on the mobile enterprise And what you can/should do about it Claus Cramon Houmann 2013-11-14
Banque Öhman 2013-11-14 Key take aways: • The known and the ”feared” extents of the NSA spying & others who spy • Spyware exists which can take full control of any mobile device, not to mention laptops • Defend your enterprise with Defense in depth which includes devices outside the perimeter • Make sure you know which data leaves the perimeter • Do your risk assessments and protect against your REAL threats • Consider any data that leaves the perimeter lost 2 Öhman
Banque Öhman Why am I here presenting this? • June 6th • ..and since then • Truth has been coming out • That affects us all 3 Öhman 2013-11-14
Banque Öhman 2013-11-14 Initial releases from Snowden trove • PRISM, XKEYSCORE, other programs that combined SPY on our lives -> and remove much of our privacy & security – Calls being recorded in the US – private AND corporate – Metadata for all calls and Internet in the US – -> this alone is a quite a risk for companies operating in the US • But THEN started the real revelations that concern any company, worldwide.... 4 Öhman
Banque Öhman 2013-11-14 !Collect everything! • It turns out that the NSA&Partners collect everything (almost) – – – – – Your calls Your metadata Your e-mails Your google searches Your banking transactions – Your social media activity • They are intercepting, analyzing and storing almost all Internet traffic. If they cant decrypt it, it just gets stored longer until they can 5 Öhman
Banque Öhman !Tailored access! • It’s not enough to just collect and store everything • NSA actively hacks states, companies and private individuals • To make this EASIER they have also weakened an unknown amount of cryptographic standards and tools 6 Öhman 2013-11-14
Banque Öhman Red flags – special NSA target areas • • • • • Any bank with a swift code Anyone using encryption Anyone doing anything in the middle east Anything to do with oil or gas (energy) Anyone building security system / Infosec systems 7 Öhman 2013-11-14
Banque Öhman But wait...this doesnt affect my company • Raise your hand if you’re thinking this right now 8 Öhman 2013-11-14
Banque Öhman My guess • Is that around 25% of people present raised their hands • I hope for 0 • If 25% raised their hands, another 25% didnt – only due to normal classroom psychology 9 Öhman 2013-11-14
Banque Öhman 2013-11-14 Why are those raised hands wrong? • Others have the means to exploit cryptographic weaknesses – China, Russia, serious competitors? • The NSA passes information to US Government (and others?), it’s conceivable that information from NSA spying ends up in US corp hands (http://www.zerohedge.com/contributed/2013-10-21/nsabusted-conducting-industrial-espionage-france-mexico-brazilchina-and-all) – This has happened before (echelon anno 2000 in BBC report fx) - Anyone can potentially get at your data! Especially on exposed locations such as mobile devices 10 Öhman
Banque Öhman But then...what can we do? • Risk Management – mitigate the risks to acceptable levels • Defense-in-depth: Defend your data, wherever and whenever appropriate. Follow the booming market for innovative tools – eventually someone will find a way to protect smartphones /tablets acceptably. Laptops already protectable • ENCRYPT. EVERYTHING. NOW. • Manage where your data is. Control that policies are followed. • Awareness training & GRC implementation/improvement 11 Öhman 2013-11-14
Banque Öhman Defense-in-depth. Isnt is simple and beatiful? 12 Öhman 2013-11-14
Banque Öhman 2013-11-14 The future brings.... • European or Global Crypto-standards institute • Advanced malware protection tools (AMP’s), also for phones and tablets • Changes to how NSA spies on US citizens...but how about the rest of us....? • Fortress Europe? Fortress South-america? Fortress Russia? 13 Öhman
Banque Öhman 2013-11-14 About me • Claus Cramon Houmann, 38, married to Tina and I have 3 lovely kids • CISSP, ITIL Certified Expert, Prince2 practitioner • You can contact me anytime: – Skype: Claushj0707 – Twitter: @claushoumann • Sources used: – Richard Stiennon’s presentation: ”How the surveillance state is changing IT security forever” – Tidbits from @mikko’s TEDx presentation recently 14 Öhman
Banque Öhman Questions? 15 Öhman 2013-11-14

Recommended

ADW#21 La Veille à l’heure des médias sociaux
ADW#21 La Veille à l’heure des médias sociauxADW#21 La Veille à l’heure des médias sociaux
ADW#21 La Veille à l’heure des médias sociauxAtlantic 2.0
 
Rapport crédit agricole erep 25012014 final
Rapport crédit agricole erep 25012014 finalRapport crédit agricole erep 25012014 final
Rapport crédit agricole erep 25012014 finalRenaud Bourasset
 
Spotter Presentation 2009 : anticipez les situations sensibles ...
Spotter Presentation 2009 : anticipez les situations sensibles ...Spotter Presentation 2009 : anticipez les situations sensibles ...
Spotter Presentation 2009 : anticipez les situations sensibles ...Arnaud VELTEN (BUSINESS COMMANDO)
 
La geolocalisation: Etat de la situation dec 2013
La geolocalisation: Etat de la situation dec 2013La geolocalisation: Etat de la situation dec 2013
La geolocalisation: Etat de la situation dec 2013Bionopsys
 
Diffuser La Veille
Diffuser La VeilleDiffuser La Veille
Diffuser La VeilleThomas Chaimbault-Petitjean
 
Rapport etonnement Gfaure
Rapport etonnement GfaureRapport etonnement Gfaure
Rapport etonnement GfaureStéphane VINCENT
 
Orangina : les retombées du buzz analysées par Dynvibe
Orangina : les retombées du buzz analysées par DynvibeOrangina : les retombées du buzz analysées par Dynvibe
Orangina : les retombées du buzz analysées par DynvibePetit Web
 
La Veille sur Internet
La Veille sur InternetLa Veille sur Internet
La Veille sur InternetSemaweb
 

Recommended

ADW#21 La Veille à l’heure des médias sociaux
ADW#21 La Veille à l’heure des médias sociauxADW#21 La Veille à l’heure des médias sociaux
ADW#21 La Veille à l’heure des médias sociauxAtlantic 2.0
 
Rapport crédit agricole erep 25012014 final
Rapport crédit agricole erep 25012014 finalRapport crédit agricole erep 25012014 final
Rapport crédit agricole erep 25012014 finalRenaud Bourasset
 
Spotter Presentation 2009 : anticipez les situations sensibles ...
Spotter Presentation 2009 : anticipez les situations sensibles ...Spotter Presentation 2009 : anticipez les situations sensibles ...
Spotter Presentation 2009 : anticipez les situations sensibles ...Arnaud VELTEN (BUSINESS COMMANDO)
 
La geolocalisation: Etat de la situation dec 2013
La geolocalisation: Etat de la situation dec 2013La geolocalisation: Etat de la situation dec 2013
La geolocalisation: Etat de la situation dec 2013Bionopsys
 
Diffuser La Veille
Diffuser La VeilleDiffuser La Veille
Diffuser La VeilleThomas Chaimbault-Petitjean
 
Rapport etonnement Gfaure
Rapport etonnement GfaureRapport etonnement Gfaure
Rapport etonnement GfaureStéphane VINCENT
 
Orangina : les retombées du buzz analysées par Dynvibe
Orangina : les retombées du buzz analysées par DynvibeOrangina : les retombées du buzz analysées par Dynvibe
Orangina : les retombées du buzz analysées par DynvibePetit Web
 
La Veille sur Internet
La Veille sur InternetLa Veille sur Internet
La Veille sur InternetSemaweb
 
La veille, c'est quoi ? Intro
La veille, c'est quoi ? IntroLa veille, c'est quoi ? Intro
La veille, c'est quoi ? Introanne.wiener
 
Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01Alain Marois
 
Automatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.frAutomatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.frPoleDocumentation.fr
 
Traiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veilleTraiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veilleDujol Lionel
 
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...Serge Courrier
 
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...URFIST de Rennes
 
RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle COMPETITIC
 
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)Charbel Lahoud
 
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015Claus Cramon Houmann
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0Claus Cramon Houmann
 
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Claus Cramon Houmann
 
The unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityThe unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityClaus Cramon Houmann
 
Defensive strategies
Defensive strategiesDefensive strategies
Defensive strategiesClaus Cramon Houmann
 
Mitigating the clicker
Mitigating the clickerMitigating the clicker
Mitigating the clickerClaus Cramon Houmann
 
Css 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityCss 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityClaus Cramon Houmann
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

More Related Content

Viewers also liked

La veille, c'est quoi ? Intro
La veille, c'est quoi ? IntroLa veille, c'est quoi ? Intro
La veille, c'est quoi ? Introanne.wiener
 
Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01Alain Marois
 
Automatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.frAutomatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.frPoleDocumentation.fr
 
Traiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veilleTraiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veilleDujol Lionel
 
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...Serge Courrier
 
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...URFIST de Rennes
 
RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle COMPETITIC
 
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)Charbel Lahoud
 

Viewers also liked (8)

La veille, c'est quoi ? Intro
La veille, c'est quoi ? IntroLa veille, c'est quoi ? Intro
La veille, c'est quoi ? Intro
 
Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01Introduction à la veille technologique S1E01
Introduction à la veille technologique S1E01
 
Automatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.frAutomatiser la diffusion de sa veille pole documentation.fr
Automatiser la diffusion de sa veille pole documentation.fr
 
Traiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veilleTraiter, partager, diffuser et capitaliser sa veille
Traiter, partager, diffuser et capitaliser sa veille
 
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
Mailchimp : créer des lettres d'information (newsletters) alimentées automati...
 
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
Diffuser les résultats de la veille avec les outils de "curation" : Scoop.it,...
 
RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle RDV des Jeunes Entrepreneurs : veille concurrentielle
RDV des Jeunes Entrepreneurs : veille concurrentielle
 
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
Mise En Oeuvre Dune Cellule De Veille 2.0 (Linked In)
 

More from Claus Cramon Houmann

I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015Claus Cramon Houmann
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Claus Cramon Houmann
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Claus Cramon Houmann
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0Claus Cramon Houmann
 
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Claus Cramon Houmann
 
The unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityThe unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityClaus Cramon Houmann
 
Css 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityCss 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityClaus Cramon Houmann
 

More from Claus Cramon Houmann (11)

I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015Keynote Information Security days Luxembourg 2015
Keynote Information Security days Luxembourg 2015
 
Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2Presentation infra and_datacentrre_dialogue_v2
Presentation infra and_datacentrre_dialogue_v2
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
The cavalry is us i tdays-luxembourg 2014.11.20 v1.0
 
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
Thought Leader Global 2014 Amsterdam: Taking Security seriously -> Going beyo...
 
The unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile securityThe unspeakable-pitfalls of mobile security
The unspeakable-pitfalls of mobile security
 
Defensive strategies
Defensive strategiesDefensive strategies
Defensive strategies
 
Mitigating the clicker
Mitigating the clickerMitigating the clicker
Mitigating the clicker
 
Css 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT SecurityCss 2013 claushoumann Building comprehensively for IT Security
Css 2013 claushoumann Building comprehensively for IT Security
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Nsa spying gem_2013_final

  • 1. Banque Öhman The potential consequences of the NSA (and GHCQ) spying on the mobile enterprise And what you can/should do about it Claus Cramon Houmann 2013-11-14
  • 2. Banque Öhman 2013-11-14 Key take aways: • The known and the ”feared” extents of the NSA spying & others who spy • Spyware exists which can take full control of any mobile device, not to mention laptops • Defend your enterprise with Defense in depth which includes devices outside the perimeter • Make sure you know which data leaves the perimeter • Do your risk assessments and protect against your REAL threats • Consider any data that leaves the perimeter lost 2 Öhman
  • 3. Banque Öhman Why am I here presenting this? • June 6th • ..and since then • Truth has been coming out • That affects us all 3 Öhman 2013-11-14
  • 4. Banque Öhman 2013-11-14 Initial releases from Snowden trove • PRISM, XKEYSCORE, other programs that combined SPY on our lives -> and remove much of our privacy & security – Calls being recorded in the US – private AND corporate – Metadata for all calls and Internet in the US – -> this alone is a quite a risk for companies operating in the US • But THEN started the real revelations that concern any company, worldwide.... 4 Öhman
  • 5. Banque Öhman 2013-11-14 !Collect everything! • It turns out that the NSA&Partners collect everything (almost) – – – – – Your calls Your metadata Your e-mails Your google searches Your banking transactions – Your social media activity • They are intercepting, analyzing and storing almost all Internet traffic. If they cant decrypt it, it just gets stored longer until they can 5 Öhman
  • 6. Banque Öhman !Tailored access! • It’s not enough to just collect and store everything • NSA actively hacks states, companies and private individuals • To make this EASIER they have also weakened an unknown amount of cryptographic standards and tools 6 Öhman 2013-11-14
  • 7. Banque Öhman Red flags – special NSA target areas • • • • • Any bank with a swift code Anyone using encryption Anyone doing anything in the middle east Anything to do with oil or gas (energy) Anyone building security system / Infosec systems 7 Öhman 2013-11-14
  • 8. Banque Öhman But wait...this doesnt affect my company • Raise your hand if you’re thinking this right now 8 Öhman 2013-11-14
  • 9. Banque Öhman My guess • Is that around 25% of people present raised their hands • I hope for 0 • If 25% raised their hands, another 25% didnt – only due to normal classroom psychology 9 Öhman 2013-11-14
  • 10. Banque Öhman 2013-11-14 Why are those raised hands wrong? • Others have the means to exploit cryptographic weaknesses – China, Russia, serious competitors? • The NSA passes information to US Government (and others?), it’s conceivable that information from NSA spying ends up in US corp hands (http://www.zerohedge.com/contributed/2013-10-21/nsabusted-conducting-industrial-espionage-france-mexico-brazilchina-and-all) – This has happened before (echelon anno 2000 in BBC report fx) - Anyone can potentially get at your data! Especially on exposed locations such as mobile devices 10 Öhman
  • 11. Banque Öhman But then...what can we do? • Risk Management – mitigate the risks to acceptable levels • Defense-in-depth: Defend your data, wherever and whenever appropriate. Follow the booming market for innovative tools – eventually someone will find a way to protect smartphones /tablets acceptably. Laptops already protectable • ENCRYPT. EVERYTHING. NOW. • Manage where your data is. Control that policies are followed. • Awareness training & GRC implementation/improvement 11 Öhman 2013-11-14
  • 12. Banque Öhman Defense-in-depth. Isnt is simple and beatiful? 12 Öhman 2013-11-14
  • 13. Banque Öhman 2013-11-14 The future brings.... • European or Global Crypto-standards institute • Advanced malware protection tools (AMP’s), also for phones and tablets • Changes to how NSA spies on US citizens...but how about the rest of us....? • Fortress Europe? Fortress South-america? Fortress Russia? 13 Öhman
  • 14. Banque Öhman 2013-11-14 About me • Claus Cramon Houmann, 38, married to Tina and I have 3 lovely kids • CISSP, ITIL Certified Expert, Prince2 practitioner • You can contact me anytime: – Skype: Claushj0707 – Twitter: @claushoumann • Sources used: – Richard Stiennon’s presentation: ”How the surveillance state is changing IT security forever” – Tidbits from @mikko’s TEDx presentation recently 14 Öhman