How to Prevent IT Security Gaffes that Put You at Risk
•Télécharger en tant que PPTX, PDF•
0 j'aime•374 vues
Recommandé
Recommandé
Contenu connexe
Plus de Tripwire
Plus de Tripwire (20)
Dernier
Dernier (20)
How to Prevent IT Security Gaffes that Put You at Risk
- 1. How to Prevent IT Security Gaffes that Put You at Risk
- 4. 2010 Data Breach Investigations Report Verizon RISK Team in cooperation with the United States Secret Service
- 5. 2010 Data Breach Investigations Report Verizon RISK Team in cooperation with the United States Secret Service
- 6. In 2009, the amount of data in the „Digital More than 500 Universe‟ grew by Million active 62% to nearly members on 800,000 petabytes Facebook (a petabyte is a million gigabytes) On average, 95% of Chinese today's consumer Internet users has a total of 13 aged 15-30 have credit obligations signed up to a on record at a dating site credit bureau. (400 Million total) Source: 2010 Digital Universe Study, www.creditcards.com, www.facebook.com and www.chinadaily.com.cn 6
- 7. FORTUNATELY….Most of this is preventable: The 80/20 of IT Security
- 8. Forgetting the fundamentals Step 1 Practice Fundamentals
- 9. “80% of what we need to do is stuff we already know how to do — getting the basics of Information Assurance right will of itself raise the bar for malicious activity.”
- 10. • • • • U.S. Government Accountability Office (GAO) • •
- 15. Compliant Change is occurring State Compliance Time
- 16. Compliant Continuous Compliance State Compliance Time
- 18. • • • 2010 Data Breach Report From Verizon Business, U.S. Secret Service)
- 19. 1 2 3
- 21. • • http://www.tripwire.com/blog • http://chuvakin.blogspot.com/ • http://krebsonsecurity.com • http://www.schneier.com/blog/ • http://www.wired.com/threatlevel • http://securityblog.verizonbusiness.com • •
- 27. Cyber FORENSICS
- 29. TM TM Tripwire VIA Tripwire VIA QUESTIONS?
Notes de l'éditeur
- Here’s a snapshot of the data growth challenge I’m speaking of …the Digital Universe report by IDC. Last year (2009) the amount of data in the ‘Digital Universe’ grew by 62% to nearly 800,000 petabytes (a petabyte is a million gigabytes). By 2020, the Digital Universe will be 44 times larger than as it was in 2009 – 35 trillion gigabytes. Nearly 75% of the Digital Universe is a copy – only 25% is unique. While enterprise-generated data accounts for 20% of the Digital Universe, enterprises are liable for 80% of the data that is created (the majority created by end-users). By 2020, more than a third of all the information in the Digital Universe will either live in or pass through the ‘cloud.’
- Another approach is what we call ‘Traditional Configuration Assessment,’ which can analyze the compliant state of key configuration settings, but if changes happen after the assessment, until another reassessment if performed you have no knowledge of those changes and whether they were authorized or compliant. or control of those changes. And even the highest performing organizations do these ‘mega-scans’ once a week or, more likely, once a month! Some organizations don’t reassess for an entire quarter or longer. The frequency of assessing IT configurations opens the door to risk and potential security breaches.
- [I’ll buy the image if you like it]
- [I’ll buy this image if you think it works]It’s not about the needle in the haystack. The needle represents a singular change or singular event – you need to find the right haystack
- 2 versions of the talk?StrategyTalk track for Sales – competitive responseDo a video recording of this? For use by SalesCompetitor-specific versions of the talks (why complementary)i.e. Feed into ArcsightLeverage compliance to proactively get ahead of threatsDeliver context others cannotDemonstrate the value of your compliance and security investmentSimply Compliant. More Secure.Simplify IT compliance and securityShorten the time to detect IT RiskReduce our customers’ costs----- Meeting Notes (1/10/11 09:45) -----CyberCrime ControlsCyber MonitoringCyber Forensics
- 2 versions of the talk?StrategyTalk track for Sales – competitive responseDo a video recording of this? For use by SalesCompetitor-specific versions of the talks (why complementary)i.e. Feed into ArcsightLeverage compliance to proactively get ahead of threatsDeliver context others cannotDemonstrate the value of your compliance and security investmentSimply Compliant. More Secure.Simplify IT compliance and securityShorten the time to detect IT RiskReduce our customers’ costs----- Meeting Notes (1/10/11 09:45) -----CyberCrime ControlsCyber MonitoringCyber Forensics
- 2 versions of the talk?StrategyTalk track for Sales – competitive responseDo a video recording of this? For use by SalesCompetitor-specific versions of the talks (why complementary)i.e. Feed into ArcsightLeverage compliance to proactively get ahead of threatsDeliver context others cannotDemonstrate the value of your compliance and security investmentSimply Compliant. More Secure.Simplify IT compliance and securityShorten the time to detect IT RiskReduce our customers’ costs----- Meeting Notes (1/10/11 09:45) -----CyberCrime ControlsCyber MonitoringCyber Forensics
- 2 versions of the talk?StrategyTalk track for Sales – competitive responseDo a video recording of this? For use by SalesCompetitor-specific versions of the talks (why complementary)i.e. Feed into ArcsightLeverage compliance to proactively get ahead of threatsDeliver context others cannotDemonstrate the value of your compliance and security investmentSimply Compliant. More Secure.Simplify IT compliance and securityShorten the time to detect IT RiskReduce our customers’ costs----- Meeting Notes (1/10/11 09:45) -----CyberCrime ControlsCyber MonitoringCyber Forensics
- 2 versions of the talk?StrategyTalk track for Sales – competitive responseDo a video recording of this? For use by SalesCompetitor-specific versions of the talks (why complementary)i.e. Feed into ArcsightLeverage compliance to proactively get ahead of threatsDeliver context others cannotDemonstrate the value of your compliance and security investmentSimply Compliant. More Secure.Simplify IT compliance and securityShorten the time to detect IT RiskReduce our customers’ costs----- Meeting Notes (1/10/11 09:45) -----CyberCrime ControlsCyber MonitoringCyber Forensics
- 2 versions of the talk?StrategyTalk track for Sales – competitive responseDo a video recording of this? For use by SalesCompetitor-specific versions of the talks (why complementary)i.e. Feed into ArcsightLeverage compliance to proactively get ahead of threatsDeliver context others cannotDemonstrate the value of your compliance and security investmentSimply Compliant. More Secure.Simplify IT compliance and securityShorten the time to detect IT RiskReduce our customers’ costs----- Meeting Notes (1/10/11 09:45) -----CyberCrime ControlsCyber MonitoringCyber Forensics