Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA 19348 610-444-5295.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
7 Effective Habits when using the Internet Philip O’Kane 1.
For further information computersecurity.wlu.ca
1 MIS 2000 Class 22 System Security Update: Winter 2015.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
Security Issues and Challenges in Cloud Computing
Cyber X-Force-SMS alert system for threats.
Information Security Policies and Standards
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Wonga example Register Question- What risks do you think businesses face due to IT developments?
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Virtual Private Network
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Security for Seniors SeniorNet Help Desk
Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA
Securing Information Systems
A First Course in Information Security
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
General Awareness Training
Defining Security Issues
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
Security at NCAR David Mitchell February 20th, 2007.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
IS Network and Telecommunications Risks Chapter Six.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.
CU – Boulder Security Incidents Jon Giltner. Our Challenge.
Topic 5: Basic Security.
Company small business cloud solution Client UNIVERSITY OF BEDFORDSHIRE.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
MANAGING RISK. CYBER CRIME The use of the internet and developments in IT bring with it a risk of cyber crime. Credit card details are stolen, hackers.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Office 365 is cloud- based productivity, hosted by Microsoft. Business-class Gain large, 50GB mailboxes that can send messages up to 25MB in size,
Computer Security Sample security policy Dr Alexei Vernitski.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
Managed IT Services JND Consulting Group LLC
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
Securing Information Systems
Chapter 6: Securing the Cloud
Work on the Fly Hosted Solutions for Timeslips Customers
Cybersecurity - What’s Next? June 2017
E&O Risk Management: Meeting the Challenge of Change
Data Compromises: A Tax Practitioners “Nightmare”
Securing Information Systems
MEASURE I CITIZEN’S OVERSIGHT COMMITTEE MEETING
Today’s Risk. Today’s Solutions. Cyber security and
Risks & Reality Cyber Security Risks & Reality
Prepared by: Robert A. Listerman, CPA, CITRMS
Information Security Awareness
Protecting Your Company’s Most Valuable Asset
Using Internal Controls to Become a Cyber Security Watch Dog
Using Internal Controls to Become a Cyber Security Watch Dog
Cloud Computing for Wireless Networks
Presentation transcript:

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Tighten Up Your Firm’s Cyber Security Presented by Robert Listerman, CPA, CITRMS

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Robert Listerman (Bob) is a licensed Certified Public Accountant, State of Michigan and has over 30 years of experience as a process improvement business consultant. He graduated from Michigan State University and became a CPA while employed at Touche Ross & Co., Detroit, now known as a member firm of Deloitte & Touche USA LLP Bob added the Certified Identity Theft Risk Management Specialist (CITRMS) designation issued by The Institute of Fraud Risk Management in The designation is in recognition of his knowledge and experience in identity theft risk management. Today Bob focuses his practice on data security compliance. Over 50% of identity theft can be traced back to unlawful or mishandling of non-public data within the workplace. Currently Bob serves his professional community as an active Board Member for the Institute of Management Accountants (IMA), Mid Atlantic Council “IMA-MAC.” He is currently servicing as President of IMA-MAC ( ). He is a regular seminar presenter for the IMA, Pennsylvania Institute of CPAs (PICPA), and the Michigan Association of CPAs (MACPA). Bob serves on, and is a past chair of the MACPA’s Management Information & Business Show committee which enjoys serving over 1000 CPAs in attendance each year. He is Continuing Education Chair of the PICPA’s IT Assurance Committee. Bob serves his local community as a member of the Kennett Township, PA Planning Commission, Communications, Business Advisory, and Safety Committees. He is an active board member of the Longwood Rotary Club. He serves his Rotary District 7450 as their Interact Club Chair (Rotary in High School) since Past professional and civic duties include serving on the Board of Directors for the Michigan Association of Certified Public Accountants ( ), past board member of the Delaware Chapter of the IMA and past Chapter president for the IMA Oakland County, Michigan ( ).

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA How Computers (Servers) get Infected Hacked through the Internet Cloud File brought in via a USB (Thumb) Drive

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA How Computers (Servers) get Infected Downloaded program, picture, document, or from a shared file folder Key logger mimicking what they have learned

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA How Computers (Servers) get Infected From employees conduct / behavior Culture at the top

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Data security can seem mindboggling

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA An Internet service provider (ISP, also called Internet access provider) is a business or organization that offers users access to the Internet and related services. Many ISPs are telephone companies or other telecommunication providers. They provide services such as Internet access, Internet transit, domain name registration and hosting, dial-up access, leased line access and colocation. Internet service providers may be organized in various forms, such as commercial, community- owned, non-profit, or otherwise privately owned. Source: Definition

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA a.k.a: the “CLOUD”

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA The Internet “Web ” Topography

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Prize for first person who raises their hand AND can identify what these numbers are!

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA IP Tracer Source:

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Terms  Malware/Viruses  Key Logger  Hacker  Hacktivism (Anonymous)  Zero Day Attack  Botnet

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Zero Day Attack A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability. Zero-day exploits (actual software that uses a security hole to carry out an attack) are used or shared by attackers before the developer of the target software knows about the vulnerability.

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA BOTNET The term "botnet" can be used to refer to any group of computers, such as IRC bots, but the term is generally used to refer to a collection of computers (called zombie computers) that have been recruited by running malicious software. It could be used to send spam or participate in Denial of service attacks. The word botnet stems from the two words robot and network.

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Attack on Vendor Set Up Breach at Target* * Source: The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware- laced phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation. Last week, KrebsOnSecurity reported that investigators believe the source of the Target intrusion traces back to network credentials that Target had issued to Fazio Mechanical, a heating, air conditioning and refrigeration firm in Sharpsburg, Pa.

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Security is a layered solution  Physical Safeguards  Administrative Safeguards (Culture of Security)  Technical Safeguards FenceCameras Barred Windows Sensitive Data Walls “Strong” Password Dead BoltsGuards ______________________ Virus Detection VPN Fire Wall 2 nd Verification Intrusion Detection

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Physical Safeguards  Premise & surroundings  Physical access  simple key  user identifying access (key pad or card)  Internal areas, floors, hallways, office doors, files, etc  Document flow through the facility and at rest  Storage  Written procedures  Environmental safeguards  Computer monitor/screen guards  Clean desk policy

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Education backed by Policy & Procedures  Employee training on handling data from its source through to storage  Documented procedures  Computer Usage Policy  Sensitive Data Handling Policy  Data Security Policy including B.Y.O.D.  Employee signed acknowledgement of being trained  Criminal background check on anyone who handles or has access to data Administrative Safeguards

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Technical Safeguards  Risk assessment  Internal vulnerability assessment  Malware/Virus checking software  Spam filters  Encryption  Strong Passwords  Intrusion detection  Employee education on IT security policy and procedures

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Bring Your Own Device (BYOD)  Right to access device for forensic and data integrity assessment  Remote wipe if lost, stolen, or just not in control of employee anymore  Signed written agreement prior to company data access

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Securing Data In Motion  Secured leased lines  Use of VPN connections (Virtual Private Networks)  Know if you are on a secure site “  Send/receive encrypted files (Adobe documents have security options)  Use private clients such as “hushmail.com”

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA SSLSSL S S L SSLSSL VPNVPN V P N

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Sample cloud based VPN solution pricing model:

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA SaaS: What’s in (not in?) the Cloud? Limited Only By Your Imagination

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA IaaS: Your Hardware in the CLOUD?

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Case Study* Medium-sized mortgage brokerage firm * Source: Qnectus.com  99.99% uptime  Enterprise-level firewall protection  Encryption, and virus protection  Flexibility across both platforms and devices  Managed applications and upgrades  Simplified user provisioning  24/7/365 customer service support  Saved upwards of 50% over thirty (30) months

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA What to look for in a Cloud Service Provider –Strong contract regarding breach notifications –Systems are monitored 24/7 –Maintains user log-in history –Require strong passwords with limited life –Your data is backed-up & stored locally –Segregation of Data (Criminal Investigation of Others) –Has Documented Disaster Recovery Plan –Annually certified SSAE 16 (formally SAS 70)

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Security ≠ convenience myth  Most security “upgrades” can be tied to behavior awareness  Small changes can deliver large improvements  Most secure tools are as easy to use as standard  New direction of technology (i.e. SaaS & IaaS) is wrapped around security  Create, train, & administer YOUR policies and procedures

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Culture of Security The Federal Trade Commission’s PII Guide for employers:

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Take this 20 Question Assessment to Score Your Risk Level

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA Update your software every time on time Keep operating system up to date Keep malware/virus protection updated Six Take a ways (if this is all you do …) Be aware of today’s vulnerabilities Assess your entities’ Risk Level Score New opportunities when ready to upgrade

Data Security Compliance Advisors Certified Identity Theft Risk Management Specialists 873 East Baltimore Pike #501 Kennett Square, PA

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.