Securing your Business for 2014, Leveraging Lessons of 2013 OC Chapter.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.
AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Website Hardening HUIT IT Security | Sep
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Introduction Our Topic: Mobile Security Why is mobile security important?
Social impacts of the use of it By: Mohamed Abdalla.
Alisha Horsfield INTERNET SAFETY. firewall Firewall- a system made to stop unauthorised access to or from a private network Firewalls also protects your.
Protecting Yourself Online (Information Assurance)
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Cyber crime & Security Prepared by : Rughani Zarana.
Staying Safe Online Keep your Information Secure.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
-Tyler. Social/Ethical Concern Security -Sony’s Playstation Network (PSN) hacked in April Hacker gained access to personal information -May have.
Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Network problems Last week, we talked about 3 disadvantages of networks. What are they?
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
For brownies this PowerPoint will help you understand computer viruses and help stop them!!!!
James McQuillen. Data protection Act 1998 The main aim of it is to protect people's fundamental rights and freedom to a particular right to privacy of.
Internet Safety Internet Safety LPM
Grants Management Training 200 Cyber Security There are two kinds of people in America today: Those who have experienced a cyber-attack and know it, and.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
Computer Security By Duncan Hall.
“2 million Facebook, Gmail and Twitter passwords stolen in massive hack”
INTRODUCTION & QUESTIONS.
BUSINESS CLARITY ™ PCI – The Pathway to Compliance.
Security Mindset Lesson Introduction Why is cyber security important?
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Cybersecurity Test Review Introduction to Digital Technology.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
What lessons can we learn from other data breaches? Target Sentry Insurance Dynacare Laboratories 1 INTRODUCTION.
1 Outline of this module By the end of this module, you will be able to: – Understand what is meant by “identity crime”; – Name the different types of.
Computer Security Sample security policy Dr Alexei Vernitski.
Todays’ Agenda Private vs. Personal Information Take out your notebook and copy the following information. Private information – information that can be.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Protection of Data 31 Protection of Data 31. Protection of Data 31 Having looked at threats, we’ll now look at ways to protect data: Physical Barriers.
Session 2.  Recap of Services We Provide  Refund Policy  Selling Tools Demo(s)  CRM Demo  Commission/Bonus Recap  Teen to show how to configure.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
How to Make Yourself More Secure Using Public Computers and Free Public Wi-Fi.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Cyber Attacks on Businesses 43% of cyber attacks target small business Only 14% of small business rate their ability to mitigate cyber risk highly.
Forensics Week 11.
Today’s Risk. Today’s Solutions. Cyber security and
Cybersecurity Awareness
The Internet of Unsecure Things
Network Security Best Practices
Protecting Your Company’s Most Valuable Asset
Bethesda Cybersecurity Club
Las Positas College Flex Day
How to keep the bad guys out and your data safe
Marcial Quinones-Cardona
Presentation transcript:

Securing your Business for 2014, Leveraging Lessons of 2013 OC Chapter

The 10 Worst Data Breaches of 2013  Adobe (150 million exposed account credentials) (Source Code lost)  Had to be told by third part – Where was DLP?  Edward Snowden (pervasive signals intelligence, subversion of encryption standards, collaboration with overseas intelligence communities and other bombshells)  Snowden didn’t work for one of the agencies. He worked for an outside defense contractor. He wasn’t even a full- time employee of that contractor either, but a part-timer who had only been there for a few months.  NSA  The MUSCULAR program involved intercepting data from Yahoo and Google private clouds where the data is unencrypted. The data collected included , pictures, video, text documents, spreadsheets, and an array of other similar file types.  With this new revelation, Google has taken a considerably stronger stance against the NSA’s spying programs  Data Broker Botnet (D&B, LexisNexis, Kroll Background America)  Using a Botnet hackers were able to work undetected for months to consolidate massive amounts of PII.  When its your job to collect, store and sell data ! Proprietary and Confidential. Do Not Regents and Park, Inc. All rights reserved 2

The 10 Worst Data Breaches of 2013  Living Social  Attackers having access to those users’ information (name, , password, buying history),  Encrypted password hashes can be "cracked" with computer software that essentially tries millions of different possible passwords looking for a match. The bad guys will successfully crack the passwords of many Living Social users, and knowing the password, name, and address for a person, they may be able to break into other accounts that those people maintain on other websites.  AHMC Hospitals  In October, more than 729,000 patients were put in jeopardy when two unencrypted laptops were stolen from California-based AHMC hospitals. It took this breach for an encryption policy to be put into place at the AHMC hospital network  Media Outlets  The Syrian Electronic Army (hacktivist) claim an attack on President Obama from the Associated Press’ Twitter handle, causing a brief $136 billion dollar dive in the stock market Proprietary and Confidential. Do Not Regents and Park, Inc. All rights reserved 3

The 10 Worst Data Breaches of 2013  New York Times (Chinese hackers)  The New York Times revealed that its computers were stealthily compromised by Chinese hackers for a period of four months  The attackers first installed malware — malicious software — that enabled them to gain entry to any computer on The Times’s network.  Google, Facebook, Twitter, Yahoo (Pony Botnet)  The botnet is responsible for the theft of 2 million passwords and user names from a number of different locations, including Google, Facebook, Twitter and Yahoo  The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing login credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers. Proprietary and Confidential. Do Not Regents and Park, Inc. All rights reserved 4

The 10 Worst Data Breaches of 2013  Target ( mil data elements) (AT&T or Trustwave) would can you trust?  Let discuss  Who should you listen to?  What Encryption should you use (3DES)  Can you trust your Vendors Security (e.g. HVAC)  How do you create good Network Segmentation  Who is running your IT? Proprietary and Confidential. Do Not Regents and Park, Inc. All rights reserved 5

The 10 Worst Data Breaches of 2013  Target continues  Tools  FireEye  Turned on but functions disabled  Data Monitoring Noc  Bit9  AV or No AV?  Encryption  P2PE Proprietary and Confidential. Do Not Regents and Park, Inc. All rights reserved 6

What do you have to loose?  PII  Customers  Money  Investors  Reputation And….  What is your Managements Risk Appetite? Proprietary and Confidential. Do Not Regents and Park, Inc. All rights reserved 7

Security Layers Firewalls Is your out most layer secure from cyber attack. How do you use them? Is a Vendor a firewall or vulnerability? People Do you have BOYD and segregation of duties and employee loyalty and….. Policy Does the company know what security they want and does the employee get the message Proprietary and Confidential. Do Not Regents and Park, Inc. All rights reserved 8

Firewalls – what are they  Traditionally a devise to secure the network from the internet  Are they used internally and why?  Is a vendor a breach in your firewall?  Does your vendor access your network over a public network?  Do they have elevated privileges  What happens when a firewall gets breached  Does Encryption help?  In motion and at rest  How long before you know (Adobe) Proprietary and Confidential. Do Not Regents and Park, Inc. All rights reserved 9

People – who needs them!  People (staff) make the work go round.  They also are responsible for most breaches  BYOD – MDM (Mobile Devise Management)  Does your employees access there bank via a insecure access method?  Does your employees care if their phone is insecure when accessing your network, , systems and software?  Big Data  Vacation? Not me!  Fraud indicator is someone who never takes a holiday  They cant afford to leave their post else their replacement might notice something wrong Proprietary and Confidential. Do Not Regents and Park, Inc. All rights reserved 10

Policy  Are you training your employees?  Do they know what you expect of them?  How does a employee stop a attack if they don’t know what to look for  Maybe if I ignore it, it will go away?  Does a post it note message constitute remediation of a breach?  What was the security policy for the companies in the top ten list? Proprietary and Confidential. Do Not Regents and Park, Inc. All rights reserved 11

RoundtableDiscussion  Questions from the group?  PCI  HIPAA  SOX  ISO  ISMS  Scanning  Training Proprietary and Confidential. Do Not Regents and Park, Inc. All rights reserved 12

Proprietary and Confidential. Do Not Regents and Park, Inc. All rights reserved 13 Copied Track 1 and 2 data Used Mum & Pup web retails site to receive stolen data without alerting the retailer. Store data and retrieve later.

Proprietary and Confidential. Do Not Regents and Park, Inc. All rights reserved 14

Proprietary and Confidential. Do Not Regents and Park, Inc. All rights reserved 15

Regents & Park  Jason James  President  +1 (949)  Proprietary and Confidential. Do Not Regents and Park, Inc. All rights reserved 16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.