Presentation is loading. Please wait.

Presentation is loading. Please wait.

Playing Safely in the Cloud

Published byAlexina Farmer Modified over 6 years ago

Similar presentations

Presentation on theme: "Playing Safely in the Cloud"— Presentation transcript:

1 Playing Safely in the Cloud
Marie Greenberg, CISSP, IAM, IEM Information Security Manager Virginia State Corporation Commission

2 “Come into my parlor.” said the spider to the fly.
Every day, government agencies are moving business practices from the physical realm into the cloud. Pay your taxes, renew your drivers license, incorporate your small business, order your birth certificate, look up a state employee… As a public entity we have certain responsibilities to the citizens of Virginia. The public looks to us for guidance and assumes that the service we are providing is secure.

3 What can we do to make “Playing Safely in the Cloud” a reality for our Citizens?
Assure the public that we have a secure site for them to conduct e-government business. Require all users to register on our sites. Verify the identity of users.

4 Bring awareness to the Citizens
COV Citizen Awareness Banner The security of your personal information is important to us! Diligent efforts are made to ensure the security of Commonwealth of Virginia systems. Before you use this Web site to conduct business with the Commonwealth, please ensure your personal computer is not infected with malicious code that collects your personal information. This code is referred to as a keylogger. The way to protect against this is to maintain current Anti-Virus and security patches. For more information on protecting your personal information online, refer to the Citizens Guide to Online Protection.

5 Establish good Security Practices
Ensure secure payment services are in place. Use a third party to evaluate the security of the web site.

6 What can we do within our organizations to be more secure?
Identify the internet threats facing us. Take ownership. Promote a ‘culture of security awareness’. Create and maintain a security policy.

7 Take steps to protect our systems and data.
Keep software up-to-date. Develop a disaster recovery plan. Be proactive.

8 Playing Safely in the Cloud
Online Identity Management Web Application Security Steve Werby Information Security Officer Virginia Commonwealth University

9 Anything you upload to a public website is not private – it's public.

10

11

12 Identity Theft Phishing Reconnaissance Social Engineering
Address Identity Theft Phishing First Name Last Name Alias Colleges Degrees Employers Job Titles Address Friends Colleagues Alias Address Interests Address City / State Address Interests Activities Friends Age Website Reconnaissance First Name Last Name Address Birthday Street Address City / State Phone Number Website Marital Status Colleges Degrees Friends Alias City / State Friends Colleagues Website First Name Last Name Alias Age City / State Website Marital Status Friends Interests Activities First Name Last Name Friends Colleagues Interests Activities Social Engineering

13 Aggregate social network data
Your personal lifestream Your connections' lifestreams

14 Is the concept of privacy outdated?

15 Manage your identity Make informed decisions Voice your concerns See #1

16 Web 2.0 Cybercrime‏ SaaS Russian Business Network, Rock Phish
3G, n, mesh Russian Business Network, Rock Phish Cybercrime‏ IE, Firefox, Chrome, Safari, Opera HIPAA, PCI, GLBA, FACTA, FERPA Phishing, Smishing, Vishing Blackberry, iPhone, Windows Mobile AJAX

17 Cross Site Scripting (XSS)‏
Injection Flaws Malicious File Execution Failure to Restrict URL Access Insecure Direct Object Reference Cross Site Scripting (XSS)‏ Information Leakage / Improper Error Handling Cross Site Request Forgery (CSRF)‏ Insecure Communications Insecure Cryptographic Storage Broken Authentication and Session Management

18 Know your web applications
Know your data Secure EVERYTHING Educate, educate, EDUCATE

Download ppt "Playing Safely in the Cloud"

Similar presentations

Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
Security Controls – What Works

Security Controls – What Works
CHAPTER 3 Ethics and Privacy. Outline for Today Chapter 3: Ethics and Privacy Tech Guide: Protecting Information Assets REMINDER: Project 1 due tonight.

CHAPTER 3 Ethics and Privacy. Outline for Today Chapter 3: Ethics and Privacy Tech Guide: Protecting Information Assets REMINDER: Project 1 due tonight.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Software Security Course Course Outline 2-27-09. Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.

Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Marketing of Information Security Products. The business case for Information Security Management.

Marketing of Information Security Products. The business case for Information Security Management.
HTTP and Server Security James Walden Northern Kentucky University.

HTTP and Server Security James Walden Northern Kentucky University.
Juha Siivikko 7.11.2013 SECURITY IN SOCIAL MEDIA.

Juha Siivikko SECURITY IN SOCIAL MEDIA.
IT security By Tilly Gerlack.

IT security By Tilly Gerlack.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Similar presentations

Ads by Google