Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing and Protecting Citizens' Data

Published byNathaniel Bennett Modified over 5 years ago

Similar presentations

Presentation on theme: "Securing and Protecting Citizens' Data"— Presentation transcript:

1 Securing and Protecting Citizens' Data
Greg Moore Cisco Systems Engineer

2 Threats Viruses Subversion Sabotage Spoofing Spamming Eavesdropping
Identity Theft Phishing Pharming Phreaking Fuzzing Notice that 7 out of 11 involve financial gain

3 “If Only Computer Security Did Not Have to Involve People”
According to the Oct 2002 Edition of “The Economist”: 2/3 of commuters at a London train station revealed their computer password in exchange for a ball point pen Nearly half used their name, family name or pet name as password

4 More Recently … At RSA 2007 a Major U.S. Bank Shared This:
After extensive user training on password sensitivity in 2006 Sent an to 200 random employees asking for an “example of a complex password” They got 75 responses of which 23 sent their actual password! Cisco Confidential

5 SpyBot example Extortion - Encrypted hard drive virus – give me $$ in exchange for the keys – Repudiation

6 Phishing and Pharming Attacks
Site looked very authentic 800 number, Click to Chat, etc. Gone two days later

7 In many fonts an upper ‘i’ and a lower ‘L’ look the same
In many fonts an upper ‘i’ and a lower ‘L’ look the same. In this example, PayPaI is actually PayPaI

8 Security Must Be a Mindset
Improved security means implementing policies dealing with human factors, cultural norms and managing risks Security requires the cooperation and support of senior management We tend to worry about the wrong things (viruses, hackers) Instead of more realistic threats (disgruntled employees, links to supposedly trusted partners, theft of laptops, insecure Wi-Fi APs, etc.)

9 What Needs to be Protected?
Constituent information – tax records, health records, court records, etc. May be public but integrity needs to be maintained Governance – HIPPA, PCI Privileged or confidential information – employee info, government secrets, etc. Voice / Video / Data – all forms of data Physical security – public, employees, assets

10 Securing Information Hardening Isolation Privacy Integrity
Authentication Encryption

11 Security Technology OS Patches & Hotfixes HIPS / AV / NAC
Firewalls & ACLs Application Layer Gateways NIDS / IPS Access Control Content & Reputation Filtering VPN

Download ppt "Securing and Protecting Citizens' Data"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Social media threats. Warning! May contain mild peril.

Social media threats. Warning! May contain mild peril.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Securing Information Systems

Securing Information Systems
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

Similar presentations

Ads by Google