Presentation is loading. Please wait.

Presentation is loading. Please wait.

Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Steve Peters, President Community Information.

Published byBonnie Caldwell Modified over 9 years ago

Similar presentations

Presentation on theme: "Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Steve Peters, President Community Information."— Presentation transcript:

1 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Steve Peters, President Community Information and Telecommunications Alliance Co Chair, Arizona Cyber Security Alliance Matt Hymowitz, Partner GMP Networks Co Chair, Arizona Cyber Security Alliance

2 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » This Presentation Intro to the Arizona Cyber Security Alliance Overview of cyber crimes and security threats Tips to prevent compromise of your systems and information Strategies to insure business continuity and disaster recovery if they are compromised

3 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Arizona Cyber Security Alliance A project of CITA, Tucson's nonprofit Community Information and Telecommunications Alliance This statewide security Alliance will help the Arizona community: understand the rising security threats develop strategies to reduce personal, customer and business risks

4 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Targeting Small business and nonprofit executives IT professionals Home users Includes large and small businesses, non-profits, law enforcement, government, and information technology and security professional

5 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Secure Computer The only secure computer is one that is turned off, locked in a safe, and buried twenty feet down in a secret location--and I'm not completely confident of that one, either.” –BRUCE SCHNEIER, E-MAIL SECURITY: HOW TO KEEP YOUR ELECTRONIC MESSAGES PRIVATE (1995) Internet crime is the fastest growing crime in the U.S

6 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Five Key Messages The frequency and seriousness of threats are growing Whether you have a single computer or a corporate network you are at risk Securing your system will help secure the Internet

7 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Five Key Messages (2) Information security is a core business requirement, not just a technology problem. Don’t rely just on hardware and software solutions. You also need to address: security policies and plans employee awareness programs insurance and legal issues business continuity and disaster recovery plans Hardware and software are essential, but people are the key

8 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » What is Vulnerable Computer Systems VoIP Phone systems PDAs and cell phones Wired and wireless networks Xbox and Tivo Internet Relay Chat, peer-to-peer networks, instant messaging Web based applications and browsers RFID Tags

9 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Threats Cyber Threats Physical Threats Internal Threats External Threats Intentional Threats Unintentional Threats

10 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Cyber Threats Wired & Wireless Intrusions Destructive worms, viruses and trojans Spam and Spyware (keyboard and event logging) Phishing, Identity Theft, and Fraud (Websites, URLs, Spoofing, & Redirection) Your computer as a bot to attack other computers Applications and OS vulnerabilities Denial of Service Attacks Cyber terrorism Ransomware

11 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Cyber Threats (2) Cyber attacks Damage computers and destroy data Monitor or interrupt communications Provide access to private information Monitor your computer and browsing behavior Make your computer a bot to attack other computers Deny access to your websites Steal information and money Support Cyber terrorism

12 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Recent Trends Professional cyber criminals, gangs, cyber terrorism While past attacks were designed to destroy data, today’s attacks are increasingly designed to silently steal data for profit without doing noticeable damage that would alert a user to its presence. using bot networks targeted attacks on Web applications and Web browsers Targeted phising attacks Narrow focused attacks aiming at specific companies Growing Regulatory Compliance Requirements

13 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Threats Physical Threats Fire, theft, natural disasters Internal Threats (70% of crimes) employee errors and attacks disgruntled employees opening attachments downloading and use of unauthorized software (IM) unauthorized use of computer systems cyber loafing wireless networks (rogue) theft – systems and data

14 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Over 112,438 old and new viruses in 2004 - estimated $55 Billion in businesses damages in 2003 Arizona ranked No. 1 for identity theft in 2003 with 6,832 reported cases 70-80% attacks are internal 18 million phishing attempts in 2004 An unprotected computer could be compromised in less than 20 minutes after being connected to the Internet e-mail messages that include a virus 1 in 16 spam 73 % of all e-mail A Few Stats

15 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Question What will happen to your business or organization if your communications are disrupted or your information is compromised or stolen? Direct losses Indirect Losses Legal and Insurance issues Will You Be Out of Business?

16 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Why Should You Care? Direct Losses Operational and customer information Network, computer and communications systems Money

17 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Indirect Losses interrupted communications reduced productivity and damage to operations loss of potential sales & disrupted revenue flow reduced customer confidence and negative branding impact loss of competitive advantage loss of goodwill continuity and recovery expenses

18 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Legal Exposure and Insurance Failure to meet business obligations Compromised confidential client information Illegal user activity Director liability Losses not covered by insurance Lack of business continuity and disaster recovery coverage Regulatory Compliance HIPPA, GLBA, SARBOX, Due diligence is the key

19 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Security Technologies Virus Protection Hardware and Software Firewalls Back-up Solutions Managed Services - Outsourcing Intrusion Detection Systems Spyware protection programs Encryption and Virtual Private Networks Applications and OS patches Content Filtering: Inbound / Outbound

20 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Security Checklist Are You Protected? Current antivirus protection updated daily Firewalls (hardware/software) or Intrusion Detection Systems Security patches for your software & OS Spyware (2-3 programs) Do not open unexpected e-mail attachments from strangers or acquaintances Daily backups

21 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Security Checklist (2) Business assessment -can your business survive a security disaster? Outside Security Assessments Avoid legal liabilities for failure to exercise due diligence, to protect confidential information, or if you cannot fulfill business obligations California’s Data Breach Law SB 1386 and Privacy Laws Gramm-Leach Bliley Act USA Patriot Act and the Banking Secrecy Act HIPAA and Sarbanes-Oxley Act CAN-SPAM Act

22 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Security Checklist (3) Insure that your insurance coverage will cover business continuity, disaster recovery and legal costs Physically secure your machines and backups from theft, fire and natural disasters Designate an employee or a trusted vendor to be responsible for your Cyber Security, including updates Know what normal computer, network and Internet behavior looks like so that you can tell what's abnormal Control access to your systems & information

23 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Security Checklist (4) Use complex passwords (8-10 characters) and change them regularly (~mY*sEcrE1T) Don’t share passwords or post them on your computer Log off when your computer is not being used Disconnect from the Internet when you do not need to be online Perform reference checks on new employees, and background checks for IT staff. Have employees sign a non-disclosure agreement Turn OFF the Outlook "Preview Pane"

24 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Security Checklist (5) Cleanup old machines before you dispose of them Develop written plans and policies Internet use cyber and physical security business continuity and disaster recovery Provide regular security training and awareness programs for your employees security strategies employee responsibilities ?

25 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » New Laws The Gramm-Leach-Bliley Act, Provides for criminal and civil liability for businesses who do not adequately protect personal and financial information. Applies to any financial institution that provides financial products or services to consumers Sarbanes-Oxley Act of 2002 Prevents destruction of documents relevant to audits of companies that report their financial information to the SEC Regulation S-X requires accountants to retain certain records for a period of seven years after an audit or review of financial statements

26 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » New Laws (2) Health Insurance Portability and Accountability Act A covered entity may not use or disclose an individual’s protected health information (PHI) to any person including a business associate, except as permitted or required by the privacy rules. A covered entity MUST secure individually identifiable information USA Patriot Act Title III Applies to - Financial Institutions Amended the Bank Secrecy Act regarding strict customer identification, retention of records for 5 years after close of account, and checking terrorist lists every 2 weeks

27 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » California’s Data Breach Law SB 1386 Requires companies to notify California residents of any actual or suspected breach of the security of the system that contains personal information - applies to any online business with California customers, even if the company is not based in California California SB 27 - “Shine the Light Bill” Gives consumers the right to ask about what information an organization has about them and where has it been shared California AB 68 - “Online Privacy Protection Act” Commercial websites or online services that collect personal information on California residents must post and comply with a privacy policy

28 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » If you have an incident Bottom Line Protect Your Systems and Your Data Advise Your Clients To Protect Their Systems and Your Data Call a professional! Keep all records Logs Dates times etc. Freeze the machine(s Protect

29 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » 1, 2, 3, 4 Whether you have a single computer or a corporate network you are at risk Provide technology solutions - virus protection, firewalls, security patches, spyware programs Develop written plans and policies Provide regular security training and awareness programs for your employees

30 Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Contact Info Steve Peters Community Information and Telecommunications Alliance 520 - 321-1309 stevepeters@tucsonlink.org Matt Hymowitz, Partner GMP Networks 520-577-3891 x11 mhymowit@gmpnet.net

Download ppt "Self-Assessment » Find a Consultant » Links & Resources » News & Headlines » Educational & Training Resources » Steve Peters, President Community Information."

Similar presentations

How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Security Controls – What Works

Security Controls – What Works
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Chapter 1 Introduction to Security

Chapter 1 Introduction to Security
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Similar presentations

Ads by Google