Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scott Charney Cybercrime and Risk Management PwC.

Published byAlison Clark Modified over 9 years ago

Similar presentations

Presentation on theme: "Scott Charney Cybercrime and Risk Management PwC."— Presentation transcript:

1 Scott Charney Cybercrime and Risk Management PwC

2 Understanding Risks: Computer As Target  Confidentiality –The Cuckoo’s Egg  Integrity –Seattle Sentencing –Pac Bell Intrusion  Availability –Morris Worm –Infrastructure Protection –Cascading Effects  Confidentiality –The Cuckoo’s Egg  Integrity –Seattle Sentencing –Pac Bell Intrusion  Availability –Morris Worm –Infrastructure Protection –Cascading Effects 2

3 PwC 3 Understanding Risks: Computer As Tool  Frauds –Internal: The Airline Scam –External: Phony e-businesses  Distribution Offenses –Copyrighted Software –Inappropriate Material  Frauds –Internal: The Airline Scam –External: Phony e-businesses  Distribution Offenses –Copyrighted Software –Inappropriate Material

4 PwC 4 Understanding Risks: Computer As Storage Device  Large Volume of Data  Duplicated and Distributed  Recoverable  Large Volume of Data  Duplicated and Distributed  Recoverable

5 PwC Future - What’s to come? Start with the Charney Theorem + Add anonymity + Add global connectivity + Add critical infrastructures + Add evidentiary issues = Lifetime Employment for Law Enforcement and Computer Security Professionals Start with the Charney Theorem + Add anonymity + Add global connectivity + Add critical infrastructures + Add evidentiary issues = Lifetime Employment for Law Enforcement and Computer Security Professionals 5

6 PwC And It’s Probably Worse Than We Think...  DoD Controlled Study –Machines Attacked: 38,000 –Machine Penetrated: 24,700 (65%) –Attacks Detected: 988 (4%) –Attacks Reported: 267 (27%)  DoD Controlled Study –Machines Attacked: 38,000 –Machine Penetrated: 24,700 (65%) –Attacks Detected: 988 (4%) –Attacks Reported: 267 (27%) 6

7 PwC What to Do: Manage Risk -- Implement Comprehensive Security!  Be Prepared To Prevent and Respond to Computer Incidents  Considering Physical, Personnel and Technical Security  Be Prepared To Prevent and Respond to Computer Incidents  Considering Physical, Personnel and Technical Security

8 PwC Prevention  Identify Assets (Computer Resources and Data)  Assess Internal and External Threats to Those Assets –Insider Threats: employees, contractors, JVs –Outsider Threats: hackers, hackivists, thieves, competitors, terrorists, nation-states  Develop Core Business Policies to Protect Assets –Access Control Policies (watch remote access!) –Retention and destruction policies –Appropriate computer use –Workplace Monitoring?  Educate Users and TEST COMPLIANCE  Identify Assets (Computer Resources and Data)  Assess Internal and External Threats to Those Assets –Insider Threats: employees, contractors, JVs –Outsider Threats: hackers, hackivists, thieves, competitors, terrorists, nation-states  Develop Core Business Policies to Protect Assets –Access Control Policies (watch remote access!) –Retention and destruction policies –Appropriate computer use –Workplace Monitoring?  Educate Users and TEST COMPLIANCE

9 PwC Prevention  Technical Approaches –Map the Network –Test Existing Security (Attack and Penetration) Application Defaults Bad Configurations - Known Vulnerabilities Password Management –Install Defenses Firewalls IDS and CADS Encryption (VPNS, PKIs)  Technical Approaches –Map the Network –Test Existing Security (Attack and Penetration) Application Defaults Bad Configurations - Known Vulnerabilities Password Management –Install Defenses Firewalls IDS and CADS Encryption (VPNS, PKIs)

10 PwC Response  Develop response plan –Identify Key Personnel for Response –Identify Response Objectives Remediation vs. Investigation –Institute Response Procedures Audit Trails, Caller-ID Evidence Retention and Preservation Notifications (e.g., internal, downstream, law enforcement, regulatory authorities)  Develop response plan –Identify Key Personnel for Response –Identify Response Objectives Remediation vs. Investigation –Institute Response Procedures Audit Trails, Caller-ID Evidence Retention and Preservation Notifications (e.g., internal, downstream, law enforcement, regulatory authorities)

11 Cybercrime and Risk Management Scott Charney (202) 822-4349 scott.charney@us.pwcglobal.com Scott Charney (202) 822-4349 scott.charney@us.pwcglobal.com PwC

Download ppt "Scott Charney Cybercrime and Risk Management PwC."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Protection of Information Assets I. Joko Dewanto 1.

Protection of Information Assets I. Joko Dewanto 1.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Controls for Information Security

Controls for Information Security
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Introduction to Network Defense

Introduction to Network Defense
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google