Governance Fail, Security Fail:Why Are We Surprised About Data Theft?James Tarala, Enclave Security
Companies Are Losing Data to Theft         Governance Fail, Security Fail © Enclave Security 2012
NortelGovernance Fail, Security Fail © Enclave Security 2012
ZapposGovernance Fail, Security Fail © Enclave Security 2012
StratforGovernance Fail, Security Fail © Enclave Security 2012
SubwayGovernance Fail, Security Fail © Enclave Security 2012
Virginia Commonwealth University        Governance Fail, Security Fail © Enclave Security 2012
Purdue UniversityGovernance Fail, Security Fail © Enclave Security 2012
Bay Area Rapid Transit (BART)      Governance Fail, Security Fail © Enclave Security 2012
Universal MusicGovernance Fail, Security Fail © Enclave Security 2012
SegaGovernance Fail, Security Fail © Enclave Security 2012
Bethesda Softworks Governance Fail, Security Fail © Enclave Security 2012
Sony PicturesGovernance Fail, Security Fail © Enclave Security 2012
Lockheed MartinGovernance Fail, Security Fail © Enclave Security 2012
WordPressGovernance Fail, Security Fail © Enclave Security 2012
Whatever Shall We Do?!?   Governance Fail, Security Fail © Enclave Security 2012
Cause & EffectIf you don’t brush or   floss your teeth,    you’re going to      loose them.           Governance Fail, Sec...
Cause & Effect                                 If you don’t care of                                 your car, you won’t   ...
Cause & EffectIf you only eat crap & never exercise,   you will get fat.            Governance Fail, Security Fail © Encla...
Cause & Effect                                      If you tell your wife,                                      she does l...
Cause & Effect If you don’t defendyour computers, you    will get hacked.           Governance Fail, Security Fail © Encla...
Most Hackers Aren’t 31337    Governance Fail, Security Fail © Enclave Security 2012
No Executive Support = FailExecutives allocate:• Decisions• Time• Money           Governance Fail, Security Fail © Enclave...
No Documented Plan = Fail                                  They’re called policies.                                  Have ...
No Budget = Fail    Controls cost money + time.Doing business costs money + time.Protecting data costs money + time.      ...
Wrong Controls = Fail    Governance Controls (COBIT)Technical Controls (20 Critical Controls)         Governance Fail, Sec...
No Metrics = Fail   Measure YourselfReport Success & Failure   Fix Your Failures (US DoS iPost)             Governance Fai...
General Michael Hayden                                “Quit whining, act                                like a man, and   ...
Further Questions• James Tarala   – E-mail: james.tarala@enclavesecurity.com   – Twitter: @isaudit, @jamestarala   – Blog:...
Upcoming SlideShare
Loading in...5
×

Governance fail security fail

331

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
331
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Governance fail security fail

  1. 1. Governance Fail, Security Fail:Why Are We Surprised About Data Theft?James Tarala, Enclave Security
  2. 2. Companies Are Losing Data to Theft Governance Fail, Security Fail © Enclave Security 2012
  3. 3. NortelGovernance Fail, Security Fail © Enclave Security 2012
  4. 4. ZapposGovernance Fail, Security Fail © Enclave Security 2012
  5. 5. StratforGovernance Fail, Security Fail © Enclave Security 2012
  6. 6. SubwayGovernance Fail, Security Fail © Enclave Security 2012
  7. 7. Virginia Commonwealth University Governance Fail, Security Fail © Enclave Security 2012
  8. 8. Purdue UniversityGovernance Fail, Security Fail © Enclave Security 2012
  9. 9. Bay Area Rapid Transit (BART) Governance Fail, Security Fail © Enclave Security 2012
  10. 10. Universal MusicGovernance Fail, Security Fail © Enclave Security 2012
  11. 11. SegaGovernance Fail, Security Fail © Enclave Security 2012
  12. 12. Bethesda Softworks Governance Fail, Security Fail © Enclave Security 2012
  13. 13. Sony PicturesGovernance Fail, Security Fail © Enclave Security 2012
  14. 14. Lockheed MartinGovernance Fail, Security Fail © Enclave Security 2012
  15. 15. WordPressGovernance Fail, Security Fail © Enclave Security 2012
  16. 16. Whatever Shall We Do?!? Governance Fail, Security Fail © Enclave Security 2012
  17. 17. Cause & EffectIf you don’t brush or floss your teeth, you’re going to loose them. Governance Fail, Security Fail © Enclave Security 2012
  18. 18. Cause & Effect If you don’t care of your car, you won’t be driving it for long.Governance Fail, Security Fail © Enclave Security 2012
  19. 19. Cause & EffectIf you only eat crap & never exercise, you will get fat. Governance Fail, Security Fail © Enclave Security 2012
  20. 20. Cause & Effect If you tell your wife, she does look fat in those jeans…Governance Fail, Security Fail © Enclave Security 2012
  21. 21. Cause & Effect If you don’t defendyour computers, you will get hacked. Governance Fail, Security Fail © Enclave Security 2012
  22. 22. Most Hackers Aren’t 31337 Governance Fail, Security Fail © Enclave Security 2012
  23. 23. No Executive Support = FailExecutives allocate:• Decisions• Time• Money Governance Fail, Security Fail © Enclave Security 2012
  24. 24. No Documented Plan = Fail They’re called policies. Have a consistent plan. Governance Fail, Security Fail © Enclave Security 2012
  25. 25. No Budget = Fail Controls cost money + time.Doing business costs money + time.Protecting data costs money + time. Governance Fail, Security Fail © Enclave Security 2012
  26. 26. Wrong Controls = Fail Governance Controls (COBIT)Technical Controls (20 Critical Controls) Governance Fail, Security Fail © Enclave Security 2012
  27. 27. No Metrics = Fail Measure YourselfReport Success & Failure Fix Your Failures (US DoS iPost) Governance Fail, Security Fail © Enclave Security 2012
  28. 28. General Michael Hayden “Quit whining, act like a man, and defend yourself.” -BlackHat 2010 Governance Fail, Security Fail © Enclave Security 2012
  29. 29. Further Questions• James Tarala – E-mail: james.tarala@enclavesecurity.com – Twitter: @isaudit, @jamestarala – Blog: http://www.enclavesecurity.com/blogs/• Resources for further study: – SANS Audit Program – Audit 407, Governance Focused – 20 Critical Controls Project – The Balanced Scorecard (by Kaplan & Norton) – Security Metrics (by Andrew Jaquith) Governance Fail, Security Fail © Enclave Security 2012

×