2013 Data Protection Maturity Trends: How Do You Compare?

•Download as PPTX, PDF•

2 likes•972 views

This document summarizes a presentation on data protection trends and maturity. It discusses evolving threats like BYOD and advanced persistent threats. A survey found that most organizations struggle with administrative, technical, and motivational controls related to data protection. A maturity model was presented with levels ranging from ad hoc to optimal for areas like security policies, enforcement, and employee education. Recommendations included creating comprehensive policies, implementing robust technical controls, and providing ongoing security training.

Technology

2013 Data
Protection Maturity
Trends: How Do
You Compare?

Today’s Agenda

Data Protection Trends

Aspects of Data Protection: The Survey Says …

A Model of Data Protection Maturity

Recommendations

Today’s Panelists

Paul Henry Chris Merritt
Security Consultant, Author Director of Solution Marketing
and Columnist Lumension

3

Changing IT Network Landscape

Source: Is BYOD Right for Your Small Business?
by Melinda Emerson, PGi blog (24-Oct-2012)
5

Increasing Threats Landscape

Source: Expect a wave of Java applet attacks: Microsoft
by Liam Tung, CSO Online (19-Nov-2012)
6

Increasing Threats Landscape

Source: New Report Out of Taiwan Says Prepare For APT Warfare,
by Paul Henry in Optimal Security (Lumension) blog (15-Aug-2012)
7

Evolving Organizational Landscape

• According to the Ponemon Institute, 58% of organizations have more
than 25 malware incidents each month, and another 20% are unsure
how many incidents they’re dealing with.1
• The data breaches reported in 2012 increased almost 35% over 2011,
according to datalossdb.org.2
• The average cost of a data breach
was about $194 per record in 2011;
of this, about 70% were indirect
costs such as lost business, cus-
tomer churn, etc.3
• About 70 – 80% of an organization’s
market value is based on intangible
assets such as IP.4
1. Ponemon Institute, 2013 State of the Endpoint (Dec-2012)
2. Based on data retrieved 11-Jan-2013.
3. Ponemon Institute, 2011 Cost of Data Breach Study (Mar-2012)
4. Ocean Tomo, http://www.oceantomo.com/about/intellectualcapitalequity

8

Uncertain Regulatory Landscape
Regulatory
• An effort is underway to modernize the European Union framework for
data protection rules (GDPR)
• In the United States …
» we see continued pressure from the States on the data protection front
» on the Federal front, some are holding out hope for a comprehensive
Cybersecurity Act, or an equivalent Executive Order
» for public companies, we now have SEC guidance on cyber risks
• Elsewhere, we see continued legislative action on data protection
» examples include: Colombia, Italy and Philippines

Industry
• Next PCI-DSS update scheduled for Oct-2013
• NERC CIP 5 scheduled for vote in Apr-2013
• Impact of legislation on FFIEC, NCUA, OCC, etc.

9

Aspects of Data Protection:
The Survey Says …

Discovering the State of Data Protection
Worldwide Data Protection Maturity Assessment Survey
• Anonymous Results
• Over 406 Initial Respondents
• Respondent Screening

Three areas of focus
• Administrative Controls
• Technical Controls
• “Organizational Motivation”

11

A Model for Data Protection Maturity

21

Rising to the Challenge
Creating Policies
• Ad Hoc: Minimal or No Security Policies
• Optimal: Comprehensive & Exhaustive

Enforcing Policies
• Ad Hoc: Limited Technical Controls
• Optimal: Robust Technical Controls

Educating Staff
• Ad Hoc: One-Time or No Training
• Optimal: On-Going, Formal Training

23

More Information
• Free Security Scanner Tools • Get a Quote (and more)
» Application Scanner – discover all the apps http://www.lumension.com/
being used in your network endpoint-management-security-suite/
» Vulnerability Scanner – discover all OS and buy-now.aspx#2
application vulnerabilities on your network
» Device Scanner – discover all the devices
being used in your network
http://www.lumension.com/Resources/
Security-Tools.aspx

• Lumension® Endpoint Management
and Security Suite
» Demo:
http://www.lumension.com/endpoint-
management-security-suite/demo.aspx
» Evaluation:
http://www.lumension.com/endpoint-
management-security-suite/free-trial.aspx

24

Global Headquarters
8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255

1.888.725.7828
info@lumension.com
http://blog.lumension.com

What's hot

Delete vs Erase: How Are Companies Wiping Active Files

Blancco

CSA Research: Mitigating Cloud Threats

Bitglass

IT has deployed the appropriate security controls. You've updated your policies and procedures and raised awareness. And you've got your incident response plan in place. What could possibly go wrong? The answer is: the plan itself. All the planning and preparation in the world won't protect your business from a data breach if the response plan doesn't work. It's necessary to ensure that your response plan stays current and functional. This webinar will provide a checklist of items to review when auditing your response plan. It will also review how often you should audit, test, and update your plan.

How to Audit Your Incident Response Plan

Resilient Systems

The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...

Symantec

Information Security Project

novemberchild

When a security program isn't as good as it should be it can be tempting to conclude that it needs more resources and solutions. Jack Nichelson decided to take a different approach: simplification. By focusing on fewer problems with bigger returns, he was able to reduce malware by 60 percent and improve the results of his annual pen report. He’ll share a back-to-the-basics case study for removing complexity and running a simple, effective, start-up worthy security program. This Talk is for - Security Managers looking to better focus on the real vulnerabilities and more effectively communicate your progress The Goals of this talk – Find the real problems, create a formal plan, build support for the plan, and report the progress

Information Security - Back to Basics - Own Your Vulnerabilities

Jack Nichelson

Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)

Fujitsu Middle East

Role of The Board In IT Governance & Cyber Security-Steve Howse

CGTI

Many organizations think of technology as the answer to cyber threats. But combatting cyber threats has to be driven by risk intelligence: understanding and embracing risk with the confidence so that you are prepared and resilient in the face of adversity. In this session, we'll show how risk can be harnessed to make effective security decisions and reduce compliance overhead by optimizing IT risk management efforts and creating a risk intelligent organization.

MT118 Risk Intelligence - Making the Right Choices in Cybersecurity

Dell EMC World

Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind

centralohioissa

How do the automotive, banking, manufacturing, and technology industries drive innovation with data and analytics? A distinguished panel of innovators and adopters of big data and analytics solutions will discuss their big data implementations and how they are harnessing their data to derive insights to transform their organizations. We'll explore use cases ranging from managing and analyzing huge amounts of data to protect consumers and avoid product recalls, to building customer 360-degree views to better serve customers, to controlling wildfires to save lives, to tapping into genomic data to treat cancer.

MT29 Panel: Becoming a data-driven enterprise

Dell EMC World

Isaca csx2018-continuous assurance

François Samarcq

Deloitte Global Security Survey 2009

edcervantes

State of endpoint risk v3

Lumension

Cyber Security and the CEO

Micheal Axelsen

2018 Adobe Cybersecurity Survey

Adobe

The number of attacks on organization's' IT infrastructure are continuously increasing. It is becoming more and more difficult to identify unknown threats, in particular. This problem requires the ability to store more data and better tools to analyze the data. Learn in this webinar why big data is enabling new security analytics solutions and why the MapR Quick Start Solution for Security Analytics offers an easy starting point for faster and deeper security analytics.

Security Analytics and Big Data: What You Need to Know

MapR Technologies

Companies Aware, but Not Prepared for GDPR

Imperva

What's hot (18)

Delete vs Erase: How Are Companies Wiping Active Files

CSA Research: Mitigating Cloud Threats

How to Audit Your Incident Response Plan

The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...

Information Security Project

Information Security - Back to Basics - Own Your Vulnerabilities

Radical Innovation In Security (New Techniques Applied To Tomorrow’s Risk)

Role of The Board In IT Governance & Cyber Security-Steve Howse

MT118 Risk Intelligence - Making the Right Choices in Cybersecurity

Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind

MT29 Panel: Becoming a data-driven enterprise

Isaca csx2018-continuous assurance

Deloitte Global Security Survey 2009

State of endpoint risk v3

Cyber Security and the CEO

2018 Adobe Cybersecurity Survey

Security Analytics and Big Data: What You Need to Know

Companies Aware, but Not Prepared for GDPR

Similar to 2013 Data Protection Maturity Trends: How Do You Compare?

https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 : With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk. Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines. Viewers will learn: - The latest cybercrime trends and targets - Trends in board involvement in cybersecurity - How to effectively manage the full range of enterprise risks - How to protect against ransomware - Visibility into third party risk - Data security metrics

Cyber Risk Management in 2017: Challenges & Recommendations

Ulf Mattsson

Evolving State of the Endpoint Webinar

Lumension

Final presentation january iia cybersecurity securing your 2016 audit plan

Cameron Forbes Over

Since Syncsort's acquisition of security products from Cilasoft, Enforcive, Townsend Security and Trader's - we've been working hard to blend best-of-breed technology and create a powerful, integrated solution. We're happy to announce that the wait is almost over! In just a few short weeks, Syncsort will announce the first release of this new security solution. We want partners like you on-board with all the latest information on how this great new product will meet your customers' needs to: • Identify security vulnerabilities • Pass audits for industry, state or governmental security regulations • Detect and report on compliance deviations and security incidents • Lock down access to systems and databases • Ensure the privacy of sensitive data - both at rest and in motion

Get Ready for Syncsort's New Best-of-Breed Security Solution

Precisely

Data Security: What Every Leader Needs to Know

Roger Hagedorn

Over 80% of small-medium sized business consider themselves non-targets for cyber-attacks. However, 60% of all targeted attacks are towards small-medium sized organizations. The capabilities of hackers have risen dramatically in the last two years. Organizations of all sizes need a security plan. Security by obscurity is no longer a viable option. Adopt a proven strategy to protect vital corporate assets.

Improve Information Security Practices in the Small Enterprise

George Goodall

Fall2015SecurityShow

Adam Heller

Your organization is at risk! Upgrade your IT security & IT governance now.

Cyril Soeri

When GDPR becomes law in a few months, it will be the most wide-ranging and stringent data protection initiative in history. To prepare for this sea change, most organizations have streamlined and detailed their information security policies; however, many are unaware that immature application security programs arguably pose the biggest threat of a data breach. This oft-forgotten piece of data protection puts organizations at risk of GDPR fines. Attend this joint webinar with Security Innovation and Smarttech247 to learn practical tips on incorporating application security best practices into an InfoSec program to achieve GDPR compliance. Topics include: * Summary of GDPR key concepts * Security of data processing in software and the CIA triad * The people and process problem of GDPR: Governance * Using Data Protection by Design for secure design and business logic * Assessments to verify the security of processing Presenters: Roman Garber, Security Innovation Edward Skraba, Smarttech247

GDPR: The Application Security Twist

Security Innovation

SAM05_Barber PW (7-9-15)

Norm Barber

HPE-Security update talk presented in Vienna to partners on 15th April 2016

SteveAtHPE

dataProtection_p3.ppt

ssusera76ea9

Automation of Information (Cyber) Security by Joe Hessmiller

Joe Hessmiller

Information Technology Security Basics

Mohan Jadhav

As the need for facility equipment and asset data grows, serious cybersecurity risk are revealed, including inadequate security architecture, lack of process and controls the use of contractors and vendors. We need to be able to to identify risks and develop mitigation strategy. This presentation will provide insights, answers and tips. It will identify the value of IT/OT integration in solving facilities cybersecurity threats.

How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft

OSIsoft, LLC

Jisc e safety presentation AoC 2014

Jisc

Cyber attacks have increased in frequency and severity, and financial institutions are particularly interesting targets to cyber criminals. Join this presentation to learn the latest cybersecurity threats and challenges plaguing the financial industry, and the policies and solutions your organization needs to have in place to protect against them. Viewers will learn: • Current trends in Cyber attacks • FFIEC Cyber Assessment Toolkit • NIST Cybersecurity Framework principles • Security Metrics • Oversight of third parties • How to measure cybersecurity preparedness • Automated approaches to integrate Security into DevOps About the Presenter: Ulf Mattsson is the Chief Technology Officer of Security Solutions at Atlantic BT, and earlier at Compliance Engineering. Ulf was the Chief Technology Officer and a founder of Protegrity, He invented the Protegrity Vaultless Tokenization, Data Type Preservation (DTP2) and created the initial architecture of Protegrity's database security technology. Prior to Protegrity, Ulf worked 20 years at IBM in software development and in IBM's Research organization, in the areas of IT Architecture and Security, and received a US Green Card of class ‘EB 11 – Individual of Extraordinary Ability’ after endorsement by IBM. Ulf is the inventor of more than 45 patents in the areas of Encryption, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention

Securing Fintech: Threats, Challenges & Best Practices

Ulf Mattsson

Information security trends and concerns

John Napier

With the increasing number of cyber-attacks and incidents seeming to occur weeks/months/years before discovery of breach, simply securing your perimeter is no longer enough to protect your most critical assets. Privacy breaches are averaging upwards of $200 per record and studies have shown at intellectual property infringement cost the average company $101.9 million in revenues. Key points addressed include: • The Impact of Cyber Crime on our Economy • The Cost Companies are incurring due to Cyber Crime and Data Breaches • Who are the threat actors? • What makes up a Data Loss Prevention ecosystem? • What does a Data Loss Prevention strategy do for me? • Hidden Benefits of Data Loss Prevention • Justifying a Data Loss Prevention Strategy

Data Security: Why You Need Data Loss Prevention & How to Justify It

Marc Crudgington, MBA

IT Executive Guide to Security Intelligence

thinkASG

Similar to 2013 Data Protection Maturity Trends: How Do You Compare? (20)

Cyber Risk Management in 2017: Challenges & Recommendations

Evolving State of the Endpoint Webinar

Final presentation january iia cybersecurity securing your 2016 audit plan

Get Ready for Syncsort's New Best-of-Breed Security Solution

Data Security: What Every Leader Needs to Know

Improve Information Security Practices in the Small Enterprise

Fall2015SecurityShow

Your organization is at risk! Upgrade your IT security & IT governance now.

GDPR: The Application Security Twist

SAM05_Barber PW (7-9-15)

HPE-Security update talk presented in Vienna to partners on 15th April 2016

dataProtection_p3.ppt

Automation of Information (Cyber) Security by Joe Hessmiller

Information Technology Security Basics

How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft

Jisc e safety presentation AoC 2014

Securing Fintech: Threats, Challenges & Best Practices

Information security trends and concerns

Data Security: Why You Need Data Loss Prevention & How to Justify It

IT Executive Guide to Security Intelligence

More from Lumension

Today, everything has to be patched. From desktop and laptop to server and every operating system in between. With compliance, what we have to pay attention to is what’s actually out there on our network – not just what you wish were there. Servers (Windows, UNIX and Linux)Even Windows-centric environments have at least a few UNIX or Linux servers that need to be secure and patched. Linux and UNIX servers often fulfill critical functions with few and short maintenance windows. These can be a real pain point for admins who specialize in Windows or are managed by an entirely different admin. Desktops (Windows and Macs)Maybe you are responsible for desktops instead of servers. Again it’s not just a Windows story any more. More and more people are opting for Macs instead of Windows. Watch the vulnerability lists and you’ll see that Macs need patching too. The kicker though is the 80/20 rule. If at least 80% of the computers on your network are Windows and the remaining 20% are everything else – it’s a safe bet, given the maturity and ease of WSUS, that 20% of your patching effort goes to Windows but 80% of your effort is consumed with patching all the different flavors of UNIX, Linux and your Mac computers. We need one system to manage all our patches and one pane of glass to prove compliance from data center to desktop. Believe it or not System Center 2012 R2 provides the infrastructure to do just that – it just needs a little help. Last time we showed you how you can patch 3rd party apps on Windows through System Center Update Manager. This time we’ll show you how you can patch non-Windows systems using the new System Center clients for UNIX, Linux and Mac.

Using SCCM 2012 r2 to Patch Linux, UNIX and Macs

Lumension

Mike Rothman, Analyst and President of Securosis, as he dives into an interactive discussion around endpoint security management in 2015. • Protecting Endpoints: How the attack surface has changed, and the impact to your defense strategy • Anti-Malware: The best ways to deal with today’s malware and effectively protect your endpoints from attack • Endpoint Hygiene: Why you can’t forget the importance of ensuring solid management of your endpoint devices • BYOD and Mobility: The extent that corporate data on smart mobile devices impacts your organization • The Most Important Buying Considerations in 2015

2015 Endpoint and Mobile Security Buyers Guide

Lumension

Security expert Randy Franklin Smith from Ultimate Windows Security, shows you a technical and pragmatic approach to mobile security for iOS and Android. For instance, for iOS-based devices, he talks about: • System security • Encryption and data protection • App Security • Device controls Randy also discusses Android-based devices. While Android gets its kernel from Linux, it builds on Linux security in a very specialized way to isolate applications from each other. And learn about iOS and Android mobile device management needs: Password and remote wipe capabilities are obvious but there’s much more to the story. And you’ll hear Randy's list of top-10 things you need to secure and manage on mobile devices in order to protect access to your organization’s network and information.

Top 10 Things to Secure on iOS and Android to Protect Corporate Information

Lumension

2014 BYOD and Mobile Security Survey Preliminary Results

Lumension

Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...

Lumension

Careto: Unmasking a New Level in APT-ware

Lumension

Point of Sale (POS) systems have long been the target of financially-motivated crime. And in 2013 the magnitude of cybercrime against POS systems skyrocketed, with 97% of breaches in the retail sector and 47% in the healthcare sector aimed against POS systems. With sensitive financial and personal records getting exposed by the millions, the FBI recently warned that POS systems are under sustained and continued attack. During this webcast, we will take you into the three critical entry points to POS system attacks. We’ll discuss how the attacks look, the timelines for these breaches, and what proactive security measures you can take to help your organization minimize the risk to your POS systems. •3 Critical Entry Points to POS System Attacks •Impacts to an Organization •Top 3 Security Measures to Minimize Risk

Securing Your Point of Sale Systems: Stopping Malware and Data Theft

Lumension

Thanks to you, the audience at UltimateWindowsSecurity, for the 2014 Survey. It was a great success with over 600 respondents! I appreciate all of you who took the time give me your thoughts. You’ve provided some great ideas for real training for free™ in the coming year and I’ve learned which topics are most important to you. That’s going to benefit all of us. In this presentation, we'll present our findings. We’ll talk about the community’s top goals for 2014, which topics you recommended I cover in 2014 and what our community sees as the greatest security concerns for 2014. And we’ll discuss other trends emerging from the data. Find out about the top trends, such as: SIEM – What are the top SIEM solutions? What is the UWS community’s top 3 biggest challenges with log/monitoring/security analytics? Endpoint Security – How widely is application whitelisting being used and what is driving its adoption? Which endpoint security technologies really work and which are just hype? Mobile Devices – Are employee owned mobile devices supported at your organization? Is your biggest concern with mobile devices malware, data loss, compliance? The Cloud – How widely are your peers embracing the cloud? Is your organization’s security policy, technology and training keeping up with the move to the cloud? Advanced Security Topics – What are your peers doing about “big data”? What about endpoints as sensors, and other new security approaches? This will be a fact-filled and fascinating presentation on where we are and where we are going on a host of different security fronts. Don’t miss it.

2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...

Lumension

Organizations around the world are losing intellectual property and customer data to cyber criminals at mind-boggling rates. How is this happening? For 5 consecutive years, the annual State of the Endpoint Report, conducted by Ponemon Institute, has surveyed IT practitioners involved in securing endpoints. This year’s report reveals endpoint security risk is more difficult to minimize than ever before. What are IT pros most concerned about heading into 2014? From the proliferation of mobile devices, third party applications, and targeted attacks/APTs, endpoint security risk for 2014 is becoming more of a challenge to manage. Larry Ponemon of the Ponemon Institute reveals statistics on growing insecurity, IT’s perceived areas of greatest risk for 2014 as well as tactical suggestions for how to improve your endpoint security. Specifically, you will learn: •IT perspective on the changing threat landscape and today’s Top 5 risks; •Disconnect between perceived risk and corresponding strategies to combat those threats; •Tips and tricks on how to best communicate today’s threats and subsequent needed responses up the management chain

Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk

Lumension

Windows XP is Coming to an End: How to Stay Secure Before You Migrate

Lumension

Last time it was Adobe’s code signing servers. This time it’s 2.9 million (let’s just call it 3) customers’ data and lots and lots of source code – including that of Acrobat. Adobe products already require constant patching but offer no enterprise level solution for patching. In this presentation by Ultimate Windows Security, we’ll present why this will likely lead to more and we’ll look at what we know about this latest Adobe breach. But more importantly I’ll show what you can do in advance to protect yourself against zero-day exploits in Adobe products and programs. After all this won’t be the last time a software vendor is hacked. In this day and age we have to protect ourselves from the failures of our software providers. I’ll present 3 ways you can go on the offensive to protect yourself from the constant vulnerabilities discovered in Adobe Reader, Acrobat, Flash and Oracle Java. Here’s what we’ll discuss: *Alternatives to Adobe and Java *Different ways to containing vulnerable apps in a sandbox * Using advanced memory protection technologies to detect and stop buffer overflows and other memory based attacks Patching and AV only helps you close the window on hacker opportunity. To prevent the window from opening in the first place you have to prevent untrusted code from ever running in the first place. That requires application whitelisting and memory protection against code injection – a growing menace that bypasses controls based on file system and EXE scanning. That’s why Lumension is sponsoring this event. I think you’ll be interested seeing 2 of their end-point security technologies that will help protect you from the new exploits on their way as a result of this hack as well as the constant stream of exploits discovered every day. This is going to be a really cool presentation with practical tips that you can apply. Learn how to protect your systems from other software vendor vulnerabilities.

Adobe Hacked Again: What Does It Mean for You?

Lumension

Real World Defense Strategies for Targeted Endpoint Threats

Lumension

APTs: The State of Server Side Risk and Steps to Minimize Risk

Lumension

2014 Ultimate Buyers Guide to Endpoint Security Solutions

Lumension

The European Union’s proposed new data protection regulation aims to update Europe’s data protection laws and to provide a more consistent data protection framework across the Continent. But the new regulation, which replaces the EU’s existing data protection directive and member states’ data protection laws, will put some new demands on organisations holding personal data. Breach disclosure and “the right to be forgotten” will force businesses to update their data protection and retention policies. This presentation will: - Review the current EU laws, and contrast them with laws in other parts of the world; - Examine the arguments for strengthening data protection in Europe, and the likely outcomes; - Look at what security teams should already be doing to put themselves ahead of legislative changes; - Outline strategies and technologies organisations need to meet current and future data protection requirements - Help infosecurity teams to explain the changes – and their consequences – to their boards

Data Protection Rules are Changing: What Can You Do to Prepare?

Lumension

Just over a decade ago, the outcry over Microsoft’s security problems reached such a deafening level that it finally got the attention of Bill Gates, who wrote the famous Trustworthy Computing memo. Today, many would say that Microsoft leads the industry in security and vulnerability handling. Now, it’s Java that’s causing the uproar. But has Oracle learned anything from Microsoft in handling these seemingly ceaseless problems? I’ll start by reviewing the wide-ranging Java security changes Oracle is promising to make. They sound so much like the improvements Microsoft made back with Trustworthy Computing that I’m amazed it hasn’t been done before! We’ll move on to discuss what you can do now to address Java security in your environment. One of the banes of security with Java is the presence of multiple versions of Java, often on the same computer. Sometimes you really need multiple versions of Java to support applications with version dependencies (crazy, I know). But other times, multiple copies of Java are there “just because.” In this webinar, we’ll talk about the current Java mess and how you can get out of it, including: Assessment. We’ll discuss ways and tools for cataloging what versions of Java are actually out there on your endpoints. Identification. We’ll look at methods for identifying which versions are actually required by your users; for instance, I’ll show you how you might use Process Tracking and File Access events in the Windows Security Log to see which Java files are being accessed, by whom, and by which programs. Disabling. Can you just disable Java? Maybe not for everyone, but what if you could disable it for certain roles within your company that make up 25% – or even 75% – of your workforce? That would be worth it. We’ll explore how you might go about such a measure. Hardening. We’ll dive into the technical details of hardening Java and reducing your Java attack surface, where possible. Filtering. Another way to reduce your Java risk is by filtering Java content at your gateway. Again not full coverage control – but what is? Patching. Then, we’ll delve into the Java patching nightmare. Depending on self-updaters on each endpoint, is could be a recipe for disaster, and I’ll explain why. Basically the only way out of the Java mess is a 3rd party solution that can perform centralized patch management and remediation and that’s where our sponsor, Lumension, will come in.

Java Insecurity: How to Deal with the Constant Vulnerabilities

Lumension

Bring Your Own Device (BYOD) is a popular topic in 2013. Trying to understand the security risks and prepare strategies to either adopt, or decide against BYOD for security and data control reasons is the challenge. The 160,000 member Information Security Community on LinkedIn conducted the survey "BYOD & Mobile Security 2013" to shed some light on the drivers for BYOD, how companies will benefit from BYOD, and how they respond to the security risks associated with this trend. With 1,600 responses, some interesting insights and patterns into BYOD were uncovered.

BYOD & Mobile Security: How to Respond to the Security Risks

Lumension

Do you want to know how ‘best-of-breed’ enterprises prioritize their IT risk? Join Richard Mason, Vice President & Chief Security Officer at Honeywell, whose team is responsible for global security, during a roundtable discussion with Pat Clawson, Chairman & CEO of Lumension and Roger Grimes, Security Columnist & Author. Uncover strategies beyond traditional antivirus signatures and learn a more holistic approach to effective risk management. Find out ‘how’ and ‘why’ you can make security a prioritized function within your organization. Join this expert panel webcast to learn how to: 1)Understand your business audiences and evaluate their risk tolerance 2)Leverage reputation management services that are appropriate for your organization 3)Utilize realistic change management to secure prioritized data depositories

3 Executive Strategies to Reduce Your IT Risk

Lumension

APTs have become a major topic of conversation – and in some cases, a critical threat – among IT security departments. But the technology and motivation behind APTs has changed significantly since the introduction of Stuxnet, continuing to evolve rapidly to avoid detection. In this special Dark Reading presentation, a leading expert on the origins and directions of APTs will discuss the changing nature of these sophisticated threats – and how you can prepare your enterprise security environment to detect and mitigate these complex and dangerous attacks.

The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...

Lumension

Businesses large and small continue to struggle with malware. Traditional approaches to malware protection, like standalone anti-virus, are proving themselves unfit for the task. Kevin Beaver, Independent Information Security Expert dives into: • How to get a better grasp of the weaknesses in endpoint security • Examining whether or not anti-virus is effective • A comparison between a proactive versus reactive approach to fighting the malware fight.

Defending Your Corporate Endpoints How to Go Beyond Anti-Virus

Lumension

More from Lumension (20)

Using SCCM 2012 r2 to Patch Linux, UNIX and Macs

2015 Endpoint and Mobile Security Buyers Guide

Top 10 Things to Secure on iOS and Android to Protect Corporate Information

2014 BYOD and Mobile Security Survey Preliminary Results

Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...

Careto: Unmasking a New Level in APT-ware

Securing Your Point of Sale Systems: Stopping Malware and Data Theft

2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...

Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk

Windows XP is Coming to an End: How to Stay Secure Before You Migrate

Adobe Hacked Again: What Does It Mean for You?

Real World Defense Strategies for Targeted Endpoint Threats

APTs: The State of Server Side Risk and Steps to Minimize Risk

2014 Ultimate Buyers Guide to Endpoint Security Solutions

Data Protection Rules are Changing: What Can You Do to Prepare?

Java Insecurity: How to Deal with the Constant Vulnerabilities

BYOD & Mobile Security: How to Respond to the Security Risks

3 Executive Strategies to Reduce Your IT Risk

The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...

Defending Your Corporate Endpoints How to Go Beyond Anti-Virus

Recently uploaded

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Manulife - Insurer Transformation Award 2024

The Digital Insurer

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

When you’re building (micro)services, you have lots of framework options. Spring Boot is no doubt a popular choice. But there’s more! Take Quarkus, a framework that’s considered the rising star for Kubernetes-native Java. It always depends on what's best for your situation, but how to choose the best solution if you're comparing 2 frameworks? Both Spring Boot and Quarkus have their positives and negatives. Let us compare the two by live coding a couple of common use cases in Spring Boot and Quarkus. After this talk, you’ll be ready to get started with Quarkus yourself, and know when to select Quarkus or Spring Boot.

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Jago de Vreede

Architecting Cloud Native Applications

WSO2

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda. In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.

Cyberprint. Dark Pink Apt Group [EN].pdf

Overkill Security

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

ICT role in 21st century education and its challenges

rafiqahmad00786416

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

DBX First Quarter 2024 Investor Presentation

Dropbox

Recently uploaded (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Manulife - Insurer Transformation Award 2024

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Axa Assurance Maroc - Insurer Innovation Award 2024

Spring Boot vs Quarkus the ultimate battle - DevoxxUK

Architecting Cloud Native Applications

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Artificial Intelligence Chap.5 : Uncertainty

Why Teams call analytics are critical to your entire business

presentation ICT roal in 21st century education

Exploring the Future Potential of AI-Enabled Smartphone Processors

Cyberprint. Dark Pink Apt Group [EN].pdf

MS Copilot expands with MS Graph connectors

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

ICT role in 21st century education and its challenges

How to Troubleshoot Apps for the Modern Connected Worker

DBX First Quarter 2024 Investor Presentation

2013 Data Protection Maturity Trends: How Do You Compare?

1. 2013 Data Protection Maturity Trends: How Do You Compare?

2. Today’s Agenda Data Protection Trends Aspects of Data Protection: The Survey Says … A Model of Data Protection Maturity Recommendations

3. Today’s Panelists Paul Henry Chris Merritt Security Consultant, Author Director of Solution Marketing and Columnist Lumension 3

4. Data Protection Trends

5. Changing IT Network Landscape Source: Is BYOD Right for Your Small Business? by Melinda Emerson, PGi blog (24-Oct-2012) 5

6. Increasing Threats Landscape Source: Expect a wave of Java applet attacks: Microsoft by Liam Tung, CSO Online (19-Nov-2012) 6

7. Increasing Threats Landscape Source: New Report Out of Taiwan Says Prepare For APT Warfare, by Paul Henry in Optimal Security (Lumension) blog (15-Aug-2012) 7

8. Evolving Organizational Landscape • According to the Ponemon Institute, 58% of organizations have more than 25 malware incidents each month, and another 20% are unsure how many incidents they’re dealing with.1 • The data breaches reported in 2012 increased almost 35% over 2011, according to datalossdb.org.2 • The average cost of a data breach was about $194 per record in 2011; of this, about 70% were indirect costs such as lost business, customer churn, etc.3 • About 70 – 80% of an organization’s market value is based on intangible assets such as IP.4 1. Ponemon Institute, 2013 State of the Endpoint (Dec-2012) 2. Based on data retrieved 11-Jan-2013. 3. Ponemon Institute, 2011 Cost of Data Breach Study (Mar-2012) 4. Ocean Tomo, http://www.oceantomo.com/about/intellectualcapitalequity 8

9. Uncertain Regulatory Landscape Regulatory • An effort is underway to modernize the European Union framework for data protection rules (GDPR) • In the United States … » we see continued pressure from the States on the data protection front » on the Federal front, some are holding out hope for a comprehensive Cybersecurity Act, or an equivalent Executive Order » for public companies, we now have SEC guidance on cyber risks • Elsewhere, we see continued legislative action on data protection » examples include: Colombia, Italy and Philippines Industry • Next PCI-DSS update scheduled for Oct-2013 • NERC CIP 5 scheduled for vote in Apr-2013 • Impact of legislation on FFIEC, NCUA, OCC, etc. 9

10. Aspects of Data Protection: The Survey Says …

11. Discovering the State of Data Protection Worldwide Data Protection Maturity Assessment Survey • Anonymous Results • Over 406 Initial Respondents • Respondent Screening Three areas of focus • Administrative Controls • Technical Controls • “Organizational Motivation” 11

12. Administrative Controls 12

13. Administrative Controls 13

14. Technical Controls 14

15. Technical Controls 15

16. Technical Controls 16

17. Organizational Motivation 17

18. Organizational Motivation 18

19. Organizational Motivation 19

20. A Data Protection Maturity Model

21. A Model for Data Protection Maturity 21

22. Data Protection Maturity Results 22

23. Rising to the Challenge Creating Policies • Ad Hoc: Minimal or No Security Policies • Optimal: Comprehensive & Exhaustive Enforcing Policies • Ad Hoc: Limited Technical Controls • Optimal: Robust Technical Controls Educating Staff • Ad Hoc: One-Time or No Training • Optimal: On-Going, Formal Training 23

24. More Information • Free Security Scanner Tools • Get a Quote (and more) » Application Scanner – discover all the apps http://www.lumension.com/ being used in your network endpoint-management-security-suite/ » Vulnerability Scanner – discover all OS and buy-now.aspx#2 application vulnerabilities on your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/Resources/ Security-Tools.aspx • Lumension® Endpoint Management and Security Suite » Demo: http://www.lumension.com/endpoint- management-security-suite/demo.aspx » Evaluation: http://www.lumension.com/endpoint- management-security-suite/free-trial.aspx 24

25. Global Headquarters 8660 East Hartford Drive Suite 300 Scottsdale, AZ 85255 1.888.725.7828 info@lumension.com http://blog.lumension.com

2013 Data Protection Maturity Trends: How Do You Compare?

Recommended

Recommended

More Related Content

What's hot

What's hot (18)

Similar to 2013 Data Protection Maturity Trends: How Do You Compare?

Similar to 2013 Data Protection Maturity Trends: How Do You Compare? (20)

More from Lumension

More from Lumension (20)

Recently uploaded

Recently uploaded (20)

2013 Data Protection Maturity Trends: How Do You Compare?