•   Infrastructure Services WorkSmart 2011                                                                          –   In...
OutlineThe current state of data securityThinking Like a CriminalPredicting the data loss:  risk mitigation steps
Records Breached in US Since 1/1/2011              22,202,232                 EQUALS:          ~ 7 Gigabytes of Data      ...
Pre‐internet Security Threats                              Eavesdropping Source:  Scheiener, B.  Risk, Complexity, and Net...
Internet Security is Complex                        Eavesdropping                         (Masquerading, Web‐             ...
Moving On…..The current state of data securityThinking Like a CriminalPredicting the data loss:  risk mitigation steps
The The  Front  The Back The Living The key  Second Kitchen  Door  DoorRoom under the  Floor Window? Break‐InWindow?plant ...
Risks1.   Guessable Passwords2.   Default Credentials3.   Poor Alerting4.   Unknown / Rogue Devices5.   Malicious Applicat...
The story continues…..The current state of data securityThinking Like a CriminalPredicting the data loss:  risk mitigation...
Controls                          Risks1.   Know and train your users      Guessable Passwords2.     Access Control      D...
The Cloud ….. briefly ☺             Picture Source: http://www.theiia.org/intAuditor/five‐emerging‐trends‐in‐             ...
2011 Data Breach Investigations Report 96% of breaches  were avoidable  through simple or  intermediate controls          ...
Functionality   Security
Kostin Ruffkess & Company, LLC         76 Batterson Park Road          Farmington, CT 06032              860‐678‐6000     ...
Cyber Risky Business (Just Take Those Old Records Off the Shelf)
Upcoming SlideShare
Loading in …5
×

Cyber Risky Business (Just Take Those Old Records Off the Shelf)

857 views

Published on

What’s at risk when sensitive information
about you, your customers or your employer is
compromised? How do you know whether the
disclosure of the information was intentional or
unintentional? After all, this sensitive information
could have found its way into the hands of an
unauthorized individual simply as the result of a
mishandled or misdirected fax or email. Instead;
perhaps you were hacked by an outside party,
malware or spyware? Unless you’re prepared to
crawl under a rock and just stop communicating,
the best you can do is minimize the risks
associated with using today’s technology. Here,
you’ll learn about the various risks associated
with technology, how to implement data security
measures to protect yourself, your employees
and your customers from the catastrophic events
following an unintended release of protected
information, and about the costs involved in a data
breach.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
857
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cyber Risky Business (Just Take Those Old Records Off the Shelf)

  1. 1. • Infrastructure Services WorkSmart 2011 – Infrastructure design – Managed Services Cyber Risky Business  – Virtualization – Unified  communications (Just Take Those Old  – Backup & Disaster  Recovery – Security & Risk  Management Records Off the Shelf) – IT  Management/Strategy • Learning Services Michelle Syc, Xhemil Koliani – Learning path  development and  ADNET is proud to offer: strategy – Technical training   – Desktop applications  – Professional  development – Recordings – Goal‐oriented learning – Certification  preparation and  testing ADNETTechnologiesInc ADNETTechnologiesInc ADNETTech ADNETTech ADNETTechnologiesInc ADNETTechnologiesInc – Instructor led,  Distance delivery, and  e‐Learning
  2. 2. OutlineThe current state of data securityThinking Like a CriminalPredicting the data loss:  risk mitigation steps
  3. 3. Records Breached in US Since 1/1/2011 22,202,232 EQUALS: ~ 7 Gigabytes of Data ~600 Feet of paper ‐ OR ‐ Source:   PrivacyRights.org
  4. 4. Pre‐internet Security Threats Eavesdropping Source:  Scheiener, B.  Risk, Complexity, and Network Security.  Counterpane  Internet Security Inc., April 2001
  5. 5. Internet Security is Complex Eavesdropping  (Masquerading, Web‐ based attacks, etc., etc.) Social Engineering  Viruses,  Insider  Attacks Trojans, back  Denial of  Attack doors, etc. Service (DOS)  Attacks Social  Engineering  AttacksIntegrity Attacks Identity Theft Domain Name  “Launching  (DNS) attacks Pad” for  Source:  Scheiener, B.  Risk,  attacks Complexity and Network  Security.  Counterpane  Misconfigurations, Software Errors, Social  Internet Security Inc., April  Engineering 2001
  6. 6. Moving On…..The current state of data securityThinking Like a CriminalPredicting the data loss:  risk mitigation steps
  7. 7. The The  Front  The Back The Living The key  Second Kitchen  Door  DoorRoom under the  Floor Window? Break‐InWindow?plant out  Bedroom back? Window?
  8. 8. Risks1. Guessable Passwords2. Default Credentials3. Poor Alerting4. Unknown / Rogue Devices5. Malicious Applications6. Poorly Trained Users7. Poorly Managed Remote Access Services8. Rogue remote access applications9. Outdated virus definitions / virus software
  9. 9. The story continues…..The current state of data securityThinking Like a CriminalPredicting the data loss:  risk mitigation steps
  10. 10. Controls Risks1. Know and train your users Guessable Passwords2. Access Control Default Credentials Passwords3. Poor Alerting Encryption4. Unknown / Rogue Devices Privileged Users5. Malicious Applications Log and Audit6. Poorly Trained Users Network Management Procedures7. Scan for Rogue Devices / Services Poorly Managed Remote Access Services Secure Remote Access8. Rogue remote access applications Filter egress network traffic9. Outdated virus definitions / virus software Incident Management Procedures
  11. 11. The Cloud ….. briefly ☺ Picture Source: http://www.theiia.org/intAuditor/five‐emerging‐trends‐in‐ technology‐slide‐show/
  12. 12. 2011 Data Breach Investigations Report 96% of breaches  were avoidable  through simple or  intermediate controls Source:  Verizon Business 2011 Data Breach Investigations  Report
  13. 13. Functionality Security
  14. 14. Kostin Ruffkess & Company, LLC 76 Batterson Park Road Farmington, CT 06032 860‐678‐6000 www.kostin.com Xhemil (John) Koliani, CPA / ABV Member of the Firm jkoliani@kostin.com Michelle Syc, CISSP, CEH msyc@kostin.comDisclaimer:  The materials presented are for training purposes only.   We are not rendering legal or professional advice.

×