Garland Group - Top Security Threats of 2011

647 views
597 views

Published on

This was a presentation given by Garland Group consultant, Eric Kitchens, in April 2011 where he talks about the latest security trends in banking.

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
647
On SlideShare
0
From Embeds
0
Number of Embeds
44
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Garland Group - Top Security Threats of 2011

  1. 1. Top Security Threats for 2011Thursday, March 31, 2011
  2. 2. Presenter Eric Kitchens, CISSP/CISA eric@thegarlandgroup.netThursday, March 31, 2011
  3. 3. riskkey.com • IT Audit / Security Testing • Continuous Compliance • Collaboration ConsultingThursday, March 31, 2011
  4. 4. What Are The Top Security Threats for 2011?Thursday, March 31, 2011
  5. 5. Something Old, Something New, Something Borrowed...Thursday, March 31, 2011
  6. 6. Something Old, Something New, Something Borrowed... Threats that were big news in the past are still out there.Thursday, March 31, 2011
  7. 7. Something Old, Something New, Something Borrowed... Threats that were big news in the past are still out there. New and emerging threats often are combinations of “old” threats.Thursday, March 31, 2011
  8. 8. Something Old, Something New, Something Borrowed... Threats that were big news in the past are still out there. New and emerging threats often are combinations of “old” threats. It’s never too late to mitigate.Thursday, March 31, 2011
  9. 9. Something Old... Threats that have been with us for many years and will be with us for years to come.Thursday, March 31, 2011
  10. 10. Something Old... Threats that have been with us for many years and will be with us for years to come. • Mobile DevicesThursday, March 31, 2011
  11. 11. Something Old... Threats that have been with us for many years and will be with us for years to come. • Mobile Devices • Cloud Computing & VirtualizationThursday, March 31, 2011
  12. 12. Something Old... Threats that have been with us for many years and will be with us for years to come. • Mobile Devices • Cloud Computing & Virtualization • Application VulnerabilitiesThursday, March 31, 2011
  13. 13. Mobile DevicesThursday, March 31, 2011
  14. 14. Mobile Devices • Various PlatformsThursday, March 31, 2011
  15. 15. Mobile Devices • Various Platforms • Mal-Ware in the AppStoreThursday, March 31, 2011
  16. 16. Mobile Devices • Various Platforms • Mal-Ware in the AppStore • Merging Business & Personal UseThursday, March 31, 2011
  17. 17. Mobile Devices • Various Platforms • Mal-Ware in the AppStore • Merging Business & Personal Use • Lost or Stolen Devices & DataThursday, March 31, 2011
  18. 18. Cloud ComputingThursday, March 31, 2011
  19. 19. Cloud Computing • Expanding Scope of VirtualizationThursday, March 31, 2011
  20. 20. Cloud Computing • Expanding Scope of Virtualization • Outsourced Applications and ServicesThursday, March 31, 2011
  21. 21. Application VulnerabilitiesThursday, March 31, 2011
  22. 22. Application Vulnerabilities • Operating System Vulnerabilities are DecreasingThursday, March 31, 2011
  23. 23. Application Vulnerabilities • Operating System Vulnerabilities are Decreasing • Application Specific Vulnerabilities are on the RiseThursday, March 31, 2011
  24. 24. Application Vulnerabilities • Operating System Vulnerabilities are Decreasing • Application Specific Vulnerabilities are on the Rise • Evaluate Automated Patching Tools for All Applications & SystemsThursday, March 31, 2011
  25. 25. Something New... Not “new” but emerging and evolving into new problemsThursday, March 31, 2011
  26. 26. Something New... Not “new” but emerging and evolving into new problems • Advanced Persistent ThreatsThursday, March 31, 2011
  27. 27. Something New... Not “new” but emerging and evolving into new problems • Advanced Persistent Threats • HacktivisimThursday, March 31, 2011
  28. 28. Something New... Not “new” but emerging and evolving into new problems • Advanced Persistent Threats • Hacktivisim • CyberterrorismThursday, March 31, 2011
  29. 29. Advanced Persistent ThreatsThursday, March 31, 2011
  30. 30. Advanced Persistent Threats • Google and RSA Are Recent ExamplesThursday, March 31, 2011
  31. 31. Advanced Persistent Threats • Google and RSA Are Recent Examples • Executed Over Extended Period of TimeThursday, March 31, 2011
  32. 32. Advanced Persistent Threats • Google and RSA Are Recent Examples • Executed Over Extended Period of Time • Adapts to Defenses and Mitigation StrategiesThursday, March 31, 2011
  33. 33. Advanced Persistent Threats • Google and RSA Are Recent Examples • Executed Over Extended Period of Time • Adapts to Defenses and Mitigation Strategies • Baselining and Monitoring are Essential for DefenseThursday, March 31, 2011
  34. 34. Cyber-Terrorism & HacktivismThursday, March 31, 2011
  35. 35. Cyber-Terrorism & Hacktivism • DoS of Visa and MasterCard from WikiLeaks Supporters are Prime Examples.Thursday, March 31, 2011
  36. 36. Cyber-Terrorism & Hacktivism • DoS of Visa and MasterCard from WikiLeaks Supporters are Prime Examples. • Disrupting Services for Ideological PurposesThursday, March 31, 2011
  37. 37. Cyber-Terrorism & Hacktivism • DoS of Visa and MasterCard from WikiLeaks Supporters are Prime Examples. • Disrupting Services for Ideological Purposes • Tools are Freely Available to Non-Technical UsersThursday, March 31, 2011
  38. 38. Cyber-Terrorism & Hacktivism • DoS of Visa and MasterCard from WikiLeaks Supporters are Prime Examples. • Disrupting Services for Ideological Purposes • Tools are Freely Available to Non-Technical Users • Be Aware of Outsourced Relationships and Higher Risk Customers They ServiceThursday, March 31, 2011
  39. 39. Something Borrowed...Thursday, March 31, 2011
  40. 40. Something Borrowed... “I swear, I meant to return all the confidential data on my USB drive after I was done ‘borrowing’ it!”Thursday, March 31, 2011
  41. 41. Something Borrowed... “I swear, I meant to return all the confidential data on my USB drive after I was done ‘borrowing’ it!” • Insider ThreatsThursday, March 31, 2011
  42. 42. Something Borrowed... “I swear, I meant to return all the confidential data on my USB drive after I was done ‘borrowing’ it!” • Insider Threats • Data Classification and ControlThursday, March 31, 2011
  43. 43. Something Borrowed... “I swear, I meant to return all the confidential data on my USB drive after I was done ‘borrowing’ it!” • Insider Threats • Data Classification and Control • USB Storage DevicesThursday, March 31, 2011
  44. 44. Questions & AnswersThursday, March 31, 2011
  45. 45. Thanks. Email: eric@thegarlandgroup.net Web: http://www.thegarlandgroup.netThursday, March 31, 2011

×