Data Breach 2009  ISACA HI
Upcoming SlideShare
Loading in...5
×
 

Data Breach 2009 ISACA HI

on

  • 502 views

My 2009 DBIR presentation @ ISACA Hawaii.

My 2009 DBIR presentation @ ISACA Hawaii.

Statistics

Views

Total Views
502
Views on SlideShare
497
Embed Views
5

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 5

http://www.linkedin.com 5

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Data Breach 2009  ISACA HI Data Breach 2009 ISACA HI Presentation Transcript

  • A study conducted by Verizon Business 2009 DATA BREACH INVESTIGATIONS REPORT Brief by Hosam W. El Dakhakhni, CISSP, CISM, CISA, CIA, CGEIT
  • This brief will cover the following: • My Conclusions • Quick Facts • Key Highlights • Findings, Conclusions, and Countermeasures • TVM-Doing More For Less • Summary of Recommendations •Q&A
  • QUICK FACTS
  • All results are based on firsthand evidence collected during 90 data breach investigations occurring in 2008 conducted by Verizon Business. Only confirmed breaches are included. (not “data-at- risk”) Most of the statistics presented refer to the percentage of cases, the percentage of records breached, or simply the number of cases. The authors make no claim that the findings of this report are representative of all data breaches in all organizations at all times.
  • Roughly 20 percent of cases involved more than one breach Nearly half of the caseload had distinct patterns and commonalities A little over 1/3 of the cases were made public (so far)
  • KEY HIGHLIGHTS
  • FINDINGS, CONCLUSIONS, AND COUNTERMEASURES
  • Align process with policy Achieve “Essential” then worry about “Excellent” Secure Business Partner Connections Create a Data Retention Plan Control data with transaction zones Monitor event logs Create an Incident Response Plan Increase awareness Engage in mock incident testing Changing default credentials is key Avoid shared credentials User Account Review Application Testing and Code Review Smarter Patch Management Strategies Human Resources Termination Procedures Enable Application Logs and Monitor
  • Hosam W. El Dakhakhni, CISSP, CISM, CISA, CIA, CGEIT Principal - R!SC Visit us at www.it-risc.com Contact us at heldakhakhni@it-risc.com