Security and Compliance Panel at the PR TechSummit 2013

304 views
233 views

Published on

Security and Compliance panel discussion given at the PR TechSummit on June 2013.

Panelists: Andres Colon, Arturo Geigel, Carlos Perez, Deoscoidy Sanchez, and me (Jose Quinones)

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
304
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • 47,000(+) reported security incidents, 621 confirmed data breaches and at least 44 million compromised records in 201238% of breaches impacted larger organizations and 37% of breaches affect financial organizations (PCI) 10% or greater increase from last year’s report76% of network intrusions exploited weak or stolen credentials52% of breaches used some form of hacking78% of initial intrusions rated as low difficulty66% of breaches took months or more to discover69% of breaches are discovered by external parties
  • Case: Jerome Heckenkamp, (eBay Hacker)Callback Word documentsNova for easy honeypot deploymentHoneybadger to geolocate attackersHoneyportsInfinitely recursive web directories
  • Security and Compliance Panel at the PR TechSummit 2013

    1. 1. Information Security and Compliance José L. Quiñones, BS MCSA, MCT, C|EH, C|EI, GCIH, GPEN, RHCSA University of Puerto Rico – School of Medicine Obsidis Consortia, Inc.
    2. 2. Panelists Andres Colón-Pérez Office of Management and Budget Arturo Geigel Office of Management and Budget Carlos Pérez-Otero Tenable Network Security Deoscoidy Sánchez Department of the Treasury
    3. 3. Verizon's 2013 Data Breach Report • “76% of network intrusions exploit weak or stolen credentials." • “84% of compromises take minutes or hours.." • “66% of breaches lie undiscovered for months, increasing the potential damage.” • “69% of breaches are discovered by external parties” • “37% of breaches affect financial organizations”
    4. 4. 2013 Mandiant Report • The PLA Unit 61398 is identified by the report as the most prolific hacking group inside the Chinese government. • The longest persistent attack documented by Mandiant lasted 4 years and 10 months.
    5. 5. Compliance • Considering the checklist syndrome that is affecting the compliance industry. –What do your think it should be the role of compliance in today’s enterprise and we can make it effective?
    6. 6. Information Security • Considering that organize crime has develop a working model for its business with financial fraud and theft, –What can the government and private sector do to get ahead in the game?
    7. 7. APT • Evidence suggests that other nation states have cyber corps dedicated to IP theft and industrial espionage, –How can we defend our selves for APT attacks?
    8. 8. Active Defense • Most security solutions today are reactive in nature, we wait for something to happen to react accordingly. –Can we engage in active defense, hacking back or retribution against an attacker?
    9. 9. Q & A
    10. 10. Thanks!

    ×