Industry Trendsin Information Security
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Industry Trendsin Information Security

on

  • 1,844 views

As technology changes, new threats arise. There are new trends emerging in information security that organizations need to know. Trends such as employee usage of Social Media and Mobile applications ...

As technology changes, new threats arise. There are new trends emerging in information security that organizations need to know. Trends such as employee usage of Social Media and Mobile applications can put the company at risk.

Statistics

Views

Total Views
1,844
Views on SlideShare
1,837
Embed Views
7

Actions

Likes
0
Downloads
42
Comments
0

4 Embeds 7

http://www.linkedin.com 3
http://www.slideshare.net 2
http://www.lmodules.com 1
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Industry Trendsin Information Security Presentation Transcript

  • 1. Industry Trends In Information Security
    Gary Bahadur
    CEO KRAA Security
    www.kraasecurity.com
  • 2. What Are The Key Trends?
    • Social networks
    • 3. Regulatory Compliance
    • 4. Data Loss Prevention
    • 5. Malware
    Identity Theft
    Mobile security threats
    Web application weaknesses
    Insider threats
  • 6. Objectives of Security Threats
    Information Capture
    Destruction
    Monetary
    Competitive Advantage
    Political Gain
    Activism
    Attacks aim to compromise
    Confidentiality
    Integrity
    Availability
  • 7. Identity Theft
    Weaknesses caused by:
    Lack of proper data handling procedures
    Weak data protection
    Inadvertent data loss
    Unencrypted data
    Source FTC
  • 8. Identity Theft - Data Breaches That Could Lead To Identity Theft By Sector
    Source: Attrition.org
  • 9. Mobile Security
    Weaknesses caused by:
    Theft of device
    Unencrypted data on devices
    No management of devices
    Unsecure mobile applications
    No socialization of security on mobiles
    Spyware and attachments compromise mobiles
    Most Risky Mobile Devices – Ponemon Institute
  • 10. Web Applications
    Weaknesses caused by:
    Poor Coding
    Not testing enough
    No protection mechanism on the website
    No Security Development Lifecycle Model
    Un-patched servers
    Vulnerability by Industry – Source Whitehat
  • 11. Insider Threats
    Weaknesses caused by:
    Weak internal controls
    Unvetted employees
    Disgruntled employees with excessive access
    Inadvertent weaknesses introduced
    Losses due to insiders - CSI
  • 12. Social networking
    Weaknesses caused by:
    Very un-educated users
    Insecure social networking applications
    Ease of development of social applications
  • 13. Regulatory
    Weaknesses caused by:
    Inability to manage against requirements
    No consistent assessment process
    Unable to keep up with new changes
    No accountability for measurements
    Source -E&Y
  • 14. Data Loss Prevention
    Weaknesses caused by:
    Insecure internal data storage
    Lost data through backup process
    Application vulnerabilities
    Excessive user permissions
    No tracking, monitoring, blocking of data movement
  • 15. Organizations Attacked Most Often
    Source – Breach Security
  • 16. Malware
    Weaknesses caused by:
    Weakly protected systems
    Email and Web surfing
    External device connections
    Uneducated users
    Source McAfee
  • 17. Malware
  • 18. 2008 CSI Computer Crime and Security Survey
    Average reported cost of breach close to $500,000 (for those who experienced financial fraud)
    The second-most expensive, was dealing with “bot” computers within the organization’s network, $350,000 per respondent.
    Virus incidents occurred most frequently occurring at almost half (49 percent) of the respondent
    Insider abuse of networks was second-most frequently occurring, at 44 percent
    Third was theft of laptops and other mobile devices (42 percent).
  • 19. What does data cost in the Underground?
    Source: Symantec Global internet Security Treat Report XIII
  • 20. Frequency and Costs of Data Breaches
    10 (+1) Largest Data Breaches Since 2000
    As more information goes digital, it becomes more important to protect against hackers.
    Data Processors International
    5 MILLION AFFECTED
    March 6, 2003
    Citigroup
    30 MILLION
    June 6, 2005
    U.S. Department of Veteran Affairs
    26.5 MILLION
    May 22, 2006
    Dai Nippon Printing Company
    8.6 MILLION
    March 12, 2007
    TD Ameritrade
    6.3 MILLION
    September 14, 2007
    2003 2004 2005 2006 2007 2008
    America Online
    30 MILLION
    June 24, 2004
    Visa, MasterCard, and American Express
    40 MILLION
    June 19, 2005
    TJX Companies, Inc.
    94 MILLION
    January 17, 2007
    Fidelity National Information Services
    8.5 MILLION
    July 3, 2007
    HM Revenue and Customs
    25 MILLION
    November 20, 2007
    Source: Attrition Data Loss Archive and Database
    FlowingData
    According to Ponemon Institute, an independent information practices research group, data breaches cost businesses an average of $197 per customer record in 2007, up from $182 in 2006. Ponemon also reports the average cost of a data breach in 2007 was $6.3 million, up from $4.8 million in 2006.
    GS Caltex
    11 MILLION
    SEPTEMBER 06, 2008
  • 21. Percentages of Incidents
    Source CSI
  • 22. State Breach Notification Laws
    State Security Breach Notification Laws As of July 27, 2009. Forty-five states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. 
    http://www.ncsl.org/
  • 23. How to Address These Trends?
    Risk Assessment
    Security Policies and Procedures Processes
    Security Layered Approach
    Data Loss Protection Mechanisms
    Used Security Educations
    Secure Development
    Monitoring
  • 24. Contact
    Gary Bahadur
    info@kraasecurity.com
    www.kraasecurity.com
    blog.kraasecurity.com
    Twitter.com/kraasecurity
    888-KRAA-911